Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rkill - ZEROACCESS rootkit symptoms found!


  • This topic is locked This topic is locked
31 replies to this topic

#1 Gile

Gile

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 16 February 2016 - 05:14 AM

Hello, my computer started acting strane few days ago - high cpu usage (svchost.exe), so i scan it with rkill in safe mode, and foun some ZEROACCESS rootkit symptoms with strange symbols. Anyone to tell me what should I do?
 
Thanx
 
Rkill 2.8.3 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/16/2016 11:02:25 AM in x86 mode. (Safe Mode)
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * ALERT: ZEROACCESS rootkit symptoms found!
 
     * C:\Program Files\Google\Desktop\Install\{4aecd907-3b82-95f9-97f5-260548199d17}\ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{4aecd907-3b82-95f9-97f5-260548199d17}\   \ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{4aecd907-3b82-95f9-97f5-260548199d17}\   \...\ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{4aecd907-3b82-95f9-97f5-260548199d17}\   \...\ﯹ๛\ [ZA Dir]
     * C:\Program Files\Google\Desktop\Install\{4aecd907-3b82-95f9-97f5-260548199d17}\   \...\ﯹ๛\{4aecd907-3b82-95f9-97f5-260548199d17}\ [ZA Dir]
     * C:\Users\PC\AppData\Local\Google\Desktop\Install\{4aecd907-3b82-95f9-97f5-260548199d17}\ [ZA Dir]
     * C:\Users\PC\AppData\Local\Google\Desktop\Install\{4aecd907-3b82-95f9-97f5-260548199d17}\❤≸⋙\ [ZA Dir]
     * C:\Users\PC\AppData\Local\Google\Desktop\Install\{4aecd907-3b82-95f9-97f5-260548199d17}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir]
     * C:\Users\PC\AppData\Local\Google\Desktop\Install\{4aecd907-3b82-95f9-97f5-260548199d17}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir]
     * C:\Users\PC\AppData\Local\Google\Desktop\Install\{4aecd907-3b82-95f9-97f5-260548199d17}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{4aecd907-3b82-95f9-97f5-260548199d17}\ [ZA Dir]


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 16 February 2016 - 08:31 AM

Hi Gile :)

My name is Aura and I'll be assisting you with your issue. To get started, I'll need you to provide me a fresh set of FRST logs. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of FRST.txt in your next reply, and attach Addition.txt to it;
Your next reply should include:
  • Copy/pasted content of the FRST.txt log;
  • Copy/pasted content of the Addition.txt log;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Gile

Gile
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 16 February 2016 - 07:40 PM

Hi Aura, thanx for fast reaction.

 

