Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE freezes and says it is infected and to call an 800 number.


  • This topic is locked This topic is locked
15 replies to this topic

#1 migsutu

migsutu

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 04 December 2015 - 12:59 PM

Had alot of pop-ups on this machine. Tried to clean it with Malwarebytes and SuperAntiSpyware. They are both showing clean, but still having IE lockup, showing a screen saying there are malware and phishing issues and to call this 800 number. Avira found a few things as well, but it shows all clear now as well. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Mark (administrator) on DESKTOP-PC (04-12-2015 11:46:27)
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
() C:\Program Files (x86)\Get-a-Clip\MFLService2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Get-a-Clip\mflstart.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [mflstart] => C:\Program Files (x86)\Get-a-Clip\mflstart.exe [116208 2015-10-13] ()
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [788176 2015-11-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-462184711-2832113020-4121796740-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3638768 2015-12-04] (Electronic Arts)
HKU\S-1-5-21-462184711-2832113020-4121796740-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1382672 2015-10-13] (Lavasoft)
HKU\S-1-5-21-462184711-2832113020-4121796740-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-04] (SUPERAntiSpyware)
HKU\S-1-5-21-462184711-2832113020-4121796740-1001\...\MountPoints2: {c8348167-3c75-11e4-8260-40167ea6ed77} - "D:\HTC_Sync_Manager_PC.exe" 
Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-11-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.140 8.8.8.8
Tcpip\..\Interfaces\{99004CAE-DE35-420A-AD5D-16FC929C0C91}: [DhcpNameServer] 192.168.1.140 8.8.8.8
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-462184711-2832113020-4121796740-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-462184711-2832113020-4121796740-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-462184711-2832113020-4121796740-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-462184711-2832113020-4121796740-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-462184711-2832113020-4121796740-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-18] (Microsoft Corporation)
BHO-x32: MFLHelper Class -> {B0932222-51E2-47D1-A4EF-CB10AE7DF086} -> C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll [2015-10-13] (Get-a-Clip)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bqRgLXnE.default
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-02] (Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bqRgLXnE.default\Extensions\abs@avira.com [2015-10-23] [not signed]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [936544 2015-11-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-11-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-11-11] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1105952 2015-11-11] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-10-13] (Lavasoft Limited)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MFLService2; C:\Program Files (x86)\Get-a-Clip\MFLService2.exe [1983640 2015-10-13] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-04] (Electronic Arts)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-10-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-10-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-10-05] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-10-05] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-04 11:46 - 2015-12-04 11:46 - 00013069 _____ C:\Users\Mark\Desktop\FRST.txt
2015-12-04 11:46 - 2015-12-04 11:46 - 00000000 ____D C:\FRST
2015-12-04 11:46 - 2015-12-04 11:44 - 02350080 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2015-11-10 16:58 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 16:58 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 16:58 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 16:58 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 16:58 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 16:58 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-10 16:58 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-10 16:58 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-10 16:58 - 2015-10-30 16:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-11-10 16:58 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-10 16:58 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-10 16:58 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 16:58 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 16:58 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 16:58 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-10 16:58 - 2015-10-30 16:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-11-10 16:58 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-10 16:58 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-10 16:58 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 16:58 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-10 16:58 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-10 16:58 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-10 16:58 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-10 16:58 - 2015-10-20 15:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-10 16:58 - 2015-10-20 08:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-10 16:58 - 2015-10-20 08:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-10 16:58 - 2015-10-20 08:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-10 16:58 - 2015-10-20 08:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-11-10 16:58 - 2015-10-20 08:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-10 16:58 - 2015-10-20 08:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-10 16:58 - 2015-10-20 08:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-10 16:58 - 2015-10-20 08:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-10 16:58 - 2015-10-20 08:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-10 16:58 - 2015-10-20 08:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-10 16:58 - 2015-10-20 08:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-10 16:58 - 2015-10-17 08:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-10 16:58 - 2015-10-15 10:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-10 16:58 - 2015-10-15 09:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-10 16:58 - 2015-10-14 17:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-10 16:58 - 2015-10-14 17:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-10 16:58 - 2015-10-14 17:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-11-10 16:58 - 2015-10-14 17:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-10 16:58 - 2015-10-14 17:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-11-10 16:58 - 2015-10-13 11:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-10 16:58 - 2015-10-13 11:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-10 16:58 - 2015-10-13 09:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-10 16:58 - 2015-10-13 09:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-10 16:58 - 2015-10-13 09:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-10 16:58 - 2015-10-13 09:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-10 16:58 - 2015-10-13 09:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-10 16:58 - 2015-10-13 09:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-10 16:58 - 2015-10-11 00:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-10 16:58 - 2015-10-11 00:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-10 16:58 - 2015-10-10 12:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-10 16:58 - 2015-10-10 12:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-10 16:58 - 2015-10-10 12:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-10 16:58 - 2015-10-10 11:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-10 16:58 - 2015-10-10 11:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-10 16:58 - 2015-10-10 11:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-10 16:58 - 2015-10-10 10:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-10 16:58 - 2015-10-08 10:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-10 16:58 - 2015-09-29 06:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-10 16:58 - 2015-09-12 07:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-10 16:58 - 2015-09-07 10:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-10 16:58 - 2015-09-07 09:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-10 16:58 - 2015-09-07 09:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-10 16:58 - 2015-09-04 13:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-10 16:58 - 2015-08-28 16:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-10 16:58 - 2015-08-20 14:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-10 16:58 - 2015-08-20 11:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-10 16:58 - 2015-08-10 12:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-10 16:58 - 2015-08-10 12:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-10 16:58 - 2015-08-10 11:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-10 16:58 - 2015-08-10 10:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-10 16:58 - 2015-08-10 10:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-10 16:58 - 2014-11-10 12:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-11-10 16:58 - 2014-11-04 19:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-10 16:58 - 2014-11-04 19:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-04 11:46 - 2013-08-22 07:36 - 00000000 ____D C:\Windows
2015-12-04 11:42 - 2014-03-18 04:03 - 00818732 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-04 11:42 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf
2015-12-04 11:38 - 2015-10-18 20:13 - 00000362 ____H C:\Windows\Tasks\SDXCDVTETGLINMRO.job
2015-12-04 11:38 - 2015-10-13 21:52 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-12-04 11:38 - 2014-12-24 08:35 - 00000000 ____D C:\ProgramData\Origin
2015-12-04 11:38 - 2014-09-03 18:42 - 00000000 ___DO C:\Users\Mark\Desktop\OneDrive
2015-12-04 11:38 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-04 11:27 - 2015-11-03 08:54 - 00638404 _____ C:\Windows\ntbtlog.txt
2015-12-04 09:53 - 2015-10-23 08:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-04 09:52 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-12-04 09:01 - 2015-10-23 09:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-04 09:01 - 2014-08-15 23:43 - 00000000 ____D C:\Users\Mark
2015-12-04 09:00 - 2015-10-19 19:00 - 00000288 _____ C:\Windows\Tasks\UpdateTask.job
2015-12-04 08:39 - 2014-12-24 08:35 - 00000000 ____D C:\Program Files (x86)\Origin
2015-11-23 22:00 - 2014-08-15 23:43 - 00000000 ____D C:\Users\Mark\AppData\Local\Packages
2015-11-22 14:17 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-19 20:24 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache
2015-11-19 19:57 - 2014-08-15 23:48 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-462184711-2832113020-4121796740-1001
2015-11-16 23:11 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
2015-11-16 21:36 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ToastData
2015-11-16 21:35 - 2013-08-22 08:44 - 00481880 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-11 02:24 - 2014-08-16 00:05 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 02:23 - 2014-08-16 00:05 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 01:15 - 2015-10-23 09:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-11-09 09:15 - 2014-08-15 23:54 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-09 09:14 - 2015-10-23 09:27 - 00001150 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-11-06 02:00 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
 
==================== Files in the root of some directories =======
 
2015-10-23 10:00 - 2015-10-23 10:00 - 0000045 _____ () C:\Users\Mark\AppData\Roaming\WB.CFG
 
Some files in TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-02 05:10
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 04 December 2015 - 06:17 PM

Hello migsutu and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
  
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 04 December 2015 - 06:22 PM

Hi migsutu,

RogueKiller by Tigzy

  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply

===================================================

Run TDSSKiller by Kaspersky

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.

-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================================================

aswMBR Rootkit:

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 migsutu

migsutu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 05 December 2015 - 11:40 AM

RogueKiller V11.0.0.0 [Nov 27 2015] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Mark [Administrator]
Started from : C:\Users\Mark\Desktop\RogueKiller.exe
Mode : Scan -- Date : 12/05/2015 10:06:38
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 16 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-462184711-2832113020-4121796740-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-462184711-2832113020-4121796740-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-462184711-2832113020-4121796740-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-462184711-2832113020-4121796740-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-462184711-2832113020-4121796740-1001\Software\Microsoft\Internet Explorer\Main | Search Page : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-462184711-2832113020-4121796740-1001\Software\Microsoft\Internet Explorer\Main | Search Page : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
[PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-462184711-2832113020-4121796740-1001\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-462184711-2832113020-4121796740-1001\Software\Microsoft\Internet Explorer\Main | Default_Search_URL : https://safesearch.avira.com/#web/result?source=art&q=  -> Found
 
¤¤¤ Tasks : 5 ¤¤¤
[PUP] %WINDIR%\Tasks\SDXCDVTETGLINMRO.job -- C:\ProgramData\Service1291\Service1291.exe -> Found
[Suspicious.Path] %WINDIR%\Tasks\UpdateTask.job -- C:\Users\Mark\AppData\Local\{52486~1\UNINST~1.EXE (/Check) -> Found
[PUP] \Asmnoeep -- "C:\ProgramData\Asmnoeep\1.0.6.1\rivnexre.exe" ("/e=L3A9MjMyMDAxXi91PTc0YzBhMTg3ZWYzMDRkZjFiOTM3ODM2N2ZlZDk4ZDFiXi9kPXdlYnNoaWVsZG9ubGluZS5jb21eL249V0VCU14vYT1XZWJTaGllbGReL3Q=") -> Found
[PUP] \Raealpo -- "C:\Program Files\shopperz181020151745\Tihteir.bat" -> Found
[Suspicious.Path] \UpdateTask -- C:\Users\Mark\AppData\Local\{52486~1\UNINST~1.EXE (/Check) -> Found
 
¤¤¤ Files : 4 ¤¤¤
[PUP][File] C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\KNCTR.lnk [LNK@] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe -> Found
[PUP][File] C:\$Recycle.Bin\S-1-5-21-462184711-2832113020-4121796740-1001\$RMEDLNB.lnk [LNK@] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe -> Found
[PUP][File] C:\$Recycle.Bin\S-1-5-21-462184711-2832113020-4121796740-1001\$RSUBTFM.lnk [LNK@] C:\Program Files (x86)\Max Driver Updater\maxdu.exe -> Found
[PUP][Folder] C:\Program Files (x86)\Itibiti Soft Phone -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Crucial_CT256MX100SSD1 ATA Device +++++
--- User ---
[MBR] c46897583aaf13e970ebb72009da4482
[BSP] 0907ece08f8fd83d27ff619b7e6ed356 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 243846 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
--- User ---
[MBR] fe58e9903518f3aa64c5598c5968ebda
[BSP] 10686b0f2d4d4460bc3378a4b19e058b : Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 936 | Size: 3849 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
__________________________________________________________________________________________________
 