Here is FRST.txt, and Addition.txt is attached

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-02-2016
Ran by PC (administrator) on PC-PC (17-02-2016 01:32:02)
Running from E:\dwnlds\ANTIVIRUSI MALVERI
Loaded Profiles: PC (Available Profiles: PC)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Maxthon\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(IVT Corporation) C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IVT Corporation) C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(IVT Corporation) C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Toon Boom Animation Inc.) C:\Program Files\Toon Boom Animation\Toon Boom Studio 8.0\TBS.exe
(Toon Boom Animation Inc.) C:\Program Files\Toon Boom Animation\Toon Boom Studio 8.0\TBS.exe
(Toon Boom Animation Inc.) C:\Program Files\Toon Boom Animation\Toon Boom Studio 8.0\TBS.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2333968 2012-04-06] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [870560 2012-01-19] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [695456 2012-01-19] (Atheros Commnucations)
HKLM\...\Run: [BtTray] => C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-15] (AVAST Software)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\...\MountPoints2: {0a24d1fc-30bd-11e3-91aa-6c3be5f63e9c} - G:\Autorun.exe
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\...\MountPoints2: {421bb9de-2306-11e3-8abf-20689dffc62f} - F:\setup.exe
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\...\MountPoints2: {4d54cd05-abf2-11e5-9995-6c3be5f63e9c} - F:\autorun.exe
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\...\MountPoints2: {ffe118cc-0feb-11e3-9bd2-2016d800397f} - E:\autorun.exe
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\...\MountPoints2: {ffe118de-0feb-11e3-9bd2-2016d800397f} - E:\autorun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-02-08] (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{675E1A36-57BE-4C9A-B3E6-4EBB0C0E7B6D}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D5E1C1F4-9BD8-4D6D-AA0B-2CBBE891574C}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2012-01-19] (Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-08] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\el64wpyj.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\el64wpyj.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [not found]
FF Extension: Skype - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-11]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-08]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Google Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Avast SafePrice) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-02-08]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [85664 2012-01-19] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-08] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-02-08] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4403136 2016-02-08] (Avast Software)
R2 BlueSoleilCS; C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R3 BsHelpCS; C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [99080 2012-09-19] (IVT Corporation)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation)
S3 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1045840 2015-12-12] (Flexera Software LLC.)
S3 MaxthonUpdateSvc; C:\Program Files\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-11-30] (Maxthon)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-01-19] (Atheros) [File not signed]
U3 *56etadpug;  <==== ATTENTION (ZeroAccess)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-02-08] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-02-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-02-08] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [294816 2016-02-08] (AVAST Software)
S1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [355616 2016-02-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-02-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-02-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [812720 2016-02-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-02-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-02-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-02-10] (AVAST Software)
S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [35488 2012-01-19] (Atheros)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [298144 2012-01-19] (Atheros)
S3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [97952 2012-01-19] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [25248 2012-01-19] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [147616 2012-01-19] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [60064 2012-01-19] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [263968 2012-01-19] (Atheros)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [20320 2012-06-15] (IVT Corporation)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [468640 2012-01-19] (Atheros)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [44616 2012-07-20] (Ralink Corporation)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ZDDriver.sys [106496 2010-01-14] (ZD Secret Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [129144 2016-02-08] (AVAST Software)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [195176 2011-10-28] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [20240 2012-04-06] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-09-21] (Duplex Secure Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-16] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [252152 2016-02-08] (Avast Software)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [31328 2012-06-15] (Ralink Corporation.)
S3 massfilter; system32\drivers\massfilter.sys [X]
S1 scwamimy; \??\C:\Windows\system32\drivers\scwamimy.sys [X]
U3 UI Assistant Service; no ImagePath
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-17 01:31 - 2016-02-17 01:32 - 00000000 ____D C:\FRST
2016-02-16 12:40 - 2016-02-16 12:46 - 00000000 ____D C:\AdwCleaner
2016-02-16 12:07 - 2016-02-16 12:11 - 00225646 _____ C:\TDSSKiller.3.1.0.9_16.02.2016_12.07.25_log.txt
2016-02-16 11:34 - 2016-02-16 11:35 - 00000000 ____D C:\Program Files\CCleaner
2016-02-16 11:34 - 2016-02-16 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-02-16 11:15 - 2016-02-16 11:49 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-02-16 11:15 - 2016-02-16 11:32 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-16 10:58 - 2016-02-16 10:58 - 00000000 ____D C:\Windows\pss
2016-02-11 21:46 - 2016-02-11 21:46 - 00001078 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-02-11 21:46 - 2016-02-11 21:46 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-02-08 23:10 - 2016-02-08 23:07 - 00355616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2016-02-08 23:09 - 2016-02-08 23:09 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-08 23:09 - 2016-02-08 23:09 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-08 23:07 - 2016-02-08 23:07 - 00294816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2016-02-05 10:39 - 2016-02-05 10:39 - 00001588 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS5.1.lnk
2016-02-05 10:38 - 2016-02-05 10:38 - 00001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
2016-02-05 10:38 - 2016-02-05 10:38 - 00000000 ____D C:\ProgramData\ALM
2016-02-05 10:37 - 2016-02-05 10:37 - 00001200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
2016-02-05 10:36 - 2016-02-05 10:36 - 00001473 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
2016-02-05 10:36 - 2016-02-05 10:36 - 00001301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
2016-02-05 10:35 - 2016-02-05 10:35 - 00000927 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-02-05 10:35 - 2016-02-05 10:35 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-02-05 10:35 - 2016-02-05 10:35 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-02-02 15:01 - 2015-12-30 19:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-02-02 15:01 - 2015-12-30 19:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-02 15:01 - 2015-12-30 19:47 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-02 15:01 - 2015-12-30 19:47 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-02 15:01 - 2015-12-30 19:44 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-02 15:01 - 2015-12-30 19:41 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-02 15:01 - 2015-12-30 19:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-02 15:01 - 2015-12-30 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-02 15:01 - 2015-12-30 19:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-02 15:01 - 2015-12-30 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-02 15:01 - 2015-12-30 19:40 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-02 15:01 - 2015-12-30 19:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-02 15:01 - 2015-12-30 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-02 15:01 - 2015-12-30 19:39 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-02 15:01 - 2015-12-30 19:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-02 15:01 - 2015-12-30 19:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-02 15:01 - 2015-12-30 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-02 15:01 - 2015-12-30 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-02 15:01 - 2015-12-30 19:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-02 15:01 - 2015-12-30 19:38 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-02 15:01 - 2015-12-30 19:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-02 15:01 - 2015-12-30 19:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-02 15:01 - 2015-12-30 19:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-02 15:01 - 2015-12-30 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-02 15:01 - 2015-12-30 18:38 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-02 15:01 - 2015-12-30 18:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-02 15:01 - 2015-12-30 18:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-02 15:01 - 2015-12-30 18:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-02 15:01 - 2015-12-30 18:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-02 15:01 - 2015-12-30 18:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-02 15:01 - 2015-12-30 18:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-02 15:01 - 2015-12-30 18:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 02956800 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-02 15:01 - 2015-11-20 19:33 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-02 15:01 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-02 15:01 - 2015-11-20 19:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-02 15:00 - 2015-12-08 22:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-02 15:00 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-02-02 15:00 - 2015-12-08 22:53 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-02-02 15:00 - 2015-12-08 22:00 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-02 15:00 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-02-02 15:00 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-02-02 15:00 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-02-02 15:00 - 2015-11-10 19:39 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-02-02 15:00 - 2015-11-10 19:39 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-02-02 15:00 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-02-02 15:00 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-02-02 15:00 - 2011-04-28 04:15 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-02-02 15:00 - 2011-04-28 04:15 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-02-02 14:59 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-02-02 14:59 - 2015-11-05 10:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-02-02 14:58 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-02-02 14:58 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-02-02 14:58 - 2015-11-13 23:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-02-02 14:57 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-02-02 14:57 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-02-02 14:57 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-02-02 14:57 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-02-02 14:57 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-02-02 14:57 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-02-02 14:57 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-02-02 14:57 - 2015-12-08 22:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-02-02 14:57 - 2015-12-08 22:11 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-02-02 14:57 - 2015-12-08 22:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-31 12:50 - 2016-01-31 12:52 - 00000000 ____D C:\Users\PC\Documents\Readon Player
2016-01-31 12:50 - 2016-01-31 12:50 - 00000000 ____D C:\Users\PC\AppData\Local\Readon_Technology
2016-01-25 15:50 - 2016-01-26 22:22 - 00000000 ____D C:\Users\PC\AppData\Roaming\VMware
2016-01-25 15:47 - 2016-01-25 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
2016-01-25 15:42 - 2016-01-26 22:24 - 00000000 ____D C:\ProgramData\VMware
2016-01-25 15:39 - 2016-01-25 15:50 - 00000000 ____D C:\Users\PC\Andy
2016-01-25 15:39 - 2016-01-25 15:39 - 00000000 ____D C:\Program Files\VMware
2016-01-25 15:37 - 2016-01-25 15:39 - 00000000 ____D C:\Program Files\AndyOfflineInstaller46.2
2016-01-25 15:35 - 2016-01-26 22:25 - 00000000 ____D C:\Users\PC\AppData\Roaming\Andy
2016-01-19 22:16 - 2016-02-05 10:57 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-17 00:12 - 2016-01-08 13:49 - 00000000 ____D C:\Users\PC\Documents\Toon Boom Studio - Global Libraries 8.0
2016-02-16 20:09 - 2013-08-28 16:12 - 00000000 ____D C:\Users\PC\AppData\Local\CrashDumps
2016-02-16 17:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2016-02-16 13:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-02-16 13:34 - 2012-09-26 08:53 - 00000920 _____ C:\Windows\system32\bscs.ini
2016-02-16 13:34 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-16 13:33 - 2009-07-14 05:34 - 00020848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-16 13:33 - 2009-07-14 05:34 - 00020848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-16 12:57 - 2014-11-06 11:06 - 00000000 ____D C:\Program Files\SlimCleaner
2016-02-16 12:38 - 2015-12-16 23:41 - 00000000 ___HD C:\Program Files\InstallJammer Registry
2016-02-16 12:35 - 2013-11-02 13:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-16 12:35 - 2013-08-28 14:28 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-16 10:43 - 2009-07-14 05:53 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-16 10:35 - 2013-10-14 08:14 - 00007597 _____ C:\Users\PC\AppData\Local\Resmon.ResmonCfg
2016-02-16 10:31 - 2013-08-28 14:26 - 00000000 ____D C:\Windows\PCHEALTH
2016-02-16 10:09 - 2014-07-07 08:27 - 00000000 ____D C:\Users\PC\AppData\Roaming\vlc
2016-02-16 09:56 - 2015-08-27 22:10 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-16 09:55 - 2015-08-27 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-16 09:55 - 2015-08-27 22:09 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-02-16 09:52 - 2013-09-17 16:13 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2016-02-16 09:52 - 2013-08-28 14:29 - 00000000 ____D C:\Users\PC\AppData\Roaming\Winamp
2016-02-15 15:03 - 2015-11-24 23:06 - 00000000 ____D C:\Users\PC\Downloads\PopcornTime
2016-02-14 13:57 - 2015-07-14 19:33 - 00000000 ____D C:\Windows\system32\vbox
2016-02-11 21:59 - 2013-08-28 14:29 - 00002118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-10 11:10 - 2015-11-14 00:31 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-02-10 02:10 - 2013-10-07 15:17 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-02-10 02:10 - 2013-10-07 15:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-02-08 23:09 - 2015-11-14 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-02-08 23:09 - 2015-11-14 00:31 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-02-08 23:09 - 2015-11-14 00:31 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-08 23:09 - 2015-11-14 00:31 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-08 23:09 - 2015-11-14 00:31 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-08 23:09 - 2015-11-14 00:31 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-08 23:09 - 2015-11-14 00:31 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-08 23:09 - 2013-08-28 16:19 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-08 23:08 - 2015-11-14 00:31 - 00812720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-08 23:08 - 2015-11-14 00:31 - 00129144 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2016-02-08 23:08 - 2015-11-14 00:31 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-02-08 23:08 - 2015-11-14 00:28 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-07 22:16 - 2013-08-28 14:28 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-07 22:16 - 2009-07-14 05:33 - 04068672 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-07 09:25 - 2013-08-28 14:32 - 00000000 ____D C:\ProgramData\Adobe
2016-02-06 10:09 - 2013-09-21 18:51 - 00000000 ____D C:\Users\PC\AppData\Local\Adobe
2016-02-06 09:45 - 2013-08-28 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters
2016-02-06 09:45 - 2013-08-28 16:19 - 00000000 ____D C:\Program Files\Codemasters
2016-02-06 09:39 - 2013-12-25 23:34 - 00000000 ____D C:\ProgramData\Guitar and Bass
2016-02-06 09:37 - 2015-10-21 07:46 - 00000000 ____D C:\Program Files\Sports Interactive
2016-02-06 09:36 - 2015-12-16 23:49 - 00000000 ____D C:\Program Files\EveryonePiano
2016-02-06 09:28 - 2013-12-23 19:11 - 00000000 ____D C:\Windows\Minidump
2016-02-05 10:57 - 2013-09-21 18:51 - 00000000 ____D C:\Users\PC\AppData\Roaming\Adobe
2016-02-05 10:57 - 2013-08-28 14:19 - 00169320 _____ C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-05 10:38 - 2013-08-28 14:32 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-02-05 10:38 - 2013-08-28 14:32 - 00000000 ____D C:\Program Files\Adobe
2016-02-05 10:35 - 2016-01-09 20:59 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2016-02-02 18:32 - 2010-11-20 22:01 - 00005976 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-02 15:14 - 2015-11-09 21:51 - 00000000 ____D C:\Windows\system32\MRT
2016-02-02 15:07 - 2013-12-26 22:14 - 141317472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-02 14:54 - 2016-01-01 12:28 - 00000000 ____D C:\Users\PC\AppData\Roaming\Audacity
2016-02-02 00:41 - 2015-12-29 17:12 - 00000000 ____D C:\Users\PC\Documents\MAGIX_MusicEditor
2016-01-25 15:39 - 2013-08-28 13:52 - 00000000 ____D C:\Users\PC
2016-01-21 22:56 - 2013-08-28 14:28 - 00000000 ____D C:\Users\PC\AppData\Local\Google
 