 
10:10:50.0234 0x1310  TDSS rootkit removing tool 3.1.0.7 Nov 29 2015 22:37:04
10:10:54.0125 0x1310  ============================================================
10:10:54.0125 0x1310  Current date / time: 2015/12/05 10:10:54.0125
10:10:54.0125 0x1310  SystemInfo:
10:10:54.0125 0x1310  
10:10:54.0125 0x1310  OS Version: 6.3.9600 ServicePack: 0.0
10:10:54.0125 0x1310  Product type: Workstation
10:10:54.0125 0x1310  ComputerName: DESKTOP-PC
10:10:54.0125 0x1310  UserName: Mark
10:10:54.0125 0x1310  Windows directory: C:\Windows
10:10:54.0125 0x1310  System windows directory: C:\Windows
10:10:54.0125 0x1310  Running under WOW64
10:10:54.0125 0x1310  Processor architecture: Intel x64
10:10:54.0125 0x1310  Number of processors: 8
10:10:54.0125 0x1310  Page size: 0x1000
10:10:54.0125 0x1310  Boot type: Normal boot
10:10:54.0125 0x1310  ============================================================
10:10:54.0219 0x1310  KLMD registered as C:\Windows\system32\drivers\86297688.sys
10:10:54.0266 0x1310  System UUID: {72EB60C3-6BC9-A541-ED9B-390A98940FE5}
10:10:54.0516 0x1310  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:10:54.0516 0x1310  Drive \Device\Harddisk1\DR2 - Size: 0xF0A00000 ( 3.76 Gb ), SectorSize: 0x200, Cylinders: 0x1EA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:10:54.0531 0x1310  ============================================================
10:10:54.0531 0x1310  \Device\Harddisk0\DR0:
10:10:54.0531 0x1310  MBR partitions:
10:10:54.0531 0x1310  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
10:10:54.0531 0x1310  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x1DC43000
10:10:54.0531 0x1310  \Device\Harddisk1\DR2:
10:10:54.0531 0x1310  MBR partitions:
10:10:54.0531 0x1310  \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3A8, BlocksNum 0x784C58
10:10:54.0531 0x1310  ============================================================
10:10:54.0531 0x1310  C: <-> \Device\Harddisk0\DR0\Partition2
10:10:54.0531 0x1310  ============================================================
10:10:54.0531 0x1310  Initialize success
10:10:54.0531 0x1310  ============================================================
10:11:02.0000 0x16e4  ============================================================
10:11:02.0000 0x16e4  Scan started
10:11:02.0000 0x16e4  Mode: Manual; 
10:11:02.0000 0x16e4  ============================================================
10:11:02.0000 0x16e4  KSN ping started
10:11:04.0406 0x16e4  KSN ping finished: true
10:11:05.0281 0x16e4  ================ Scan system memory ========================
10:11:05.0281 0x16e4  System memory - ok
10:11:05.0281 0x16e4  ================ Scan services =============================
10:11:05.0297 0x16e4  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
10:11:05.0297 0x16e4  !SASCORE - ok
10:11:05.0375 0x16e4  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
10:11:05.0375 0x16e4  1394ohci - ok
10:11:05.0375 0x16e4  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\Windows\system32\drivers\3ware.sys
10:11:05.0375 0x16e4  3ware - ok
10:11:05.0406 0x16e4  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:11:05.0406 0x16e4  ACPI - ok
10:11:05.0422 0x16e4  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
10:11:05.0422 0x16e4  acpiex - ok
10:11:05.0422 0x16e4  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
10:11:05.0422 0x16e4  acpipagr - ok
10:11:05.0422 0x16e4  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
10:11:05.0422 0x16e4  AcpiPmi - ok
10:11:05.0438 0x16e4  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
10:11:05.0438 0x16e4  acpitime - ok
10:11:05.0453 0x16e4  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
10:11:05.0469 0x16e4  ADP80XX - ok
10:11:05.0484 0x16e4  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:11:05.0484 0x16e4  AeLookupSvc - ok
10:11:05.0500 0x16e4  [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD             C:\Windows\system32\drivers\afd.sys
10:11:05.0516 0x16e4  AFD - ok
10:11:05.0516 0x16e4  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:11:05.0516 0x16e4  agp440 - ok
10:11:05.0516 0x16e4  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
10:11:05.0531 0x16e4  ahcache - ok
10:11:05.0531 0x16e4  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\Windows\System32\alg.exe
10:11:05.0531 0x16e4  ALG - ok
10:11:05.0547 0x16e4  [ 6CF81DD5083D7F94A7E76E50429A949C, 19240502A6406924F889D1AFA975B975A300776D8B2D0557181DF13649622E2B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:11:05.0547 0x16e4  AMD External Events Utility - ok
10:11:05.0547 0x16e4  AMD FUEL Service - ok
10:11:05.0563 0x16e4  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
10:11:05.0563 0x16e4  AmdK8 - ok
10:11:05.0875 0x16e4  [ 71F8D8B977ACC5973FA042BF906E709F, 8106C5F5C8E40344CCCDB912845786DF287BDF068D7A6EF9D26B00FA1754C1BC ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:11:06.0078 0x16e4  amdkmdag - ok
10:11:06.0125 0x16e4  [ 4AA027F91A8093B1CDF453B5394F6715, E6D15E959637C102A34F73F66BFDC38436575A2FEFFC3976ACF399A472F126A5 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:11:06.0125 0x16e4  amdkmdap - ok
10:11:06.0141 0x16e4  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
10:11:06.0141 0x16e4  AmdPPM - ok
10:11:06.0141 0x16e4  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:11:06.0156 0x16e4  amdsata - ok
10:11:06.0156 0x16e4  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:11:06.0156 0x16e4  amdsbs - ok
10:11:06.0172 0x16e4  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:11:06.0172 0x16e4  amdxata - ok
10:11:06.0203 0x16e4  [ A67DA34878CE085349F010B211EC213A, F16E09DB13C669FFBBC53BBB57CC394BC886FD4B167AFCCDAEAE84E21818C2D1 ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
10:11:06.0219 0x16e4  AntiVirMailService - ok
10:11:06.0234 0x16e4  [ AE8F14295E704D9FD52092B81B3E1F09, FF0AA062D23903A3E3769713AB2F2D4AB307203C9726B9F0783B3E7DDEF08E6D ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
10:11:06.0234 0x16e4  AntiVirSchedulerService - ok
10:11:06.0250 0x16e4  [ AE8F14295E704D9FD52092B81B3E1F09, FF0AA062D23903A3E3769713AB2F2D4AB307203C9726B9F0783B3E7DDEF08E6D ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
10:11:06.0250 0x16e4  AntiVirService - ok
10:11:06.0281 0x16e4  [ 807AE684CD6BDE9A8692B023993FAF48, 3671002909383757222AD02F717F5A7290F43AA2DD0CC05B4FF451F209E48DDD ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
10:11:06.0297 0x16e4  AntiVirWebService - ok
10:11:06.0313 0x16e4  [ E8CCB797DAF80779C768BD3A9FC8FCAF, 781BD878CA34D8B6D2FE238439CD173E95449260428859BEA92866D41B1284F4 ] AODDriver4.2.0  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
10:11:06.0313 0x16e4  AODDriver4.2.0 - ok
10:11:06.0313 0x16e4  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\Windows\system32\drivers\appid.sys
10:11:06.0313 0x16e4  AppID - ok
10:11:06.0328 0x16e4  [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:11:06.0328 0x16e4  AppIDSvc - ok
10:11:06.0328 0x16e4  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\Windows\System32\appinfo.dll
10:11:06.0328 0x16e4  Appinfo - ok
10:11:06.0344 0x16e4  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
10:11:06.0359 0x16e4  AppReadiness - ok
10:11:06.0391 0x16e4  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
10:11:06.0406 0x16e4  AppXSvc - ok
10:11:06.0422 0x16e4  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:11:06.0422 0x16e4  arcsas - ok
10:11:06.0438 0x16e4  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:11:06.0438 0x16e4  atapi - ok
10:11:06.0438 0x16e4  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
10:11:06.0453 0x16e4  AudioEndpointBuilder - ok
10:11:06.0469 0x16e4  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
10:11:06.0484 0x16e4  Audiosrv - ok
10:11:06.0500 0x16e4  [ AC82CC4F2A41E098EB34C0A9F8125DDC, CC416DD5FC8E14A1F99F8DF52D795CA6E16EDBF8FD7C9624B10BA83D9D954BF2 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
10:11:06.0500 0x16e4  avgntflt - ok
10:11:06.0500 0x16e4  [ 45061BD6F11B80BF1C07A9253A659BF1, 9A1AFE963672E23F3C19FACE2CEB64766C964B165ECB26F36B6FB5730CEAFD2D ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
10:11:06.0500 0x16e4  avipbb - ok
10:11:06.0516 0x16e4  [ 6C4B9A2FF6924405E9ABFB558049D4DD, 9AB314B9ECF41832589726556A93CEAAE2AE774B1738A46A027E833B73A72118 ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
10:11:06.0516 0x16e4  Avira.ServiceHost - ok
10:11:06.0531 0x16e4  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
10:11:06.0531 0x16e4  avkmgr - ok
10:11:06.0531 0x16e4  [ 74179E7C103F3A44B33D7D982E21E35D, 7F2384B065EA9959734D65426781D901CDB0DA8DFCAD13BF05044DDF33CA5688 ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
10:11:06.0531 0x16e4  avnetflt - ok
10:11:06.0531 0x16e4  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:11:06.0547 0x16e4  AxInstSV - ok
10:11:06.0563 0x16e4  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
10:11:06.0563 0x16e4  b06bdrv - ok
10:11:06.0578 0x16e4  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
10:11:06.0578 0x16e4  BasicDisplay - ok
10:11:06.0578 0x16e4  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
10:11:06.0578 0x16e4  BasicRender - ok
10:11:06.0578 0x16e4  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
10:11:06.0578 0x16e4  bcmfn2 - ok
10:11:06.0594 0x16e4  [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:11:06.0609 0x16e4  BDESVC - ok
10:11:06.0609 0x16e4  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
10:11:06.0609 0x16e4  Beep - ok
10:11:06.0625 0x16e4  [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE             C:\Windows\System32\bfe.dll
10:11:06.0641 0x16e4  BFE - ok
10:11:06.0672 0x16e4  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\Windows\System32\qmgr.dll
10:11:06.0688 0x16e4  BITS - ok
10:11:06.0688 0x16e4  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:11:06.0703 0x16e4  bowser - ok
10:11:06.0703 0x16e4  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
10:11:06.0703 0x16e4  BrokerInfrastructure - ok
10:11:06.0719 0x16e4  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\Windows\System32\browser.dll
10:11:06.0719 0x16e4  Browser - ok
10:11:06.0734 0x16e4  [ 941CF811414D0D1E43E1209D20CA6EE1, 7C47D2F86269F0CDA9CABB22E52DB0836C95DC1D8F9F461E57C0FBFF975A5491 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
10:11:06.0734 0x16e4  BstHdAndroidSvc - ok
10:11:06.0750 0x16e4  [ FC5E5958CD960CE2A9651AE0DC59AABC, FA98D73107A773561B374497A4B7139AAB1221CDA2233258811E2E9E95EF3F02 ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
10:11:06.0750 0x16e4  BstHdDrv - ok
10:11:06.0766 0x16e4  [ 2492B51349E74EF486DEFD196BCECA6B, 5349CC5C2DBD9DCF146AA839E2105D2FE64893C3E29A47718DA1204BDD315476 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
10:11:06.0766 0x16e4  BstHdLogRotatorSvc - ok
10:11:06.0781 0x16e4  [ 5285518114BF54CEE57037D2A8FD51E7, 2D3460667CC57D4E9C2FA55C3DDC5ADAB40C2AF54F999D14AA9EC73A2D54E1AB ] BstHdUpdaterSvc C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
10:11:06.0797 0x16e4  BstHdUpdaterSvc - ok
10:11:06.0813 0x16e4  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
10:11:06.0813 0x16e4  BthAvrcpTg - ok
10:11:06.0813 0x16e4  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
10:11:06.0813 0x16e4  BthHFEnum - ok
10:11:06.0828 0x16e4  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
10:11:06.0828 0x16e4  bthhfhid - ok
10:11:06.0828 0x16e4  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
10:11:06.0844 0x16e4  BthHFSrv - ok
10:11:06.0844 0x16e4  [ 66B791F6B11DC4303DD18A224A501542, 502AE4D6FFC6B0FCED081B0E0F61F699F96F20DFEE737B53828F5DEE3BD0FCB1 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
10:11:06.0844 0x16e4  BTHMODEM - ok
10:11:06.0859 0x16e4  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\Windows\system32\bthserv.dll
10:11:06.0859 0x16e4  bthserv - ok
10:11:06.0859 0x16e4  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:11:06.0859 0x16e4  cdfs - ok
10:11:06.0875 0x16e4  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
10:11:06.0875 0x16e4  cdrom - ok
10:11:06.0891 0x16e4  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:11:06.0891 0x16e4  CertPropSvc - ok
10:11:06.0891 0x16e4  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
10:11:06.0891 0x16e4  circlass - ok
10:11:06.0906 0x16e4  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
10:11:06.0906 0x16e4  CLFS - ok
10:11:06.0984 0x16e4  [ 9A5944952B122BBF68D0032EF440CFB5, D4046BA3F985A7F95F1A4A55B6F2976E292C861771CAC80CEC6DE4C82E8FDBB0 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
10:11:07.0031 0x16e4  ClickToRunSvc - ok
10:11:07.0047 0x16e4  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
10:11:07.0047 0x16e4  CmBatt - ok
10:11:07.0063 0x16e4  [ 0DE32A0BB1FE2A773666572F79584520, C417C12476B937265BEDC9A2C3C3F6C50FD19AEC096362337B0921627A2A92EA ] CNG             C:\Windows\system32\Drivers\cng.sys
10:11:07.0063 0x16e4  CNG - ok
10:11:07.0078 0x16e4  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
10:11:07.0078 0x16e4  CompositeBus - ok
10:11:07.0078 0x16e4  COMSysApp - ok
10:11:07.0094 0x16e4  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
10:11:07.0094 0x16e4  condrv - ok
10:11:07.0094 0x16e4  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:11:07.0094 0x16e4  CryptSvc - ok
10:11:07.0109 0x16e4  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\Windows\system32\drivers\dam.sys
10:11:07.0109 0x16e4  dam - ok
10:11:07.0125 0x16e4  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:11:07.0141 0x16e4  DcomLaunch - ok
10:11:07.0172 0x16e4  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\Windows\System32\defragsvc.dll
10:11:07.0172 0x16e4  defragsvc - ok
10:11:07.0188 0x16e4  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
10:11:07.0203 0x16e4  DeviceAssociationService - ok
10:11:07.0203 0x16e4  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
10:11:07.0203 0x16e4  DeviceInstall - ok
10:11:07.0219 0x16e4  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
10:11:07.0219 0x16e4  Dfsc - ok
10:11:07.0219 0x16e4  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
10:11:07.0234 0x16e4  dg_ssudbus - ok
10:11:07.0250 0x16e4  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:11:07.0250 0x16e4  Dhcp - ok
10:11:07.0297 0x16e4  [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack       C:\Windows\system32\diagtrack.dll
10:11:07.0313 0x16e4  DiagTrack - ok
10:11:07.0328 0x16e4  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
10:11:07.0328 0x16e4  disk - ok
10:11:07.0328 0x16e4  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
10:11:07.0344 0x16e4  dmvsc - ok
10:11:07.0344 0x16e4  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:11:07.0359 0x16e4  Dnscache - ok
10:11:07.0359 0x16e4  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:11:07.0375 0x16e4  dot3svc - ok
10:11:07.0375 0x16e4  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\Windows\system32\dps.dll
10:11:07.0375 0x16e4  DPS - ok
10:11:07.0391 0x16e4  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:11:07.0391 0x16e4  drmkaud - ok
10:11:07.0422 0x16e4  [ 29CCFF428E5EB70AE429C3DA8968E1EC, 8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F ] DrvAgent64      C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
10:11:07.0422 0x16e4  DrvAgent64 - ok
10:11:07.0438 0x16e4  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
10:11:07.0438 0x16e4  DsmSvc - ok
10:11:07.0469 0x16e4  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:11:07.0500 0x16e4  DXGKrnl - ok
10:11:07.0516 0x16e4  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\Windows\System32\eapsvc.dll
10:11:07.0516 0x16e4  Eaphost - ok
10:11:07.0594 0x16e4  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
10:11:07.0641 0x16e4  ebdrv - ok
10:11:07.0656 0x16e4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\Windows\System32\lsass.exe
10:11:07.0656 0x16e4  EFS - ok