==================== Files in the root of some directories =======
 
2015-01-30 12:07 - 2015-12-21 01:27 - 0000933 _____ () C:\Users\PC\AppData\Roaming\burnaware.ini
2013-10-14 08:14 - 2016-02-16 10:35 - 0007597 _____ () C:\Users\PC\AppData\Local\Resmon.ResmonCfg
2013-12-26 21:37 - 2013-12-26 21:37 - 0000000 ____H () C:\ProgramData\rifmasterlic.lic
ZeroAccess:
C:\Program Files\Google\Desktop\Install
 
Some files in TEMP:
====================
C:\Users\PC\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-08 13:39
 
==================== End of FRST.txt ============================

Attached Files



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 16 February 2016 - 09:12 PM

Hi Gile :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience. This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)
 
IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:

  • Reimaging the system
  • Restoring the entire system using a full system backup from before the backdoor infection
  • Reformatting and reinstalling the system
Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. Thats right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


This being said, if you would like to wipe your drive clean, and reinstall Windows on it instead, please let me know.
 
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
 
I have reasons to think that you currently have software installed illegally on your system (pirated programs). BleepingComputer doesn't condone piracy, nor defeating copyright protections in order to illegally use a software. Therefore, I'll ask you to please uninstall any cracked software you are aware of on your system before we move on. If you need help identifying these programs, please let me know and I'll point them out to you.
 
warning.gifOutdated Programs Warning!

I noticed that you have outdated vulnerable programs installed on your system. I'll ask you to uninstall them since keeping outdated software installed on a system puts it more at risk of being infected. Otherwise, you can update them right now, and make sure that their outdated version is uninstalled after. We will reinstall these programs at the end of the clean-up if you decide to uninstall them now, and need them after.
  • Java 8 Update 31;
If you have an issue when uninstalling a program, please let me know.

I see that you ran TDSSKiller already on your system, and it also dropped a log on your C: drive. I would like to take a look at it since there might be information about the current ZeroAccess infection on your system. Can you copy and paste the content of the C:\TDSSKiller.3.1.0.9_16.02.2016_12.07.25_log.txt log below so I can read it?