10:11:07.0656 0x16e4  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
10:11:07.0656 0x16e4  EhStorClass - ok
10:11:07.0672 0x16e4  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
10:11:07.0672 0x16e4  EhStorTcgDrv - ok
10:11:07.0672 0x16e4  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
10:11:07.0672 0x16e4  ErrDev - ok
10:11:07.0688 0x16e4  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\Windows\system32\es.dll
10:11:07.0703 0x16e4  EventSystem - ok
10:11:07.0719 0x16e4  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:11:07.0719 0x16e4  exfat - ok
10:11:07.0719 0x16e4  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:11:07.0734 0x16e4  fastfat - ok
10:11:07.0750 0x16e4  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\Windows\system32\fxssvc.exe
10:11:07.0766 0x16e4  Fax - ok
10:11:07.0766 0x16e4  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\Windows\System32\drivers\fdc.sys
10:11:07.0766 0x16e4  fdc - ok
10:11:07.0766 0x16e4  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\Windows\system32\fdPHost.dll
10:11:07.0766 0x16e4  fdPHost - ok
10:11:07.0781 0x16e4  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:11:07.0781 0x16e4  FDResPub - ok
10:11:07.0781 0x16e4  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\Windows\system32\fhsvc.dll
10:11:07.0781 0x16e4  fhsvc - ok
10:11:07.0797 0x16e4  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:11:07.0797 0x16e4  FileInfo - ok
10:11:07.0797 0x16e4  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:11:07.0797 0x16e4  Filetrace - ok
10:11:07.0813 0x16e4  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
10:11:07.0813 0x16e4  flpydisk - ok
10:11:07.0813 0x16e4  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:11:07.0828 0x16e4  FltMgr - ok
10:11:07.0859 0x16e4  [ 1E93CBB75D167CDF85501A8C790097A8, C9E5DD090C94E7855939CE1F416460DB408EFF897C2CD52E0D52A734D8ED18B7 ] FontCache       C:\Windows\system32\FntCache.dll
10:11:07.0891 0x16e4  FontCache - ok
10:11:07.0891 0x16e4  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:11:07.0891 0x16e4  FsDepends - ok
10:11:07.0891 0x16e4  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:11:07.0891 0x16e4  Fs_Rec - ok
10:11:07.0906 0x16e4  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:11:07.0922 0x16e4  fvevol - ok
10:11:07.0922 0x16e4  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
10:11:07.0922 0x16e4  FxPPM - ok
10:11:07.0938 0x16e4  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:11:07.0938 0x16e4  gagp30kx - ok
10:11:07.0938 0x16e4  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
10:11:07.0938 0x16e4  gencounter - ok
10:11:07.0953 0x16e4  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
10:11:07.0953 0x16e4  GPIOClx0101 - ok
10:11:07.0984 0x16e4  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:11:08.0016 0x16e4  gpsvc - ok
10:11:08.0031 0x16e4  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:11:08.0031 0x16e4  HdAudAddService - ok
10:11:08.0047 0x16e4  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
10:11:08.0047 0x16e4  HDAudBus - ok
10:11:08.0047 0x16e4  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
10:11:08.0047 0x16e4  HidBatt - ok
10:11:08.0063 0x16e4  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
10:11:08.0063 0x16e4  HidBth - ok
10:11:08.0063 0x16e4  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
10:11:08.0063 0x16e4  hidi2c - ok
10:11:08.0063 0x16e4  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\Windows\System32\drivers\hidir.sys
10:11:08.0063 0x16e4  HidIr - ok
10:11:08.0078 0x16e4  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\Windows\system32\hidserv.dll
10:11:08.0078 0x16e4  hidserv - ok
10:11:08.0078 0x16e4  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
10:11:08.0078 0x16e4  HidUsb - ok
10:11:08.0094 0x16e4  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:11:08.0094 0x16e4  hkmsvc - ok
10:11:08.0094 0x16e4  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:11:08.0109 0x16e4  HomeGroupListener - ok
10:11:08.0125 0x16e4  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:11:08.0125 0x16e4  HomeGroupProvider - ok
10:11:08.0141 0x16e4  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:11:08.0141 0x16e4  HpSAMD - ok
10:11:08.0156 0x16e4  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:11:08.0172 0x16e4  HTTP - ok
10:11:08.0188 0x16e4  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:11:08.0188 0x16e4  hwpolicy - ok
10:11:08.0188 0x16e4  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
10:11:08.0188 0x16e4  hyperkbd - ok
10:11:08.0188 0x16e4  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
10:11:08.0188 0x16e4  HyperVideo - ok
10:11:08.0203 0x16e4  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
10:11:08.0203 0x16e4  i8042prt - ok
10:11:08.0203 0x16e4  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
10:11:08.0203 0x16e4  iaLPSSi_GPIO - ok
10:11:08.0219 0x16e4  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
10:11:08.0219 0x16e4  iaLPSSi_I2C - ok
10:11:08.0234 0x16e4  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
10:11:08.0250 0x16e4  iaStorAV - ok
10:11:08.0266 0x16e4  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:11:08.0266 0x16e4  iaStorV - ok
10:11:08.0266 0x16e4  IEEtwCollectorService - ok
10:11:08.0297 0x16e4  [ AF8A43C376F83A4A1E7DA16461EDE114, EBA10519B074888355A4FC11D52FF1E6A52F88F754B7F1F9863A8313638645CB ] IKEEXT          C:\Windows\System32\ikeext.dll
10:11:08.0313 0x16e4  IKEEXT - ok
10:11:08.0328 0x16e4  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:11:08.0328 0x16e4  intelide - ok
10:11:08.0328 0x16e4  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
10:11:08.0328 0x16e4  intelpep - ok
10:11:08.0344 0x16e4  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
10:11:08.0344 0x16e4  intelppm - ok
10:11:08.0344 0x16e4  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:11:08.0344 0x16e4  IpFilterDriver - ok
10:11:08.0375 0x16e4  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:11:08.0391 0x16e4  iphlpsvc - ok
10:11:08.0391 0x16e4  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
10:11:08.0406 0x16e4  IPMIDRV - ok
10:11:08.0406 0x16e4  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:11:08.0406 0x16e4  IPNAT - ok
10:11:08.0406 0x16e4  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:11:08.0406 0x16e4  IRENUM - ok
10:11:08.0422 0x16e4  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:11:08.0422 0x16e4  isapnp - ok
10:11:08.0422 0x16e4  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
10:11:08.0438 0x16e4  iScsiPrt - ok
10:11:08.0438 0x16e4  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
10:11:08.0438 0x16e4  kbdclass - ok
10:11:08.0453 0x16e4  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
10:11:08.0453 0x16e4  kbdhid - ok
10:11:08.0453 0x16e4  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
10:11:08.0453 0x16e4  kdnic - ok
10:11:08.0453 0x16e4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\Windows\system32\lsass.exe
10:11:08.0453 0x16e4  KeyIso - ok
10:11:08.0469 0x16e4  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:11:08.0469 0x16e4  KSecDD - ok
10:11:08.0469 0x16e4  [ 35C19AF2116F67914712D7C4CBE47B8C, 5F976726880A6E51D7ABFA7E3EF7294C6FB7F383DC5710A2C2EC8DD26DAEC204 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:11:08.0484 0x16e4  KSecPkg - ok
10:11:08.0484 0x16e4  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:11:08.0484 0x16e4  ksthunk - ok
10:11:08.0500 0x16e4  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:11:08.0500 0x16e4  KtmRm - ok
10:11:08.0516 0x16e4  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:11:08.0516 0x16e4  LanmanServer - ok
10:11:08.0531 0x16e4  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:11:08.0531 0x16e4  LanmanWorkstation - ok
10:11:08.0609 0x16e4  [ 8FB6D64CB42E660C4534D38013D64A03, 11A6A914E8588DDFDE32D12A858BA8A31783B5DDB42C9E7FD0F237D57A437976 ] LavasoftTcpService C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
10:11:08.0656 0x16e4  LavasoftTcpService - ok
10:11:08.0672 0x16e4  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
10:11:08.0688 0x16e4  lfsvc - ok
10:11:08.0688 0x16e4  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:11:08.0688 0x16e4  lltdio - ok
10:11:08.0703 0x16e4  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:11:08.0703 0x16e4  lltdsvc - ok
10:11:08.0719 0x16e4  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:11:08.0719 0x16e4  lmhosts - ok
10:11:08.0719 0x16e4  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:11:08.0719 0x16e4  LSI_SAS - ok
10:11:08.0734 0x16e4  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:11:08.0734 0x16e4  LSI_SAS2 - ok
10:11:08.0734 0x16e4  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
10:11:08.0734 0x16e4  LSI_SAS3 - ok
10:11:08.0750 0x16e4  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
10:11:08.0750 0x16e4  LSI_SSS - ok
10:11:08.0781 0x16e4  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\Windows\System32\lsm.dll
10:11:08.0797 0x16e4  LSM - ok
10:11:08.0797 0x16e4  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:11:08.0813 0x16e4  luafv - ok
10:11:08.0813 0x16e4  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
10:11:08.0813 0x16e4  MBAMProtector - ok
10:11:08.0844 0x16e4  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
10:11:08.0859 0x16e4  MBAMService - ok
10:11:08.0875 0x16e4  [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
10:11:08.0875 0x16e4  MBAMWebAccessControl - ok
10:11:08.0875 0x16e4  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\Windows\system32\drivers\megasas.sys
10:11:08.0875 0x16e4  megasas - ok
10:11:08.0891 0x16e4  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
10:11:08.0906 0x16e4  megasr - ok
10:11:08.0953 0x16e4  [ FEC564DE36B3BEAEE20F9EB57B3A6C90, AF910E80F17E2BFCD58E74674624FD3F312DF2DBA441C782FD2B1124AC08621E ] MFLService2     C:\Program Files (x86)\Get-a-Clip\MFLService2.exe
10:11:08.0984 0x16e4  MFLService2 - ok
10:11:09.0000 0x16e4  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\Windows\system32\mmcss.dll
10:11:09.0000 0x16e4  MMCSS - ok
10:11:09.0000 0x16e4  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\Windows\system32\drivers\modem.sys
10:11:09.0000 0x16e4  Modem - ok
10:11:09.0000 0x16e4  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\Windows\System32\drivers\monitor.sys
10:11:09.0000 0x16e4  monitor - ok
10:11:09.0016 0x16e4  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
10:11:09.0016 0x16e4  mouclass - ok
10:11:09.0016 0x16e4  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
10:11:09.0016 0x16e4  mouhid - ok
10:11:09.0031 0x16e4  [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:11:09.0031 0x16e4  mountmgr - ok
10:11:09.0031 0x16e4  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:11:09.0031 0x16e4  mpsdrv - ok
10:11:09.0063 0x16e4  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:11:09.0078 0x16e4  MpsSvc - ok
10:11:09.0078 0x16e4  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:11:09.0094 0x08b8  Object required for P2P: [ 807AE684CD6BDE9A8692B023993FAF48 ] AntiVirWebService
10:11:09.0094 0x16e4  MRxDAV - ok
10:11:09.0109 0x16e4  [ 89DE71940A0E7F5BA617AE08321EF5C3, BD056C9E18E902D6F118E59A6AC68415BFA0690A02D2B360F6C111CE3B5EAC67 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:11:09.0109 0x16e4  mrxsmb - ok
10:11:09.0125 0x16e4  [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:11:09.0125 0x16e4  mrxsmb10 - ok
10:11:09.0141 0x16e4  [ EE16457030175F449BAB0ABD279F4B6A, DF627054136079553A24AD12DC7374F1ACEEAD782EFFDC278996AD7BCCE98877 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:11:09.0141 0x16e4  mrxsmb20 - ok
10:11:09.0141 0x16e4  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
10:11:09.0141 0x16e4  MsBridge - ok
10:11:09.0156 0x16e4  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\Windows\System32\msdtc.exe
10:11:09.0156 0x16e4  MSDTC - ok
10:11:09.0156 0x16e4  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:11:09.0156 0x16e4  Msfs - ok
10:11:09.0172 0x16e4  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
10:11:09.0172 0x16e4  msgpiowin32 - ok
10:11:09.0172 0x16e4  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:11:09.0172 0x16e4  mshidkmdf - ok
10:11:09.0172 0x16e4  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
10:11:09.0188 0x16e4  mshidumdf - ok
10:11:09.0188 0x16e4  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:11:09.0188 0x16e4  msisadrv - ok
10:11:09.0188 0x16e4  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:11:09.0203 0x16e4  MSiSCSI - ok
10:11:09.0203 0x16e4  msiserver - ok
10:11:09.0203 0x16e4  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:11:09.0203 0x16e4  MSKSSRV - ok
10:11:09.0203 0x16e4  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
10:11:09.0203 0x16e4  MsLldp - ok
10:11:09.0219 0x16e4  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:11:09.0219 0x16e4  MSPCLOCK - ok
10:11:09.0219 0x16e4  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:11:09.0219 0x16e4  MSPQM - ok
10:11:09.0219 0x19c4  Object required for P2P: [ 6C4B9A2FF6924405E9ABFB558049D4DD ] Avira.ServiceHost
10:11:09.0234 0x16e4  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:11:09.0234 0x16e4  MsRPC - ok
10:11:09.0250 0x16e4  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
10:11:09.0250 0x16e4  mssmbios - ok
10:11:09.0250 0x16e4  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:11:09.0250 0x16e4  MSTEE - ok
10:11:09.0250 0x16e4  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
10:11:09.0250 0x16e4  MTConfig - ok
10:11:09.0266 0x16e4  [ 640617B6E682A150C36BE39D78547F6C, 784F712E9DC3EEE81F07946BBA08AA2BEAC7B3961E430B75043645EF7ECA715C ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
10:11:09.0266 0x16e4  MTsensor - ok
10:11:09.0266 0x16e4  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\Windows\system32\Drivers\mup.sys
10:11:09.0266 0x16e4  Mup - ok
10:11:09.0281 0x16e4  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
10:11:09.0281 0x16e4  mvumis - ok
10:11:09.0297 0x16e4  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\Windows\system32\qagentRT.dll
10:11:09.0297 0x16e4  napagent - ok
10:11:09.0313 0x16e4  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:11:09.0328 0x16e4  NativeWifiP - ok
10:11:09.0328 0x16e4  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\Windows\System32\ncasvc.dll
10:11:09.0328 0x16e4  NcaSvc - ok
10:11:09.0344 0x16e4  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\Windows\System32\ncbservice.dll
10:11:09.0344 0x16e4  NcbService - ok
10:11:09.0344 0x16e4  [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
10:11:09.0344 0x16e4  NcdAutoSetup - ok
10:11:09.0375 0x16e4  [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:11:09.0406 0x16e4  NDIS - ok
10:11:09.0406 0x16e4  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:11:09.0406 0x16e4  NdisCap - ok
10:11:09.0406 0x16e4  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
10:11:09.0422 0x16e4  NdisImPlatform - ok
10:11:09.0422 0x16e4  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:11:09.0422 0x16e4  NdisTapi - ok
10:11:09.0422 0x16e4  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:11:09.0422 0x16e4  Ndisuio - ok
10:11:09.0438 0x16e4  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
10:11:09.0438 0x16e4  NdisVirtualBus - ok
10:11:09.0438 0x16e4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:11:09.0438 0x16e4  NdisWan - ok
10:11:09.0453 0x16e4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
10:11:09.0453 0x16e4  NdisWanLegacy - ok
10:11:09.0453 0x16e4  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:11:09.0469 0x16e4  NDProxy - ok
10:11:09.0469 0x16e4  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
10:11:09.0469 0x16e4  Ndu - ok
10:11:09.0469 0x16e4  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:11:09.0469 0x16e4  NetBIOS - ok
10:11:09.0484 0x16e4  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:11:09.0484 0x16e4  NetBT - ok
10:11:09.0500 0x16e4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\Windows\system32\lsass.exe
10:11:09.0500 0x16e4  Netlogon - ok
10:11:09.0516 0x16e4  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\Windows\System32\netman.dll
10:11:09.0516 0x16e4  Netman - ok
10:11:09.0531 0x16e4  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\Windows\System32\netprofmsvc.dll
10:11:09.0547 0x16e4  netprofm - ok
10:11:09.0594 0x16e4  [ 91307C4F3AA4E42404BC4F513CCD5430, FD829B655EFA813EA88AFFC0D8AB8E7924CC8456A063278F9490F055BC7874F0 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
10:11:09.0641 0x16e4  netr28ux - ok
10:11:09.0656 0x16e4  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:09.0656 0x16e4  NetTcpPortSharing - ok
10:11:09.0656 0x16e4  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\Windows\System32\drivers\netvsc63.sys
10:11:09.0656 0x16e4  netvsc - ok
10:11:09.0672 0x16e4  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:11:09.0688 0x16e4  NlaSvc - ok
10:11:09.0688 0x16e4  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:11:09.0688 0x16e4  Npfs - ok
10:11:09.0688 0x16e4  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
10:11:09.0688 0x16e4  npsvctrig - ok
10:11:09.0703 0x16e4  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\Windows\system32\nsisvc.dll
10:11:09.0703 0x16e4  nsi - ok
10:11:09.0703 0x16e4  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:11:09.0703 0x16e4  nsiproxy - ok
10:11:09.0766 0x16e4  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:11:09.0797 0x16e4  Ntfs - ok
10:11:09.0797 0x16e4  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
10:11:09.0797 0x16e4  Null - ok
10:11:09.0813 0x16e4  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:11:09.0813 0x16e4  nvraid - ok
10:11:09.0813 0x16e4  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:11:09.0828 0x16e4  nvstor - ok
10:11:09.0828 0x16e4  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:11:09.0828 0x16e4  nv_agp - ok
10:11:09.0875 0x16e4  [ 28DDD258E19923891AC9B1A95E3D0F44, F7FD0EEBEDCBE8C2AE0C6B191B047F88F9D9BD375B78CCA252A4C2E52D9622C1 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
10:11:09.0922 0x16e4  Origin Client Service - ok
10:11:09.0922 0x16e4  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:11:09.0922 0x16e4  ose - ok
10:11:09.0938 0x16e4  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:11:09.0953 0x16e4  p2pimsvc - ok
10:11:09.0969 0x16e4  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\Windows\system32\p2psvc.dll
10:11:09.0969 0x16e4  p2psvc - ok
10:11:09.0984 0x16e4  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\Windows\System32\drivers\parport.sys
10:11:09.0984 0x16e4  Parport - ok
10:11:09.0984 0x16e4  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:11:09.0984 0x16e4  partmgr - ok
10:11:10.0000 0x16e4  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:11:10.0016 0x16e4  PcaSvc - ok
10:11:10.0031 0x16e4  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\Windows\system32\drivers\pci.sys
10:11:10.0031 0x16e4  pci - ok
10:11:10.0031 0x16e4  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:11:10.0031 0x16e4  pciide - ok
10:11:10.0047 0x16e4  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:11:10.0047 0x16e4  pcmcia - ok
10:11:10.0047 0x16e4  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:11:10.0047 0x16e4  pcw - ok
10:11:10.0063 0x16e4  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\Windows\system32\drivers\pdc.sys
10:11:10.0063 0x16e4  pdc - ok
10:11:10.0078 0x16e4  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:11:10.0094 0x16e4  PEAUTH - ok
10:11:10.0125 0x16e4  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:11:10.0125 0x16e4  PerfHost - ok
10:11:10.0172 0x16e4  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\Windows\system32\pla.dll
10:11:10.0203 0x16e4  pla - ok
10:11:10.0219 0x16e4  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:11:10.0219 0x16e4  PlugPlay - ok
10:11:10.0219 0x16e4  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:11:10.0219 0x16e4  PNRPAutoReg - ok
10:11:10.0234 0x16e4  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:11:10.0250 0x16e4  PNRPsvc - ok
10:11:10.0266 0x16e4  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:11:10.0281 0x16e4  PolicyAgent - ok
10:11:10.0297 0x16e4  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\Windows\system32\umpo.dll
10:11:10.0297 0x16e4  Power - ok
10:11:10.0359 0x16e4  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
10:11:10.0422 0x16e4  PrintNotify - ok
10:11:10.0422 0x16e4  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\Windows\System32\drivers\processr.sys
10:11:10.0438 0x16e4  Processor - ok
10:11:10.0438 0x16e4  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc         C:\Windows\system32\profsvc.dll
10:11:10.0453 0x16e4  ProfSvc - ok
10:11:10.0453 0x16e4  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:11:10.0453 0x16e4  Psched - ok
10:11:10.0469 0x16e4  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\Windows\system32\qwave.dll
10:11:10.0469 0x16e4  QWAVE - ok
10:11:10.0485 0x16e4  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:11:10.0485 0x16e4  QWAVEdrv - ok
10:11:10.0485 0x16e4  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:11:10.0485 0x16e4  RasAcd - ok
10:11:10.0485 0x16e4  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\Windows\System32\rasauto.dll
10:11:10.0500 0x16e4  RasAuto - ok
10:11:10.0516 0x16e4  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\Windows\System32\rasmans.dll
10:11:10.0516 0x16e4  RasMan - ok
10:11:10.0531 0x16e4  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:11:10.0531 0x16e4  RasPppoe - ok
10:11:10.0547 0x16e4  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:11:10.0547 0x16e4  rdbss - ok
10:11:10.0563 0x16e4  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
10:11:10.0563 0x16e4  rdpbus - ok
10:11:10.0563 0x16e4  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
10:11:10.0563 0x16e4  RDPDR - ok
10:11:10.0578 0x16e4  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:11:10.0578 0x16e4  RdpVideoMiniport - ok
10:11:10.0594 0x16e4  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:11:10.0594 0x16e4  rdyboost - ok
10:11:10.0625 0x16e4  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
10:11:10.0625 0x16e4  ReFS - ok
10:11:10.0641 0x16e4  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:11:10.0656 0x16e4  RemoteAccess - ok
10:11:10.0656 0x16e4  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:11:10.0656 0x16e4  RemoteRegistry - ok
10:11:10.0672 0x16e4  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:11:10.0672 0x16e4  RpcEptMapper - ok
10:11:10.0672 0x16e4  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\Windows\system32\locator.exe
10:11:10.0672 0x16e4  RpcLocator - ok
10:11:10.0703 0x16e4  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\Windows\system32\rpcss.dll
10:11:10.0719 0x16e4  RpcSs - ok
10:11:10.0719 0x16e4  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:11:10.0719 0x16e4  rspndr - ok
10:11:10.0734 0x16e4  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
10:11:10.0750 0x16e4  RTL8168 - ok
10:11:10.0750 0x16e4  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
10:11:10.0750 0x16e4  s3cap - ok
10:11:10.0766 0x16e4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\Windows\system32\lsass.exe
10:11:10.0766 0x16e4  SamSs - ok
10:11:10.0766 0x16e4  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:11:10.0766 0x16e4  SASDIFSV - ok
10:11:10.0766 0x16e4  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:11:10.0766 0x16e4  SASKUTIL - ok
10:11:10.0781 0x16e4  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:11:10.0781 0x16e4  sbp2port - ok
10:11:10.0797 0x16e4  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:11:10.0797 0x16e4  SCardSvr - ok
10:11:10.0797 0x16e4  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
10:11:10.0813 0x16e4  ScDeviceEnum - ok
10:11:10.0813 0x16e4  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:11:10.0813 0x16e4  scfilter - ok
10:11:10.0844 0x16e4  [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\Windows\system32\schedsvc.dll
10:11:10.0875 0x16e4  Schedule - ok
10:11:10.0875 0x16e4  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:11:10.0875 0x16e4  SCPolicySvc - ok
10:11:10.0891 0x16e4  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\Windows\System32\drivers\sdbus.sys
10:11:10.0891 0x16e4  sdbus - ok
10:11:10.0906 0x16e4  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
10:11:10.0906 0x16e4  sdstor - ok
10:11:10.0906 0x16e4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:11:10.0906 0x16e4  secdrv - ok
10:11:10.0922 0x16e4  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\Windows\system32\seclogon.dll
10:11:10.0922 0x16e4  seclogon - ok
10:11:10.0922 0x16e4  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\Windows\System32\sens.dll
10:11:10.0922 0x16e4  SENS - ok
10:11:10.0938 0x16e4  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:11:10.0938 0x16e4  SensrSvc - ok
10:11:10.0938 0x16e4  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
10:11:10.0953 0x16e4  SerCx - ok
10:11:10.0953 0x16e4  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
10:11:10.0953 0x16e4  SerCx2 - ok
10:11:10.0953 0x16e4  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\Windows\System32\drivers\serenum.sys
10:11:10.0953 0x16e4  Serenum - ok
10:11:10.0969 0x16e4  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
10:11:10.0969 0x16e4  Serial - ok
10:11:10.0969 0x16e4  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\Windows\System32\drivers\sermouse.sys
10:11:10.0969 0x16e4  sermouse - ok
10:11:10.0984 0x16e4  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\Windows\system32\sessenv.dll
10:11:10.0984 0x16e4  SessionEnv - ok
10:11:11.0000 0x16e4  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
10:11:11.0000 0x16e4  sfloppy - ok
10:11:11.0016 0x16e4  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:11:11.0031 0x16e4  SharedAccess - ok
10:11:11.0047 0x16e4  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:11:11.0047 0x16e4  ShellHWDetection - ok
10:11:11.0063 0x16e4  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:11:11.0063 0x16e4  SiSRaid2 - ok
10:11:11.0078 0x16e4  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:11:11.0078 0x16e4  SiSRaid4 - ok
10:11:11.0078 0x16e4  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\Windows\System32\smphost.dll
10:11:11.0078 0x16e4  smphost - ok
10:11:11.0078 0x16e4  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:11:11.0078 0x16e4  SNMPTRAP - ok
10:11:11.0094 0x16e4  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
10:11:11.0109 0x16e4  spaceport - ok
10:11:11.0109 0x16e4  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
10:11:11.0109 0x16e4  SpbCx - ok
10:11:11.0141 0x16e4  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\Windows\System32\spoolsv.exe
10:11:11.0156 0x16e4  Spooler - ok
10:11:11.0297 0x16e4  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\Windows\system32\sppsvc.exe
10:11:11.0422 0x16e4  sppsvc - ok
10:11:11.0438 0x16e4  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:11:11.0438 0x16e4  srv - ok
10:11:11.0469 0x16e4  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:11:11.0469 0x16e4  srv2 - ok
10:11:11.0484 0x16e4  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:11:11.0484 0x16e4  srvnet - ok
10:11:11.0500 0x16e4  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:11:11.0500 0x16e4  SSDPSRV - ok
10:11:11.0516 0x16e4  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:11:11.0516 0x16e4  SstpSvc - ok
10:11:11.0531 0x16e4  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
10:11:11.0531 0x16e4  ssudmdm - ok
10:11:11.0547 0x16e4  [ 37365BB52BB1466221BF7B8A7D22D663, 4ADA4612D1A1541965B0F1032283C0C7C51AE8383072264D48B1074E9580CD32 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
10:11:11.0563 0x16e4  Steam Client Service - ok
10:11:11.0578 0x16e4  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:11:11.0578 0x16e4  stexstor - ok
10:11:11.0594 0x16e4  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\Windows\System32\wiaservc.dll
10:11:11.0609 0x16e4  stisvc - ok
10:11:11.0609 0x16e4  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
10:11:11.0625 0x16e4  storahci - ok
10:11:11.0625 0x16e4  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
10:11:11.0625 0x16e4  storflt - ok
10:11:11.0625 0x16e4  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
10:11:11.0625 0x16e4  stornvme - ok
10:11:11.0641 0x16e4  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\Windows\system32\storsvc.dll
10:11:11.0641 0x16e4  StorSvc - ok
10:11:11.0641 0x16e4  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\Windows\system32\drivers\storvsc.sys
10:11:11.0641 0x16e4  storvsc - ok
10:11:11.0656 0x16e4  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\Windows\system32\svsvc.dll
10:11:11.0656 0x16e4  svsvc - ok
10:11:11.0656 0x16e4  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\Windows\System32\drivers\swenum.sys
10:11:11.0656 0x16e4  swenum - ok
10:11:11.0672 0x16e4  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\Windows\System32\swprv.dll
10:11:11.0688 0x16e4  swprv - ok
10:11:11.0719 0x16e4  [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain         C:\Windows\system32\sysmain.dll
10:11:11.0750 0x16e4  SysMain - ok
10:11:11.0750 0x16e4  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
10:11:11.0766 0x16e4  SystemEventsBroker - ok
10:11:11.0766 0x16e4  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:11:11.0766 0x16e4  TabletInputService - ok
10:11:11.0781 0x16e4  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:11:11.0797 0x16e4  TapiSrv - ok
10:11:11.0844 0x16e4  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:11:11.0875 0x08b8  Object send P2P result: true
10:11:11.0891 0x16e4  Tcpip - ok
10:11:11.0938 0x19c4  Object send P2P result: true
10:11:11.0953 0x16e4  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:11:12.0000 0x16e4  TCPIP6 - ok
10:11:12.0000 0x16e4  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:11:12.0000 0x16e4  tcpipreg - ok
10:11:12.0016 0x16e4  [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:11:12.0016 0x16e4  tdx - ok
10:11:12.0016 0x16e4  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
10:11:12.0016 0x16e4  terminpt - ok
10:11:12.0047 0x16e4  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\Windows\System32\termsrv.dll
10:11:12.0078 0x16e4  TermService - ok
10:11:12.0078 0x16e4  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\Windows\system32\themeservice.dll
10:11:12.0078 0x16e4  Themes - ok
10:11:12.0094 0x16e4  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\Windows\system32\mmcss.dll
10:11:12.0094 0x16e4  THREADORDER - ok
10:11:12.0094 0x16e4  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
10:11:12.0109 0x16e4  TimeBroker - ok
10:11:12.0125 0x16e4  [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM             C:\Windows\system32\drivers\tpm.sys
10:11:12.0125 0x16e4  TPM - ok
10:11:12.0141 0x16e4  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\Windows\System32\trkwks.dll
10:11:12.0141 0x16e4  TrkWks - ok
10:11:12.0156 0x16e4  [ 5BD389925662396A52AEB64901D3C952, 8B6C99ADA6B39E16D055F18DB220C90AEE67E36B08AE5E117103D86C9A138834 ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
10:11:12.0156 0x16e4  TrueSight - ok
10:11:12.0156 0x16e4  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:11:12.0156 0x16e4  TrustedInstaller - ok
10:11:12.0172 0x16e4  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:11:12.0172 0x16e4  TsUsbFlt - ok