We'll also run a fix with FRST to remove everything we can about the ZeroAccess infection on your system, as well as other minor things. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste that log in your next reply;


Your next reply should include:
  • If you decide to continue with the clean-up, or if you want to wipe your drive and reinstall Windows instead;
  • If you're going to uninstall uTorrent or not;
  • Confirmation that you uninstalled every pirated software you have installed on your system right now;
  • Copy/pasted content of the TDSS log;
  • Copy/pasted content of the FRST fixlog.txt;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 19 February 2016 - 07:47 AM

Hi Gile,

Are you still with me? Can you follow the instructions in my last post please? :)

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Gile

Gile
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 20 February 2016 - 07:30 AM

Hey Aura, sorry for late response and bad English. First to say thank You for helping me. Second, my kid accidentaly upgraded my free antivirus Avast to smth like Internet security, or simmilar, and it caused huge problems while I was trying to run FRST. After several restarts of my PC, I noticed that my antivirus look strange, so I uninstaled it, and instaled a fresh copy.

 

I removed Java 8 Update 31 fro my system, my utorrent is always closed, and I rarely use it. I must inform You that i "killed" windows update becouse svchost service was eating my computer resources.

 

Here is TDSS log

 

12:07:25.0933 0x0bfc  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
12:07:32.0713 0x0bfc  ============================================================
12:07:32.0713 0x0bfc  Current date / time: 2016/02/16 12:07:32.0713
12:07:32.0713 0x0bfc  SystemInfo:
12:07:32.0713 0x0bfc  
12:07:32.0713 0x0bfc  OS Version: 6.1.7601 ServicePack: 1.0
12:07:32.0713 0x0bfc  Product type: Workstation
12:07:32.0714 0x0bfc  ComputerName: PC-PC
12:07:32.0714 0x0bfc  UserName: PC
12:07:32.0714 0x0bfc  Windows directory: C:\Windows
12:07:32.0714 0x0bfc  System windows directory: C:\Windows
12:07:32.0714 0x0bfc  Processor architecture: Intel x86
12:07:32.0714 0x0bfc  Number of processors: 2
12:07:32.0714 0x0bfc  Page size: 0x1000
12:07:32.0714 0x0bfc  Boot type: Safe boot with network
12:07:32.0714 0x0bfc  ============================================================
12:07:33.0352 0x0bfc  KLMD registered as C:\Windows\system32\drivers\20420453.sys
12:07:33.0891 0x0bfc  System UUID: {5A95606F-EA6A-CF30-BC04-FBD8A4292453}
12:07:34.0509 0x0bfc  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:07:34.0510 0x0bfc  ============================================================
12:07:34.0510 0x0bfc  \Device\Harddisk0\DR0:
12:07:34.0511 0x0bfc  MBR partitions:
12:07:34.0511 0x0bfc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:07:34.0511 0x0bfc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x2F9AB000
12:07:34.0511 0x0bfc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2F9DD800, BlocksNum 0x27B67800
12:07:34.0511 0x0bfc  ============================================================
12:07:34.0545 0x0bfc  C: <-> \Device\Harddisk0\DR0\Partition2
12:07:34.0575 0x0bfc  E: <-> \Device\Harddisk0\DR0\Partition3
12:07:34.0575 0x0bfc  ============================================================
12:07:34.0575 0x0bfc  Initialize success
12:07:34.0575 0x0bfc  ============================================================
12:08:26.0154 0x0c50  ============================================================
12:08:26.0154 0x0c50  Scan started
12:08:26.0154 0x0c50  Mode: Manual; TDLFS; 
12:08:26.0154 0x0c50  ============================================================
12:08:26.0154 0x0c50  KSN ping started
12:08:34.0517 0x0c50  KSN ping finished: true
12:08:35.0275 0x0c50  ================ Scan system memory ========================
12:08:35.0275 0x0c50  System memory - ok
12:08:35.0276 0x0c50  ================ Scan services =============================
12:08:35.0513 0x0c50  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:08:35.0518 0x0c50  1394ohci - ok
12:08:35.0600 0x0c50  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:08:35.0608 0x0c50  ACPI - ok
12:08:35.0687 0x0c50  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:08:35.0688 0x0c50  AcpiPmi - ok
12:08:35.0840 0x0c50  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:08:35.0844 0x0c50  AdobeARMservice - ok
12:08:35.0919 0x0c50  [ 785FD0E36CA75D90DD50042E2594BC63, 471A5ED43A3E18A5A69C28F7F351558E90F20416D9C532ADF50888808090AE89 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:08:35.0928 0x0c50  AdobeFlashPlayerUpdateSvc - ok
12:08:36.0039 0x0c50  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:08:36.0051 0x0c50  adp94xx - ok
12:08:36.0087 0x0c50  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:08:36.0095 0x0c50  adpahci - ok
12:08:36.0134 0x0c50  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:08:36.0138 0x0c50  adpu320 - ok
12:08:36.0171 0x0c50  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:08:36.0173 0x0c50  AeLookupSvc - ok
12:08:36.0218 0x0c50  [ 93B49FA857F7036A4EFF32371F6E7391, B9B2867D9A80E7F028E9D7C6ABCB9EC5198ACE28CEE101C5A846666B356B2843 ] AFD             C:\Windows\system32\drivers\afd.sys
12:08:36.0227 0x0c50  AFD - ok
12:08:36.0259 0x0c50  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:08:36.0260 0x0c50  agp440 - ok
12:08:36.0316 0x0c50  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
12:08:36.0319 0x0c50  aic78xx - ok
12:08:36.0370 0x0c50  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
12:08:36.0371 0x0c50  ALG - ok
12:08:36.0421 0x0c50  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:08:36.0422 0x0c50  aliide - ok
12:08:36.0448 0x0c50  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:08:36.0450 0x0c50  amdagp - ok
12:08:36.0467 0x0c50  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:08:36.0468 0x0c50  amdide - ok
12:08:36.0481 0x0c50  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:08:36.0485 0x0c50  AmdK8 - ok
12:08:36.0536 0x0c50  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:08:36.0538 0x0c50  AmdPPM - ok
12:08:36.0588 0x0c50  [ E7F4D42D8076EC60E21715CD11743A0D, 91AC020A70964F8783C999BDE8AB8391A3FA3AFC1CD4BC52A43625A2010A53E7 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:08:36.0591 0x0c50  amdsata - ok
12:08:36.0611 0x0c50  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:08:36.0616 0x0c50  amdsbs - ok
12:08:36.0643 0x0c50  [ 146459D2B08BFDCBFA856D9947043C81, AC7F2069717601F949B0968EA651899D497170A93B84281B66D3CE5C382DDECB ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:08:36.0644 0x0c50  amdxata - ok
12:08:36.0674 0x0c50  [ FE4F2ADE5DBB3B888E9EB0A1FBA1F152, B17053A912C73835A2E80176D79885B530E15240B988125114B6B877C903D61C ] AppID           C:\Windows\system32\drivers\appid.sys
12:08:36.0676 0x0c50  AppID - ok
12:08:36.0720 0x0c50  [ A4DA304773AC1396792C5DE1D1EB601A, ECD23FF67FB1C4B94DBE23F6724E2DA0917CE0E479DE9C9F790A8635A2234950 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:08:36.0721 0x0c50  AppIDSvc - ok