10:11:12.0172 0x16e4  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
10:11:12.0172 0x16e4  TsUsbGD - ok
10:11:12.0188 0x16e4  [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:11:12.0188 0x16e4  tunnel - ok
10:11:12.0188 0x16e4  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:11:12.0188 0x16e4  uagp35 - ok
10:11:12.0203 0x16e4  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
10:11:12.0203 0x16e4  UASPStor - ok
10:11:12.0203 0x16e4  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
10:11:12.0219 0x16e4  UCX01000 - ok
10:11:12.0219 0x16e4  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:11:12.0234 0x16e4  udfs - ok
10:11:12.0234 0x16e4  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
10:11:12.0234 0x16e4  UEFI - ok
10:11:12.0250 0x16e4  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:11:12.0250 0x16e4  UI0Detect - ok
10:11:12.0250 0x16e4  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:11:12.0250 0x16e4  uliagpkx - ok
10:11:12.0250 0x16e4  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\Windows\System32\drivers\umbus.sys
10:11:12.0250 0x16e4  umbus - ok
10:11:12.0266 0x16e4  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
10:11:12.0266 0x16e4  UmPass - ok
10:11:12.0266 0x16e4  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\Windows\System32\umrdp.dll
10:11:12.0281 0x16e4  UmRdpService - ok
10:11:12.0297 0x16e4  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\Windows\System32\upnphost.dll
10:11:12.0297 0x16e4  upnphost - ok
10:11:12.0313 0x16e4  [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:11:12.0313 0x16e4  usbaudio - ok
10:11:12.0328 0x16e4  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
10:11:12.0328 0x16e4  usbccgp - ok
10:11:12.0328 0x16e4  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
10:11:12.0328 0x16e4  usbcir - ok
10:11:12.0344 0x16e4  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
10:11:12.0344 0x16e4  usbehci - ok
10:11:12.0359 0x16e4  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
10:11:12.0359 0x16e4  usbhub - ok
10:11:12.0375 0x16e4  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
10:11:12.0391 0x16e4  USBHUB3 - ok
10:11:12.0391 0x16e4  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
10:11:12.0391 0x16e4  usbohci - ok
10:11:12.0406 0x16e4  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
10:11:12.0406 0x16e4  usbprint - ok
10:11:12.0406 0x16e4  [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB3E2919A352F9D4 ] usbscan         C:\Windows\System32\drivers\usbscan.sys
10:11:12.0406 0x16e4  usbscan - ok
10:11:12.0422 0x16e4  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
10:11:12.0422 0x16e4  USBSTOR - ok
10:11:12.0422 0x16e4  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
10:11:12.0422 0x16e4  usbuhci - ok
10:11:12.0438 0x16e4  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
10:11:12.0438 0x16e4  USBXHCI - ok
10:11:12.0453 0x16e4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\Windows\system32\lsass.exe
10:11:12.0453 0x16e4  VaultSvc - ok
10:11:12.0453 0x16e4  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:11:12.0453 0x16e4  vdrvroot - ok
10:11:12.0484 0x16e4  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\Windows\System32\vds.exe
10:11:12.0516 0x16e4  vds - ok
10:11:12.0516 0x16e4  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
10:11:12.0531 0x16e4  VerifierExt - ok
10:11:12.0547 0x16e4  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
10:11:12.0547 0x16e4  vhdmp - ok
10:11:12.0563 0x16e4  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:11:12.0563 0x16e4  viaide - ok
10:11:12.0563 0x16e4  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
10:11:12.0563 0x16e4  vmbus - ok
10:11:12.0578 0x16e4  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
10:11:12.0578 0x16e4  VMBusHID - ok
10:11:12.0594 0x16e4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
10:11:12.0594 0x16e4  vmicguestinterface - ok
10:11:12.0609 0x16e4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
10:11:12.0625 0x16e4  vmicheartbeat - ok
10:11:12.0641 0x16e4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
10:11:12.0656 0x16e4  vmickvpexchange - ok
10:11:12.0672 0x16e4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\Windows\System32\ICSvc.dll
10:11:12.0672 0x16e4  vmicrdv - ok
10:11:12.0688 0x16e4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
10:11:12.0703 0x16e4  vmicshutdown - ok
10:11:12.0719 0x16e4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\Windows\System32\ICSvc.dll
10:11:12.0719 0x16e4  vmictimesync - ok
10:11:12.0734 0x16e4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\Windows\System32\ICSvc.dll
10:11:12.0750 0x16e4  vmicvss - ok
10:11:12.0750 0x16e4  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:11:12.0766 0x16e4  volmgr - ok
10:11:12.0766 0x16e4  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:11:12.0781 0x16e4  volmgrx - ok
10:11:12.0797 0x16e4  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:11:12.0797 0x16e4  volsnap - ok
10:11:12.0797 0x16e4  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\Windows\System32\drivers\vpci.sys
10:11:12.0797 0x16e4  vpci - ok
10:11:12.0813 0x16e4  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:11:12.0813 0x16e4  vsmraid - ok
10:11:12.0844 0x16e4  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\Windows\system32\vssvc.exe
10:11:12.0875 0x16e4  VSS - ok
10:11:12.0891 0x16e4  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
10:11:12.0891 0x16e4  VSTXRAID - ok
10:11:12.0891 0x16e4  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
10:11:12.0906 0x16e4  vwifibus - ok
10:11:12.0906 0x16e4  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:11:12.0906 0x16e4  vwififlt - ok
10:11:12.0906 0x16e4  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:11:12.0906 0x16e4  vwifimp - ok
10:11:12.0922 0x16e4  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\Windows\system32\w32time.dll
10:11:12.0938 0x16e4  W32Time - ok
10:11:12.0938 0x16e4  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
10:11:12.0938 0x16e4  WacomPen - ok
10:11:12.0984 0x16e4  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\Windows\system32\wbengine.exe
10:11:13.0000 0x16e4  wbengine - ok
10:11:13.0016 0x16e4  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:11:13.0031 0x16e4  WbioSrvc - ok
10:11:13.0047 0x16e4  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
10:11:13.0047 0x16e4  Wcmsvc - ok
10:11:13.0063 0x16e4  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:11:13.0078 0x16e4  wcncsvc - ok
10:11:13.0078 0x16e4  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:11:13.0078 0x16e4  WcsPlugInService - ok
10:11:13.0094 0x16e4  [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
10:11:13.0094 0x16e4  WdBoot - ok
10:11:13.0109 0x16e4  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:11:13.0125 0x16e4  Wdf01000 - ok
10:11:13.0141 0x16e4  [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
10:11:13.0141 0x16e4  WdFilter - ok
10:11:13.0141 0x16e4  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:11:13.0156 0x16e4  WdiServiceHost - ok
10:11:13.0156 0x16e4  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:11:13.0156 0x16e4  WdiSystemHost - ok
10:11:13.0156 0x16e4  [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
10:11:13.0172 0x16e4  WdNisDrv - ok
10:11:13.0172 0x16e4  WdNisSvc - ok
10:11:13.0188 0x16e4  [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient       C:\Windows\System32\webclnt.dll
10:11:13.0188 0x16e4  WebClient - ok
10:11:13.0188 0x16e4  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:11:13.0203 0x16e4  Wecsvc - ok
10:11:13.0203 0x16e4  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
10:11:13.0203 0x16e4  WEPHOSTSVC - ok
10:11:13.0219 0x16e4  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:11:13.0219 0x16e4  wercplsupport - ok
10:11:13.0234 0x16e4  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\Windows\System32\WerSvc.dll
10:11:13.0234 0x16e4  WerSvc - ok
10:11:13.0234 0x16e4  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
10:11:13.0250 0x16e4  WFPLWFS - ok
10:11:13.0250 0x16e4  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\Windows\System32\wiarpc.dll
10:11:13.0250 0x16e4  WiaRpc - ok
10:11:13.0250 0x16e4  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:11:13.0250 0x16e4  WIMMount - ok
10:11:13.0266 0x16e4  WinDefend - ok
10:11:13.0281 0x16e4  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
10:11:13.0297 0x16e4  WinHttpAutoProxySvc - ok
10:11:13.0313 0x16e4  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:11:13.0313 0x16e4  Winmgmt - ok
10:11:13.0375 0x16e4  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:11:13.0422 0x16e4  WinRM - ok
10:11:13.0438 0x16e4  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\Windows\System32\drivers\WinUsb.sys
10:11:13.0438 0x16e4  WinUsb - ok
10:11:13.0484 0x16e4  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\Windows\System32\wlansvc.dll
10:11:13.0516 0x16e4  WlanSvc - ok
10:11:13.0547 0x16e4  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
10:11:13.0578 0x16e4  wlidsvc - ok
10:11:13.0594 0x16e4  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
10:11:13.0594 0x16e4  WmiAcpi - ok
10:11:13.0594 0x16e4  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:11:13.0609 0x16e4  wmiApSrv - ok
10:11:13.0609 0x16e4  WMPNetworkSvc - ok
10:11:13.0609 0x16e4  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\Windows\system32\drivers\Wof.sys
10:11:13.0625 0x16e4  Wof - ok
10:11:13.0656 0x16e4  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
10:11:13.0688 0x16e4  workfolderssvc - ok
10:11:13.0703 0x16e4  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
10:11:13.0703 0x16e4  wpcfltr - ok
10:11:13.0703 0x16e4  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:11:13.0703 0x16e4  WPCSvc - ok
10:11:13.0719 0x16e4  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:11:13.0719 0x16e4  WPDBusEnum - ok
10:11:13.0719 0x16e4  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
10:11:13.0719 0x16e4  WpdUpFltr - ok
10:11:13.0734 0x16e4  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:11:13.0734 0x16e4  ws2ifsl - ok
10:11:13.0734 0x16e4  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\Windows\System32\wscsvc.dll
10:11:13.0734 0x16e4  wscsvc - ok
10:11:13.0750 0x16e4  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
10:11:13.0750 0x16e4  WSDPrintDevice - ok
10:11:13.0750 0x16e4  [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan         C:\Windows\System32\drivers\WSDScan.sys
10:11:13.0750 0x16e4  WSDScan - ok
10:11:13.0766 0x16e4  WSearch - ok
10:11:13.0844 0x16e4  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\Windows\System32\WSService.dll
10:11:13.0906 0x16e4  WSService - ok
10:11:14.0000 0x16e4  [ 4BD3138EF061E24F9FDC722B49274B40, F9339F6AA8822E5E1334E41BE4140F9E8E5B24D1CD85B4C746D714AFDD485B49 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:11:14.0063 0x16e4  wuauserv - ok
10:11:14.0078 0x16e4  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:11:14.0078 0x16e4  WudfPf - ok
10:11:14.0094 0x16e4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
10:11:14.0094 0x16e4  WUDFRd - ok
10:11:14.0094 0x16e4  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:11:14.0094 0x16e4  wudfsvc - ok
10:11:14.0109 0x16e4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\Windows\System32\drivers\WUDFRd.sys
10:11:14.0109 0x16e4  WUDFWpdFs - ok
10:11:14.0125 0x16e4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\Windows\System32\drivers\WUDFRd.sys
10:11:14.0125 0x16e4  WUDFWpdMtp - ok
10:11:14.0141 0x16e4  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:11:14.0156 0x16e4  WwanSvc - ok
10:11:14.0156 0x16e4  ================ Scan global ===============================
10:11:14.0172 0x16e4  [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\Windows\system32\basesrv.dll
10:11:14.0172 0x16e4  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
10:11:14.0188 0x16e4  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
10:11:14.0203 0x16e4  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
10:11:14.0203 0x16e4  [ Global ] - ok
10:11:14.0203 0x16e4  ================ Scan MBR ==================================
10:11:14.0219 0x16e4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:11:14.0422 0x16e4  \Device\Harddisk0\DR0 - ok
10:11:14.0453 0x16e4  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR2
10:11:14.0500 0x16e4  \Device\Harddisk1\DR2 - ok
10:11:14.0500 0x16e4  ================ Scan VBR ==================================
10:11:14.0500 0x16e4  [ 201E29CDC3D17E7C2C5F5735DA398442 ] \Device\Harddisk0\DR0\Partition1
10:11:14.0516 0x16e4  \Device\Harddisk0\DR0\Partition1 - ok
10:11:14.0516 0x16e4  [ E81A4F66CBC78074255CD2C795C5CE59 ] \Device\Harddisk0\DR0\Partition2
10:11:14.0516 0x16e4  \Device\Harddisk0\DR0\Partition2 - ok
10:11:14.0531 0x16e4  [ 54DA81CF585C157228C33B1CBEA04D44 ] \Device\Harddisk1\DR2\Partition1
10:11:14.0531 0x16e4  \Device\Harddisk1\DR2\Partition1 - ok
10:11:14.0531 0x16e4  ================ Scan generic autorun ======================
10:11:14.0563 0x16e4  [ 73F1B07CF82235B25BCC3E9A7522ACCB, 47221B8DFF5A44050AFB0AB5A249FEECE36BE2E000D6529E099128EEDFA647DA ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
10:11:14.0563 0x16e4  StartCCC - ok
10:11:14.0594 0x16e4  [ 548EE4F7C7F39111048B7A708C2DC245, D620DA62A851DE48B6FFBD740684DC41221DF6051903D59BFF2CDC41E6E5AE2E ] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
10:11:14.0609 0x16e4  BlueStacks Agent - ok
10:11:14.0609 0x16e4  [ 0D253CA9B1640BD9335591731AA23D2B, 391B1C1F09984F6BF8594591E6432D36F908D282CFDBFE8B02F942E15636AA2A ] C:\Program Files (x86)\Get-a-Clip\mflstart.exe
10:11:14.0609 0x16e4  mflstart - ok
10:11:14.0625 0x16e4  [ A8E69DA21AEEB9DAA55D90E87AC1A549, 175AF750A1DF53555D0CB6C61312CEE37E2CB182873041A8AE38C57EA01DC2F5 ] C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
10:11:14.0625 0x16e4  Avira SystrayStartTrigger - ok
10:11:14.0641 0x16e4  [ 3CBD03471913E2C6B8EE62F4D761B19D, 605E1287D31005996F007805B7411EB4AFF32081877B74A91706D96C78098AD1 ] C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
10:11:14.0656 0x16e4  avgnt - ok
10:11:14.0734 0x16e4  [ 9799F26DA2CF86AE51754E8CCF85EA08, 4DDDD5C76022265DC2631D0A471E51F2890E1F1F6AB16FC94372C39FAD27549F ] C:\Program Files (x86)\Origin\Origin.exe
10:11:14.0797 0x16e4  EADM - ok
10:11:14.0828 0x16e4  [ 06364D7C3D9A6D47FB3306F1B179714A, 079EB2EE59DCDA76BCBB8903F3FC4BB22949D34F9F9E63B323F421902CEC7698 ] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
10:11:14.0859 0x16e4  Web Companion - ok
10:11:15.0031 0x16e4  [ A369FFAFB9D03175EC17BF132A039911, 6DA4240272CC8D93B93AB98750027F409CDC9DAFBF970B4D19B020FCA27AB927 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
10:11:15.0156 0x16e4  SUPERAntiSpyware - ok
10:11:15.0172 0x16e4  Waiting for KSN requests completion. In queue: 233
10:11:16.0188 0x16e4  Waiting for KSN requests completion. In queue: 233
10:11:17.0203 0x16e4  Waiting for KSN requests completion. In queue: 233
10:11:17.0688 0x0bcc  Object required for P2P: [ A369FFAFB9D03175EC17BF132A039911 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
10:11:18.0219 0x16e4  Waiting for KSN requests completion. In queue: 1
10:11:19.0235 0x16e4  Waiting for KSN requests completion. In queue: 1
10:11:20.0250 0x16e4  Waiting for KSN requests completion. In queue: 1
10:11:20.0453 0x0bcc  Object send P2P result: true
10:11:21.0266 0x16e4  Win FW state via NFP2: enabled ( trusted )
10:11:23.0891 0x16e4  ============================================================
10:11:23.0891 0x16e4  Scan finished
10:11:23.0891 0x16e4  ============================================================
10:11:23.0891 0x024c  Detected object count: 0
10:11:23.0891 0x024c  Actual detected object count: 0
10:13:43.0250 0x1a28  Deinitialize success
 
________________________________________________________________________________________________________
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-12-05 10:15:36
-----------------------------
10:15:36.235    OS Version: Windows x64 6.2.9200 
10:15:36.235    Number of processors: 8 586 0x102
10:15:36.235    ComputerName: DESKTOP-PC  UserName: Mark
10:15:37.022    Initialize success
10:15:37.054    VM: initialized successfully
10:15:37.054    VM: Amd CPU BiosDisabled 
10:18:24.986    AVAST engine defs: 15120500
10:18:49.475    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:18:49.475    Disk 0 Vendor: Crucial_CT256MX100SSD1 MU01 Size: 244198MB BusType: 3
10:18:49.493    Disk 0 MBR read successfully
10:18:49.493    Disk 0 MBR scan
10:18:49.493    Disk 0 Windows 7 default MBR code
10:18:49.493    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          350 MB offset 2048
10:18:49.493    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       243846 MB offset 718848
10:18:49.508    Disk 0 scanning C:\Windows\system32\drivers
10:18:52.478    Service scanning
10:19:01.202    Modules scanning
10:19:01.218    Disk 0 trace - called modules:
10:19:01.718    ntoskrnl.exe CLASSPNP.SYS disk.sys Wdf01000.sys EhStorClass.sys ACPI.sys ataport.SYS pciide.sys hal.dll PCIIDEX.SYS atapi.sys 
10:19:01.733    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00162750670]
10:19:01.733    3 CLASSPNP.SYS[fffff8006f0ab170] -> nt!IofCallDriver -> [0xffffe00162752c60]
10:19:01.749    5 EhStorClass.sys[fffff8006e751648] -> nt!IofCallDriver -> [0xffffe00161b82d30]
10:19:01.765    7 ACPI.sys[fffff8006e203c21] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xffffe00161b88060]
10:19:02.526    AVAST engine scan C:\Windows
10:19:03.279    AVAST engine scan C:\Windows\system32
10:20:04.265    AVAST engine scan C:\Windows\system32\drivers
10:20:08.270    AVAST engine scan C:\Users\Mark
10:21:52.035    AVAST engine scan C:\ProgramData
10:22:02.644    Disk 0 statistics 3750694/0/0 @ 18.50 MB/s
10:22:02.644    Scan finished successfully
10:22:18.378    Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\MBR.dat"
10:22:18.378    The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"
 