12:08:36.0765 0x0c50  [ 530195DA0D84D9855020F2B80D6B267F, AB36F05991530437C7B3F25441B13BC085000F07579964A4CCA0BF029DD6DE7E ] Appinfo         C:\Windows\System32\appinfo.dll
12:08:36.0766 0x0c50  Appinfo - ok
12:08:36.0807 0x0c50  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:08:36.0812 0x0c50  AppMgmt - ok
12:08:36.0854 0x0c50  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
12:08:36.0856 0x0c50  arc - ok
12:08:36.0867 0x0c50  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:08:36.0870 0x0c50  arcsas - ok
12:08:37.0024 0x0c50  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:08:37.0046 0x0c50  aspnet_state - ok
12:08:37.0104 0x0c50  [ C3F5C4413DFE6DF0A6439D18C3345418, 75902BB3CBCD3986CC7AA79437FEF88C43E909EA2B96537D6D086A5D9475F22B ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
12:08:37.0106 0x0c50  aswHwid - ok
12:08:37.0137 0x0c50  [ EC8DD4B019B4F0DD71828F10EEFC172F, CF4733DBA51B30A6877BD9702B64200E7E89D9E880EE93A4465F462BEAF6FBF5 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
12:08:37.0139 0x0c50  aswKbd - ok
12:08:37.0172 0x0c50  [ A65B8BE010DEF207F35081A9F7AFD685, F9EB831F1490A13DAA8089BF7F4B23880387DEC2D7BCC157C5FAA2E1F2CB8926 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
12:08:37.0175 0x0c50  aswMonFlt - ok
12:08:37.0247 0x0c50  [ 9B878D8BADB534057FEBA3C054693FE0, 1AC1B83EC8D281008DA85B6B3CBF331AA6F3FCE74C8962D0E069F1A776467F61 ] aswNdisFlt      C:\Windows\system32\DRIVERS\aswNdisFlt.sys
12:08:37.0255 0x0c50  aswNdisFlt - ok
12:08:37.0315 0x0c50  [ A9D98D81923EA21337E60FEFE8C68D40, 3C34ECB932B0C977175634464CA7F77DC60FB18BDF3060FAA89484A2A4FD4B27 ] aswNetSec       C:\Windows\system32\drivers\aswNetSec.sys
12:08:37.0325 0x0c50  aswNetSec - ok
12:08:37.0362 0x0c50  [ 3171603639BE190B4D160AC2BD3456FA, 4ACFE02104FF825FC4EBA62A1957A247C53F5E304F6948A3C9540B412548A144 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
12:08:37.0364 0x0c50  aswRdr - ok
12:08:37.0421 0x0c50  [ 303A4C67F046564508F82F515CB0A322, 7EE28F613D57F47BFB6B42876AF00D46FE6DFEE4C0294DEF0089E52E2274FBD5 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
12:08:37.0422 0x0c50  aswRvrt - ok
12:08:37.0494 0x0c50  [ F609AD9C5973A835955A8DCFA89BD350, CA96C94C90DB9E1C5EC419DBDF7454FB5B201626B8D9E903B9EEF12D7DA70E00 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
12:08:37.0515 0x0c50  aswSnx - ok
12:08:37.0588 0x0c50  [ D3377858173DC52002631D6DA7F2F3BC, 9D06C3C978B7310FD89746B1670DB8CA4807BF9C39AB701D15703D0DDD7FED9E ] aswSP           C:\Windows\system32\drivers\aswSP.sys
12:08:37.0601 0x0c50  aswSP - ok
12:08:37.0630 0x0c50  [ 3D1D5F11E572510271A9B8A3C3AFAE54, 5FB421E7643B3AC58C39CA50AC18242EB10CD0102CA12286484D6EB984B6A231 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
12:08:37.0633 0x0c50  aswStm - ok
12:08:37.0698 0x0c50  [ 43646E5D17727D4F2E1F8FFA06F1472C, AC2ECDAB8AF83EF339A072C30B7BF78053296DD968CA4E75F39CAD8AB208BD96 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
12:08:37.0704 0x0c50  aswVmm - ok
12:08:37.0755 0x0c50  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:08:37.0756 0x0c50  AsyncMac - ok
12:08:37.0815 0x0c50  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:08:37.0816 0x0c50  atapi - ok
12:08:37.0851 0x0c50  [ 20652199A661FC985215773012AB3974, 4684FBAD3DFC68C3CC9979469102981B793331DB1886449B820F547E6DAE8F7F ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
12:08:37.0852 0x0c50  AthBTPort - ok
12:08:37.0912 0x0c50  [ DF5A01030CB083A41B7FAA0ECFC0BA58, DD6F768692CF1641DC7606D8D6A7B61E34E922F80765F126EC2E87D648428A43 ] AtherosSvc      C:\Program Files\Bluetooth Suite\adminservice.exe
12:08:37.0914 0x0c50  AtherosSvc - ok
12:08:38.0054 0x0c50  [ CFE432E8EEACBCEA3DBF53EA76978A65, 1495A2E450B4000FBB8DCF7AC2AFE96A08AD23CBE0C7DC2BFB6A70E68CF1AEAA ] athr            C:\Windows\system32\DRIVERS\athr.sys
12:08:38.0131 0x0c50  athr - ok
12:08:38.0198 0x0c50  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:08:38.0212 0x0c50  AudioEndpointBuilder - ok
12:08:38.0245 0x0c50  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:08:38.0258 0x0c50  Audiosrv - ok
12:08:38.0367 0x0c50  [ 501E11AE85EE28D305D228F5931AC76C, FB7052CFA143E5D431131EBB59D4EDAEEFCB56A017552E2395F1954F861613A0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:08:38.0377 0x0c50  avast! Antivirus - ok
12:08:38.0413 0x0c50  [ 468BBF1D3E62BE7A3A2C7A947BFB425F, AC45B8F0DBF75D50387D7DB0EA2BA74B10B21005F1DBEE5950C0C2C507D4C2E7 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
12:08:38.0417 0x0c50  avast! Firewall - ok
12:08:38.0652 0x0c50  [ F9F63E0EE8A9174D35E2B57716E57813, 705ED244FF9278C029EB8B6D1533D8FA91C1EABEC81CF679EE1FFF6F1C5FC2E2 ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
12:08:38.0854 0x0c50  AvastVBoxSvc - ok
12:08:38.0908 0x0c50  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:08:38.0911 0x0c50  AxInstSV - ok
12:08:38.0962 0x0c50  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
12:08:38.0973 0x0c50  b06bdrv - ok
12:08:39.0036 0x0c50  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
12:08:39.0042 0x0c50  b57nd60x - ok
12:08:39.0102 0x0c50  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
12:08:39.0104 0x0c50  BDESVC - ok
12:08:39.0146 0x0c50  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:08:39.0147 0x0c50  Beep - ok
12:08:39.0207 0x0c50  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
12:08:39.0222 0x0c50  BFE - ok
12:08:39.0288 0x0c50  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
12:08:39.0308 0x0c50  BITS - ok
12:08:39.0342 0x0c50  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:08:39.0344 0x0c50  blbdrive - ok
12:08:39.0480 0x0c50  [ 00EAE93627CCB2BC07795A3087916A5D, 64018AF7A7277EB114BFBCE14A81479D7EBADD35497CB07D5BD4FEAA279640AB ] BlueSoleilCS    C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
12:08:39.0532 0x0c50  BlueSoleilCS - ok
12:08:39.0572 0x0c50  [ 73686FE0B2E0469F89FD2075BE724704, 4BC5BBA7ACB5BDA77251B82B9CF16C6A9EBBCC29760860A0F37ABDDF9288143F ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:08:39.0579 0x0c50  Bonjour Service - ok
12:08:39.0625 0x0c50  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:08:39.0627 0x0c50  bowser - ok
12:08:39.0647 0x0c50  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:08:39.0648 0x0c50  BrFiltLo - ok
12:08:39.0672 0x0c50  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:08:39.0673 0x0c50  BrFiltUp - ok
12:08:39.0728 0x0c50  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
12:08:39.0732 0x0c50  Browser - ok
12:08:39.0768 0x0c50  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:08:39.0776 0x0c50  Brserid - ok
12:08:39.0788 0x0c50  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:08:39.0790 0x0c50  BrSerWdm - ok
12:08:39.0802 0x0c50  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:08:39.0803 0x0c50  BrUsbMdm - ok
12:08:39.0825 0x0c50  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:08:39.0826 0x0c50  BrUsbSer - ok
12:08:39.0864 0x0c50  [ 346BACE0E0958E73AC91A2724D81804F, C01E4AD19E12B19268975A8798971A0164FB4A7A5C5232262CE5CB6FB42C88F9 ] BsHelpCS        C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