 

Attached Files

  • Attached File  MBR.zip   560bytes   0 downloads


#5 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 06 December 2015 - 05:16 PM

Hi migsutu,
My apologies for the delay.
===============================
Please do the following.

Uninstall some programs:
We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • Lavasoft
  • MyBrowser
  • Itibiti RTC
  • KNCTR
  • Registry Cleaner
  • Search Provided by Yahoo
  • SpyHunter 4
  • Web Companion
  • C:\Program Files (x86)\MyBrowser
  • C:\Program Files (x86)\Lavasoft

     

After completing uninstalls, please manually reboot your machine!

:step1:    If you get the message like: An error occurred while trying to uninstall, just press Yes.
:step2:    If you are unable to uninstall all programs, please inform me, but continue with other steps.

======================================================================================

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   5.13KB   3 downloads and save it in the same directory as FRST.txt.gif

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 migsutu

migsutu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 07 December 2015 - 10:01 AM

No worries. The help is appreciated. I have posted the requested logs below.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Mark (2015-12-07 08:34:28) Run:1
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {20E8F6D5-A75C-4DF7-9EEE-E481D5830368} - \bvxvexvbg -> No File <==== ATTENTION
Task: {2253C851-C0C8-4F6A-B349-1C1E28A1353D} - \WebBarUpdateTask -> No File <==== ATTENTION
Task: {41BC6D84-EE0E-4A06-993E-A6399FADC611} - System32\Tasks\Asmnoeep => C:\ProgramData\Asmnoeep\1.0.6.1\rivnexre.exe
Task: {69432506-B9D9-4C2D-8BED-5805C221C204} - \SMW_UpdateTask_Time_323735323836343432342d5737325a786c5a3237344541 -> No File <==== ATTENTION
Task: {80F48F7E-516D-4782-9EB9-E0DAF9DC5AF0} - \WordWizard Auto Updater 1.10.0.24 Pending Update -> No File <==== ATTENTION
Task: {8393340B-CE65-4597-988E-83957866E229} - \WordWizard Auto Updater 1.10.0.24 Core -> No File <==== ATTENTION
Task: {8D53672F-41FB-4057-954D-6945E99594DD} - System32\Tasks\UpdateTask => C:\Users\Mark\AppData\Local\{52486~1\UNINST~1.EXE
Task: {9BDD360E-0A56-4BD0-8D67-C1E5A8571AF0} - System32\Tasks\SDXCDVTETGLINMRO => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {B0FFD136-5ECE-455C-B2E2-D94D9056A1B9} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {B6025D95-CCDC-4642-893F-90C30C593ED1} - System32\Tasks\Raealpo => C:\Program Files\shopperz181020151745\Tihteir.bat <==== ATTENTION
Task: {BC25C7F9-1531-4A69-A935-9618E1C117ED} - \IBUpd -> No File <==== ATTENTION
Task: {D6BD4DB7-0212-40B1-A3BF-4C12B1B84DA5} - \MAXDriverUpdaterRunAtStartup -> No File <==== ATTENTION
Task: {DAD4DF91-ADB9-4EC0-9FBA-A327528B862B} - \Smp -> No File <==== ATTENTION
Task: {F121AA22-B067-4CD1-90B8-AD57B30D8269} - \WebBarLaunchTask -> No File <==== ATTENTION
Task: C:\Windows\Tasks\SDXCDVTETGLINMRO.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdateTask.job => C:\Users\Mark\AppData\Local\{52486~1\UNINST~1.EXE
AlternateDataStreams: C:\Users\Mark\Desktop\Amazon.website:DESTICON_favicon-1459374602
AlternateDataStreams: C:\Users\Mark\Desktop\Amazon.website:DESTICON_favicon-2048565818
AlternateDataStreams: C:\Users\Mark\Desktop\Amazon.website:DESTICON_favicon1034247192
AlternateDataStreams: C:\Users\Mark\Desktop\Amazon.website:DESTICON_favicon1275557828
AlternateDataStreams: C:\Users\Mark\Desktop\Amazon.website:DESTICON_favicon957270021
AlternateDataStreams: C:\Users\Mark\Desktop\Amazon.website:DESTICON_Goldbox16._V200960310_1723596315
AlternateDataStreams: C:\Users\Mark\Desktop\Amazon.website:TASKICON_0favicon537490126
AlternateDataStreams: C:\Users\Mark\Desktop\Amazon.website:TASKICON_1favicon1633597539
AlternateDataStreams: C:\Users\Mark\Desktop\Amazon.website:TASKICON_2favicon396477810
AlternateDataStreams: C:\Users\Mark\Desktop\Amazon.website:TASKICON_3favicon1320881119
AlternateDataStreams: C:\Users\Mark\Desktop\Amazon.website:TASKICON_4favicon-355235819
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Jehdhfirzh => ""="service"
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-462184711-2832113020-4121796740-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-462184711-2832113020-4121796740-1001\...\webcompanion.com -> hxxp://webcompanion.com
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v Web Companion /f
Reg: reg delete HKU\S-1-5-21-462184711-2832113020-4121796740-1001\...\StartupApproved\Run /v Web Companion /f
FirewallRules: [{E862C0FD-EDB6-4C64-BC3E-32EA93135F70}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{3CDD6210-FDE6-47DA-B23C-327EAE447A82}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
C:\Program Files (x86)\Lavasoft\Web Companion
C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
HKU\S-1-5-21-462184711-2832113020-4121796740-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1382672 2015-10-13] (Lavasoft)
HKU\S-1-5-21-462184711-2832113020-4121796740-1001\...\MountPoints2: {c8348167-3c75-11e4-8260-40167ea6ed77} - "D:\HTC_Sync_Manager_PC.exe" 
GroupPolicy: Restriction - Chrome <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-462184711-2832113020-4121796740-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bqRgLXnE.default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-10-13] (Lavasoft Limited)
C:\Windows\Tasks\SDXCDVTETGLINMRO.job
 C:\Users\Mark\AppData\Roaming\WB.CFG
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
Hosts:
Reboot:
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20E8F6D5-A75C-4DF7-9EEE-E481D5830368}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20E8F6D5-A75C-4DF7-9EEE-E481D5830368}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvexvbg => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2253C851-C0C8-4F6A-B349-1C1E28A1353D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2253C851-C0C8-4F6A-B349-1C1E28A1353D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebBarUpdateTask => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{41BC6D84-EE0E-4A06-993E-A6399FADC611}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41BC6D84-EE0E-4A06-993E-A6399FADC611}" => key removed successfully
C:\Windows\System32\Tasks\Asmnoeep => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Asmnoeep" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69432506-B9D9-4C2D-8BED-5805C221C204}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69432506-B9D9-4C2D-8BED-5805C221C204}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_323735323836343432342d5737325a786c5a3237344541 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80F48F7E-516D-4782-9EB9-E0DAF9DC5AF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80F48F7E-516D-4782-9EB9-E0DAF9DC5AF0}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordWizard Auto Updater 1.10.0.24 Pending Update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8393340B-CE65-4597-988E-83957866E229}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8393340B-CE65-4597-988E-83957866E229}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordWizard Auto Updater 1.10.0.24 Core => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D53672F-41FB-4057-954D-6945E99594DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D53672F-41FB-4057-954D-6945E99594DD}" => key removed successfully
C:\Windows\System32\Tasks\UpdateTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9BDD360E-0A56-4BD0-8D67-C1E5A8571AF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BDD360E-0A56-4BD0-8D67-C1E5A8571AF0}" => key removed successfully
C:\Windows\System32\Tasks\SDXCDVTETGLINMRO => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SDXCDVTETGLINMRO" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0FFD136-5ECE-455C-B2E2-D94D9056A1B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0FFD136-5ECE-455C-B2E2-D94D9056A1B9}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6025D95-CCDC-4642-893F-90C30C593ED1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6025D95-CCDC-4642-893F-90C30C593ED1}" => key removed successfully
C:\Windows\System32\Tasks\Raealpo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Raealpo" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC25C7F9-1531-4A69-A935-9618E1C117ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC25C7F9-1531-4A69-A935-9618E1C117ED}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6BD4DB7-0212-40B1-A3BF-4C12B1B84DA5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6BD4DB7-0212-40B1-A3BF-4C12B1B84DA5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MAXDriverUpdaterRunAtStartup => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DAD4DF91-ADB9-4EC0-9FBA-A327528B862B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAD4DF91-ADB9-4EC0-9FBA-A327528B862B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Smp => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F121AA22-B067-4CD1-90B8-AD57B30D8269}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F121AA22-B067-4CD1-90B8-AD57B30D8269}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebBarLaunchTask => key not found. 
C:\Windows\Tasks\SDXCDVTETGLINMRO.job => moved successfully
C:\Windows\Tasks\UpdateTask.job => moved successfully
C:\Users\Mark\Desktop\Amazon.website => ":DESTICON_favicon-1459374602" ADS removed successfully.
C:\Users\Mark\Desktop\Amazon.website => ":DESTICON_favicon-2048565818" ADS removed successfully.
C:\Users\Mark\Desktop\Amazon.website => ":DESTICON_favicon1034247192" ADS removed successfully.
C:\Users\Mark\Desktop\Amazon.website => ":DESTICON_favicon1275557828" ADS removed successfully.
C:\Users\Mark\Desktop\Amazon.website => ":DESTICON_favicon957270021" ADS removed successfully.
C:\Users\Mark\Desktop\Amazon.website => ":DESTICON_Goldbox16._V200960310_1723596315" ADS removed successfully.
C:\Users\Mark\Desktop\Amazon.website => ":TASKICON_0favicon537490126" ADS removed successfully.
C:\Users\Mark\Desktop\Amazon.website => ":TASKICON_1favicon1633597539" ADS removed successfully.
C:\Users\Mark\Desktop\Amazon.website => ":TASKICON_2favicon396477810" ADS removed successfully.
C:\Users\Mark\Desktop\Amazon.website => ":TASKICON_3favicon1320881119" ADS removed successfully.
C:\Users\Mark\Desktop\Amazon.website => ":TASKICON_4favicon-355235819" ADS removed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Jehdhfirzh" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully
"HKU\S-1-5-21-462184711-2832113020-4121796740-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => key removed successfully
"HKU\S-1-5-21-462184711-2832113020-4121796740-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully
 
========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v Web Companion /f =========
 
ERROR: Invalid syntax.
Type "REG DELETE /?" for usage.
 
 
========= End of Reg: =========
 
 
========= reg delete HKU\S-1-5-21-462184711-2832113020-4121796740-1001\...\StartupApproved\Run /v Web Companion /f =========
 
ERROR: Invalid syntax.
Type "REG DELETE /?" for usage.
 
 
========= End of Reg: =========
 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E862C0FD-EDB6-4C64-BC3E-32EA93135F70} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3CDD6210-FDE6-47DA-B23C-327EAE447A82} => value removed successfully
"C:\Program Files (x86)\Lavasoft\Web Companion" => not found.
"C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe" => not found.
HKU\S-1-5-21-462184711-2832113020-4121796740-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => value not found.
"HKU\S-1-5-21-462184711-2832113020-4121796740-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8348167-3c75-11e4-8260-40167ea6ed77}" => key removed successfully
HKCR\CLSID\{c8348167-3c75-11e4-8260-40167ea6ed77} => key not found. 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-462184711-2832113020-4121796740-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bqRgLXnE.default => FRST is scripted not to move this directory.
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\bqRgLXnE.default => not found
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
LavasoftTcpService => service not found.
"C:\Windows\Tasks\SDXCDVTETGLINMRO.job" => not found.
C:\Users\Mark\AppData\Roaming\WB.CFG => moved successfully
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
EmptyTemp: => 1.8 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 08:35:25 ====
 
___________________________________
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/7/2015
Scan Time: 8:38 AM
Logfile: mbmlog.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.07.02
Rootkit Database: v2015.11.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Mark
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 324498
Time Elapsed: 5 min, 51 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 9
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\*\SHELL\ADD EVENT REMINDER, Quarantined, [8bb3b7eb4348dd59315c3dbe8e75cf31], 
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\DESKTOPBACKGROUND\SHELL\ADD EVENT REMINDER, Quarantined, [3608bce66e1d989e97f7bd3e7e85966a], 
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELL\ADD EVENT REMINDER, Quarantined, [47f7b3ef6e1dd1655d32ef0c3cc7847c], 
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\*\SHELL\ADD EVENT REMINDER, Quarantined, [4bf302a0d0bb84b2dfae8c6f22e15ba5], 
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DESKTOPBACKGROUND\SHELL\ADD EVENT REMINDER, Quarantined, [122c20825f2c290d602e946756ad28d8], 
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DIRECTORY\SHELL\ADD EVENT REMINDER, Quarantined, [d569b8ea3f4c4fe7cdc214e772914bb5], 
PUP.Optional.NoteUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\*\SHELL\ADD EVENT REMINDER, Quarantined, [0638980a2665ea4c414c0af113f017e9], 
PUP.Optional.NoteUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DESKTOPBACKGROUND\SHELL\ADD EVENT REMINDER, Quarantined, [d36bf3af642789ad1f6f27d4a85b5ca4], 
PUP.Optional.NoteUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DIRECTORY\SHELL\ADD EVENT REMINDER, Quarantined, [84ba129087048caa0a858f6cde2511ef], 
 
Registry Values: 9
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\*\SHELL\ADD EVENT REMINDER|Icon, C:\Program Files (x86)\Note-up\Note-up.ico, Quarantined, [8bb3b7eb4348dd59315c3dbe8e75cf31]
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\DESKTOPBACKGROUND\SHELL\ADD EVENT REMINDER|Icon, C:\Program Files (x86)\Note-up\Note-up.ico, Quarantined, [3608bce66e1d989e97f7bd3e7e85966a]
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELL\ADD EVENT REMINDER|Icon, C:\Program Files (x86)\Note-up\Note-up.ico, Quarantined, [47f7b3ef6e1dd1655d32ef0c3cc7847c]
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\*\SHELL\ADD EVENT REMINDER|Icon, C:\Program Files (x86)\Note-up\Note-up.ico, Quarantined, [4bf302a0d0bb84b2dfae8c6f22e15ba5]
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DESKTOPBACKGROUND\SHELL\ADD EVENT REMINDER|Icon, C:\Program Files (x86)\Note-up\Note-up.ico, Quarantined, [122c20825f2c290d602e946756ad28d8]
PUP.Optional.NoteUp, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DIRECTORY\SHELL\ADD EVENT REMINDER|Icon, C:\Program Files (x86)\Note-up\Note-up.ico, Quarantined, [d569b8ea3f4c4fe7cdc214e772914bb5]
PUP.Optional.NoteUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\*\SHELL\ADD EVENT REMINDER|Icon, C:\Program Files (x86)\Note-up\Note-up.ico, Quarantined, [0638980a2665ea4c414c0af113f017e9]
PUP.Optional.NoteUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DESKTOPBACKGROUND\SHELL\ADD EVENT REMINDER|Icon, C:\Program Files (x86)\Note-up\Note-up.ico, Quarantined, [d36bf3af642789ad1f6f27d4a85b5ca4]
PUP.Optional.NoteUp, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DIRECTORY\SHELL\ADD EVENT REMINDER|Icon, C:\Program Files (x86)\Note-up\Note-up.ico, Quarantined, [84ba129087048caa0a858f6cde2511ef]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#7 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 09 December 2015 - 03:37 PM

Hi migsutu,
 
Step 1:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:
Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 4:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   19 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Step 5:

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 migsutu

migsutu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 09 December 2015 - 05:59 PM

# AdwCleaner v5.024 - Logfile created 09/12/2015 at 15:50:45
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Mark - DESKTOP-PC
# Running from : C:\Users\Mark\Desktop\adwcleaner_5.024.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\WebShield
[-] Folder Deleted : C:\ProgramData\Browser
[-] Folder Deleted : C:\ProgramData\28341ff220e0446c9fff27c4493d622e
[-] Folder Deleted : C:\Users\Mark\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Mark\AppData\Local\WebShield
[-] Folder Deleted : C:\Users\Mark\AppData\Local\Installer\Install_26508
[-] Folder Deleted : C:\Users\Mark\AppData\Local\Installer\Install_2726
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
[-] Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
[-] Key Deleted : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{17EF1FFB-0545-4C9A-BE64-78FF53338475}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{351A01B5-849A-ECA5-2760-EE9665E223C3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{593D67B9-3A50-EBAA-17BE-61A5EC986A22}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\__SP__browser_name__SP__
[-] Key Deleted : HKCU\Software\yahooprovidedsearch
[-] Key Deleted : HKCU\Software\tstamptoken
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www-searching.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4429 bytes] ##########
 
_______________________________________________________________________
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64 
Ran by Mark (Administrator) on Wed 12/09/2015 at 15:54:44.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 3 
 
Successfully deleted: C:\user.js (File) 
Successfully deleted: C:\Users\Mark\AppData\Local\installer (Folder) 
Successfully deleted: C:\Users\Mark\Appdata\LocalLow\company (Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0932222-51E2-47D1-A4EF-CB10AE7DF086} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/09/2015 at 15:55:16.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

~ ZHPCleaner v2015.12.9.395 by Nicolas Coolman (2015/12/09)
~ Run by Mark (Administrator)  (09/12/2015 16:02:06)
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Mark\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Mark\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1, 64-bit  (Build 9600)
 
 
---\\  Services (0)
~ No malicious or unnecessary items found.
 
 
---\\  Browser internet (0)
~ No malicious or unnecessary items found.
 
 
---\\  Hosts file (1)
~ The hosts file is legitimate (21)
 
 
---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.
 
 
---\\  Explorer ( File, Folder) (102)
MOVED file: C:\Windows\Prefetch\BROWSERAIR.EXE-0B3336FA.pf    =>PUP.Optional.BrowserAir
MOVED file: C:\Windows\Prefetch\INS_BROWSERAIR.TMP-5EDB3380.pf    =>PUP.Optional.BrowserAir
MOVED file: C:\Windows\Prefetch\ITIBITI_KNCTR_C.TMP-27F0069C.pf    =>PUP.Optional.Itibiti
MOVED file: C:\Windows\Prefetch\MAXDRIVERUPDATER.TMP-F2C6269D.pf    =>PUP.Optional.MaxDriverUpdater
MOVED file: C:\Windows\Prefetch\SPACESOUNDPRO.EXE-B1D78542.pf    =>PUP.Optional.SpaceSoundPro
MOVED folder: C:\Windows\Installer\MSI1242.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1511.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI17F1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1AE0.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1BCB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI1DA0.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI207F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI22F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI23DD.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI25F1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI2A5A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI3661.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI399E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI3AFF.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI3C5E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI3F4D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI421D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI47FA.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI487A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI4ABA.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5097.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI509C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5357.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5666.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI59A3.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5B5E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5C90.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5CB1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI5FEE.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI636A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6688.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI66B6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI6967.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI741.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7BCF.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7DF4.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI7F80.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI805C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8138.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8146.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8252.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI88CB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI89C6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI8AB1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI9103.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI920D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI92B6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI92DA.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI92FC.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI93B5.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI94B1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI95DB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSI98AB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA243.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA541.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIA8AD.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIAC19.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIB19A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIBAD6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC09F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC6CB.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIC814.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSICD1.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSICDA3.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSICE90.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSICF6C.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSICFDA.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID049.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID0B7.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID187.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID205.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID274.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID2E2.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID31F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID370.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSID3DE.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIDC7A.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE062.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE11F.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE18D.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE20B.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE279.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE7AD.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE869.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIE937.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEB3E.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEBED.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIED68.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEDE6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEE54.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIEEC2.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF0C6.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF361.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF461.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF72.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIF750.tmp-  =>Empty
MOVED folder: C:\Windows\Installer\MSIFA6E.tmp-  =>Empty
 
 
---\\  Registry ( Key, Value, Data) (14)
DELETED key*: HKEY_USERS\S-1-5-21-462184711-2832113020-4121796740-1001\SOFTWARE\Classes\ChromiumHTM.M3AMEQBFSG7JBVWEA3PDULIBLY [BrowserAir HTML Document]  =>PUP.Optional.BrowserAir
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\hdapp1008-a.akamaihd.net [335]  =>PUP.Optional.Browser
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\nps.pastaleads.com [4]  =>PUP.Optional.PastaLeads
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\pastaleads.com []  =>PUP.Optional.PastaLeads
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\playgemollection.com [115]  =>PUP.Optional.PlayGem
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\re-markit.co []  =>PUP.Optional.ReMarkIt
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\searchquirk.com []  =>PUP.Optional.Bandoo
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.re-markit00.re-markit.co [1316]  =>PUP.Optional.ReMarkIt
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\videotile-a.akamaihd.net [117633]  =>PUP.Optional.Browser
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hdapp1008-a.akamaihd.net [335]  =>PUP.Optional.Browser
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.olark.com [35018]  =>PUP.Optional.Generic
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 [Itibiti RTC]  =>PUP.Optional.Itibiti
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ConsumerInputUpdate.exe []  =>PUP.Optional.ConsumerInput
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} [Itibiti Inc]  =>PUP.Optional.Itibiti
 
 
---\\  Summary of the elements found (11)
http://www.nicolascoolman.fr/?p=4658  =>PUP.Optional.BrowserAir
http://www.nicolascoolman.fr/?p=4905  =>PUP.Optional.Itibiti
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.MaxDriverUpdater
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.SpaceSoundPro
http://www.nicolascoolman.fr/?p=546  =>PUP.Optional.Browser
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.PastaLeads
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.PlayGem
http://www.nicolascoolman.fr/?p=398  =>PUP.Optional.ReMarkIt
http://www.nicolascoolman.fr/?p=237  =>PUP.Optional.Bandoo
http://www.nicolascoolman.fr/?p=4664  =>PUP.Optional.Generic
http://www.nicolascoolman.fr/?p=2161  =>PUP.Optional.ConsumerInput
 
 
---\\  Other deletions. (5)
~ Registry Keys Tracing deleted (5)
~ Remove the old reports ZHPCleaner. (0)
 
 
---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Google Chrome)
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
 
 
---\\ Statistics
~ Items scanned : 351
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 116
 
 
~ End of clean in 0 minutes
===================
ZHPCleaner-[R]-09122015-16_02_23.txt
ZHPCleaner-[S]-09122015-16_00_19.txt
 

 

Attached Files



#9 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 09 December 2015 - 06:12 PM

Thank you migsutu,

 

Please run RogueKiller again and post Log file for my check..


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 migsutu

migsutu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 09 December 2015 - 06:20 PM

RogueKiller V11.0.0.0 [Nov 27 2015] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Mark [Administrator]
Started from : C:\Users\Mark\Desktop\RogueKiller.exe
Mode : Scan -- Date : 12/09/2015 17:19:37
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Crucial_CT256MX100SSD1 ATA Device +++++
--- User ---
[MBR] c46897583aaf13e970ebb72009da4482
[BSP] 0907ece08f8fd83d27ff619b7e6ed356 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 243846 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic Flash Disk USB Device +++++
--- User ---
[MBR] fe58e9903518f3aa64c5598c5968ebda
[BSP] 10686b0f2d4d4460bc3378a4b19e058b : Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 936 | Size: 3849 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


#11 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 09 December 2015 - 06:36 PM

Yes, Log is clean.

 

How is the machine behaving and any issues ?

========================================================

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 migsutu

migsutu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 09 December 2015 - 07:12 PM

Machine seems much snappier and since the last round of scans, this is the first time I have been able to login to the forums on the machine. Nothing random popping up or any redirects. Eset log is below. Thank you VERY much for helping. It is greatly appreciated.

 

 

C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.Config.dll a variant of Win32/GetaClip.A potentially unwanted application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll a variant of Win32/GetaClip.A potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\Get-a-Clip\MFLService2.exe a variant of Win32/GetaClip.A potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\Get-a-Clip\mflstart.exe a variant of Win32/GetaClip.A potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\Get-a-Clip\SetupWizard.exe a variant of Win32/GetaClip.A potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\Get-a-Clip\Plugins\CH\mercury.bootstrap.js Win32/GetaClip.B potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\Get-a-Clip\Plugins\FF\mercury.bootstrap.js Win32/GetaClip.B potentially unwanted application cleaned by deleting - quarantined
C:\Windows\Installer\1a317a6d.msi a variant of Win32/Verti.Q potentially unwanted application deleted - quarantined
C:\Windows\SysWOW64\mfllib.dll a variant of Win32/GetaClip.A potentially unwanted application cleaned by deleting - quarantined
 



#13 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 09 December 2015 - 07:34 PM

Machine seems much snappier and since the last round of scans, this is the first time I have been able to login to the forums on the machine. Nothing random popping up or any redirects. Eset log is below. Thank you VERY much for helping. It is greatly appreciated.

Glad to hear that everything is running well. :thumbup2:

 

Thank you for your patience.  Please do the following:
Uninstall Combofix:

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg
 
next.....
In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

You can do fllowing:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
 
Note:  Some safety suggestions !
http://trmalwarefix.freeforums.net/t...ty-suggestions

Best regards.wave.gif Greetings.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 migsutu

migsutu
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 10 December 2015 - 10:02 AM

Done. Thank you for the help again. 



#15 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:05 AM

Posted 10 December 2015 - 07:02 PM

Done. Thank you for the help again. 

You're welcome :thumbup2:

We can close this thread now.

 

Have a nice day.

:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users