12:08:39.0868 0x0c50  BsHelpCS - ok
12:08:39.0924 0x0c50  [ 9A20D3C93A974E331F09907321187222, 3888C2AFEE0B99FE23AC8C72CD06E089810D3DA8C73A63BE56243151D9E89ECC ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
12:08:39.0932 0x0c50  BTATH_A2DP - ok
12:08:39.0951 0x0c50  [ 58B30FBEB78A3EE87AD293E5AFC78A7C, FAE4C8F19F4DA2426872B7FA553E8C0DE59DC0FA77076A163DBB02022A9ED572 ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
12:08:39.0954 0x0c50  btath_avdt - ok
12:08:39.0982 0x0c50  [ C32FB5FDE56302258C2A44A57116979F, EE041B057C9F72DA7CFB719153AD65569C44427588E8E706A1D66B9C4F8C1473 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
12:08:39.0983 0x0c50  BTATH_BUS - ok
12:08:40.0033 0x0c50  [ F7A1B8334EF7D99EA9D894D995553D3E, 56E28D3DE5E60F8F295832ECD711E2F999F2F9966A549C69F2150B4FC4CDDD27 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
12:08:40.0037 0x0c50  BTATH_HCRP - ok
12:08:40.0056 0x0c50  [ B0EE9045FF2EB7519C93B63FAA0A2570, 6FC4C77F6BA0077818C0EFDC97AB7A1F2842E7B42A77920001FEF211C3689C39 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
12:08:40.0058 0x0c50  BTATH_LWFLT - ok
12:08:40.0081 0x0c50  [ 92A08096BF01937847063D43CDB72F2A, 22DE4960279A798DA239829D174D4416BDB80C82CCCB9637D06E183064AE6D1C ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
12:08:40.0088 0x0c50  BTATH_RCP - ok
12:08:40.0156 0x0c50  [ 37DEB802FB13F59ACB1DCCE66297AD51, 9DB5EAD01EF9ECE28406D173683F34AA205E87BE418971C29D32FDAA5DA6803E ] BtAudioBusSrv   C:\Windows\system32\Drivers\BtAudioBus.sys
12:08:40.0157 0x0c50  BtAudioBusSrv - ok
12:08:40.0226 0x0c50  [ 651ED3CC67056D2967C3ACFAC08701B0, B902B25A2B7BFE12484CFFE4E7000CF0C303D5FA1CD83D5E06C8B98D638EBE29 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
12:08:40.0239 0x0c50  BtFilter - ok
12:08:40.0300 0x0c50  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
12:08:40.0301 0x0c50  BthEnum - ok
12:08:40.0347 0x0c50  [ 18522B227E059A211EF695404C43B40B, 17B9281742B6BEAA6CCC538FC024C251E13F88BE2AC910D51146F451CD60587A ] BthL2caScoIfSrv C:\Windows\system32\Drivers\BtL2caScoIf.sys
12:08:40.0349 0x0c50  BthL2caScoIfSrv - ok
12:08:40.0360 0x0c50  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:08:40.0362 0x0c50  BTHMODEM - ok
12:08:40.0407 0x0c50  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:08:40.0410 0x0c50  BthPan - ok
12:08:40.0443 0x0c50  [ C2FBF6D271D9A94D839C416BF186EAD9, 492F8344BD2E354C3525E1E535A1BAAAC17A38EE01868B986AC112E33B3B2A66 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
12:08:40.0454 0x0c50  BTHPORT - ok
12:08:40.0491 0x0c50  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
12:08:40.0493 0x0c50  bthserv - ok
12:08:40.0521 0x0c50  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
12:08:40.0523 0x0c50  BTHUSB - ok
12:08:40.0668 0x0c50  [ 52AE2CDD37AB735FBDA52263EFD524AA, 844103913E6079CC1C49B05FFB1CDC9A68692A8EE5A05C9C28FD272DFE534913 ] c2cautoupdatesvc C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
12:08:40.0713 0x0c50  c2cautoupdatesvc - ok
12:08:40.0827 0x0c50  [ C35B91B6777E7C6DB67B8583D2AA66A7, CE3A004B560EB750442150FEEFEE074A11A17E66B3F2A489E8EF1DBCF8FE8390 ] c2cpnrsvc       C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
12:08:40.0883 0x0c50  c2cpnrsvc - ok
12:08:40.0927 0x0c50  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:08:40.0929 0x0c50  cdfs - ok
12:08:40.0970 0x0c50  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:08:40.0974 0x0c50  cdrom - ok
12:08:41.0025 0x0c50  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:08:41.0027 0x0c50  CertPropSvc - ok
12:08:41.0058 0x0c50  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:08:41.0060 0x0c50  circlass - ok
12:08:41.0101 0x0c50  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\Windows\system32\CLFS.sys
12:08:41.0109 0x0c50  CLFS - ok
12:08:41.0200 0x0c50  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:08:41.0205 0x0c50  clr_optimization_v2.0.50727_32 - ok
12:08:41.0253 0x0c50  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:08:41.0376 0x0c50  clr_optimization_v4.0.30319_32 - ok
12:08:41.0403 0x0c50  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:08:41.0404 0x0c50  CmBatt - ok
12:08:41.0438 0x0c50  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:08:41.0439 0x0c50  cmdide - ok
12:08:41.0487 0x0c50  [ 780FFC005741C9316576086155E55F56, D863E5657F1468410BBDD657D5EA8A2FDDB70FED459CDE3178CB8FDB910058EC ] CNG             C:\Windows\system32\Drivers\cng.sys
12:08:41.0497 0x0c50  CNG - ok
12:08:41.0586 0x0c50  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:08:41.0587 0x0c50  Compbatt - ok
12:08:41.0646 0x0c50  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:08:41.0647 0x0c50  CompositeBus - ok
12:08:41.0671 0x0c50  COMSysApp - ok
12:08:41.0733 0x0c50  [ 08E2DD2780735F4AAB22B775880CD8AC, 54710DB7B3D41CB1DF37B4F8AB30965A71D475554845A5D3CFABF1DF14D8486D ] cphs            C:\Windows\system32\IntelCpHeciSvc.exe
12:08:41.0743 0x0c50  cphs - ok
12:08:41.0755 0x0c50  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:08:41.0756 0x0c50  crcdisk - ok
12:08:41.0802 0x0c50  [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:08:41.0807 0x0c50  CryptSvc - ok
12:08:41.0850 0x0c50  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
12:08:41.0860 0x0c50  CSC - ok
12:08:41.0937 0x0c50  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
12:08:41.0954 0x0c50  CscService - ok
12:08:42.0002 0x0c50  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:08:42.0014 0x0c50  DcomLaunch - ok
12:08:42.0050 0x0c50  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
12:08:42.0057 0x0c50  defragsvc - ok
12:08:42.0103 0x0c50  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:08:42.0105 0x0c50  DfsC - ok
12:08:42.0164 0x0c50  [ 6A2F35D012D014AC5C4C16F2CEB11541, F8BCDF33FF8DDC1F10DBA88B7E4CDF0AAED27E383E3226060D25091EFF0FCF25 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:08:42.0167 0x0c50  dg_ssudbus - ok
12:08:42.0214 0x0c50  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:08:42.0222 0x0c50  Dhcp - ok
12:08:42.0239 0x0c50  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
12:08:42.0240 0x0c50  discache - ok
12:08:42.0293 0x0c50  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
12:08:42.0295 0x0c50  Disk - ok
12:08:42.0326 0x0c50  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
12:08:42.0328 0x0c50  dmvsc - ok
12:08:42.0371 0x0c50  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:08:42.0376 0x0c50  Dnscache - ok
12:08:42.0412 0x0c50  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:08:42.0420 0x0c50  dot3svc - ok
12:08:42.0474 0x0c50  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
12:08:42.0478 0x0c50  DPS - ok
12:08:42.0516 0x0c50  [ A3F684B866A7D89AE396276CE7AFD416, 1E4C034B7B106FA403B13842A199D88A33B492A577B58CDDAE0B4706266B9565 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:08:42.0517 0x0c50  drmkaud - ok
12:08:42.0597 0x0c50  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:08:42.0616 0x0c50  DXGKrnl - ok
12:08:42.0664 0x0c50  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
12:08:42.0667 0x0c50  EapHost - ok
12:08:42.0808 0x0c50  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
12:08:42.0889 0x0c50  ebdrv - ok
12:08:42.0930 0x0c50  [ 4C8FF1947E9740EA266CEA330496899D, D1B90D880E19982D9AD85753F5E622FEDB097DEF912450646B27C49AEC72E0C7 ] EFS             C:\Windows\System32\lsass.exe
12:08:42.0932 0x0c50  EFS - ok
12:08:43.0009 0x0c50  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:08:43.0028 0x0c50  ehRecvr - ok
12:08:43.0045 0x0c50  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
12:08:43.0049 0x0c50  ehSched - ok
12:08:43.0097 0x0c50  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:08:43.0109 0x0c50  elxstor - ok
12:08:43.0128 0x0c50  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:08:43.0129 0x0c50  ErrDev - ok
12:08:43.0178 0x0c50  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
12:08:43.0187 0x0c50  EventSystem - ok
12:08:43.0221 0x0c50  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:08:43.0225 0x0c50  exfat - ok
12:08:43.0326 0x0c50  Fabs - ok
12:08:43.0344 0x0c50  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:08:43.0348 0x0c50  fastfat - ok
12:08:43.0410 0x0c50  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
12:08:43.0427 0x0c50  Fax - ok
12:08:43.0471 0x0c50  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
12:08:43.0472 0x0c50  fdc - ok
12:08:43.0497 0x0c50  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
12:08:43.0498 0x0c50  fdPHost - ok
12:08:43.0532 0x0c50  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:08:43.0534 0x0c50  FDResPub - ok
12:08:43.0552 0x0c50  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:08:43.0553 0x0c50  FileInfo - ok
12:08:43.0569 0x0c50  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:08:43.0570 0x0c50  Filetrace - ok
12:08:43.0711 0x0c50  [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
12:08:43.0847 0x0c50  FirebirdServerMAGIXInstance - ok
12:08:43.0933 0x0c50  [ 21485C51A6C0DC3D096A96428455AE0C, A14E242504B198F3A27F5C6D5CDA467CF0CE52AA723D70CB3A038B7A8716995B ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:08:43.0966 0x0c50  FLEXnet Licensing Service - ok
12:08:43.0992 0x0c50  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:08:43.0993 0x0c50  flpydisk - ok
12:08:44.0013 0x0c50  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:08:44.0019 0x0c50  FltMgr - ok
12:08:44.0094 0x0c50  [ 23D3F12CA9DEB6EF02DEDC621EC661AC, AA3718715ADFE1666757BCD79D5A8DC591C2C5185802F51A27C119C4C30F360A ] FontCache       C:\Windows\system32\FntCache.dll
12:08:44.0122 0x0c50  FontCache - ok
12:08:44.0203 0x0c50  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:08:44.0206 0x0c50  FontCache3.0.0.0 - ok
12:08:44.0243 0x0c50  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:08:44.0245 0x0c50  FsDepends - ok
12:08:44.0271 0x0c50  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:08:44.0272 0x0c50  Fs_Rec - ok
12:08:44.0316 0x0c50  [ 8A73E79089B282100B9393B644CB853B, 844DC5AADFABBD050B967904B796BA06BFD64C9112616EA26229D084F8B3AD41 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:08:44.0321 0x0c50  fvevol - ok
12:08:44.0363 0x0c50  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:08:44.0365 0x0c50  gagp30kx - ok
12:08:44.0422 0x0c50  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:08:44.0441 0x0c50  gpsvc - ok
12:08:44.0527 0x0c50  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:08:44.0532 0x0c50  gupdate - ok
12:08:44.0540 0x0c50  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:08:44.0544 0x0c50  gupdatem - ok
12:08:44.0592 0x0c50  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:08:44.0597 0x0c50  gusvc - ok
12:08:44.0634 0x0c50  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:08:44.0636 0x0c50  hcw85cir - ok
12:08:44.0675 0x0c50  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:08:44.0683 0x0c50  HdAudAddService - ok
12:08:44.0723 0x0c50  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:08:44.0726 0x0c50  HDAudBus - ok
12:08:44.0776 0x0c50  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:08:44.0777 0x0c50  HidBatt - ok
12:08:44.0795 0x0c50  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:08:44.0798 0x0c50  HidBth - ok
12:08:44.0809 0x0c50  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:08:44.0811 0x0c50  HidIr - ok
12:08:44.0842 0x0c50  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
12:08:44.0845 0x0c50  hidserv - ok
12:08:44.0900 0x0c50  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:08:44.0901 0x0c50  HidUsb - ok
12:08:44.0924 0x0c50  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:08:44.0928 0x0c50  hkmsvc - ok
12:08:44.0977 0x0c50  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:08:44.0984 0x0c50  HomeGroupListener - ok
12:08:45.0042 0x0c50  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:08:45.0048 0x0c50  HomeGroupProvider - ok
12:08:45.0105 0x0c50  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:08:45.0107 0x0c50  HpSAMD - ok
12:08:45.0173 0x0c50  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:08:45.0187 0x0c50  HTTP - ok
12:08:45.0243 0x0c50  [ 19F724C06078A6744C895B61F3AD4955, 2ED546FFCE6D74625C9783529558F0ACC594E0358BB3967870F7C8B75F0844A4 ] hwdatacard      C:\Windows\system32\DRIVERS\ZDDriver.sys
12:08:45.0247 0x0c50  hwdatacard - ok
12:08:45.0287 0x0c50  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:08:45.0288 0x0c50  hwpolicy - ok
12:08:45.0339 0x0c50  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:08:45.0342 0x0c50  i8042prt - ok
12:08:45.0402 0x0c50  [ E64665E2A6CAEB52C8AE6E5EB6F3FD7C, 3D123E673F334B47A7F90B6F462C0A3DF5684D51F6F87163F3F9D34CF5CAD62F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:08:45.0415 0x0c50  iaStor - ok
12:08:45.0484 0x0c50  [ 7D4B9A48430ED57ACA6373B71D5904CA, 6ED72DAA7A4951142F036364E8F237E74246EF3E9EA089448DEF15380DAB0DB3 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:08:45.0486 0x0c50  IAStorDataMgrSvc - ok
12:08:45.0522 0x0c50  [ A3CAE5D281DB4CFF7CFF8233507EE5AD, 2666107220B9F301193F2CF85A3D6B09E6E42CC150152D10A8886E47A3FD9B0D ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:08:45.0531 0x0c50  iaStorV - ok
12:08:45.0589 0x0c50  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:08:45.0618 0x0c50  idsvc - ok
12:08:45.0623 0x0c50  IEEtwCollectorService - ok
12:08:45.0806 0x0c50  [ 90CB68516429CFBDD7956C146997AB36, 1133F2197BAAB76B62F932D12C526918E127ABE992BCB1CB0D0AE2F30CFF97EC ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
12:08:45.0905 0x0c50  igfx - ok
12:08:45.0943 0x0c50  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:08:45.0945 0x0c50  iirsp - ok
12:08:45.0999 0x0c50  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:08:46.0021 0x0c50  IKEEXT - ok
12:08:46.0103 0x0c50  [ 7081EFE4EBF9CBBFF4EB5A3AC478DDC5, 014B53477E77FDE4A9B1254EED710658F8BAC2FADE423D13F5141F98EBA3A048 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
12:08:46.0111 0x0c50  IntcDAud - ok
12:08:46.0135 0x0c50  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:08:46.0136 0x0c50  intelide - ok
12:08:46.0203 0x0c50  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:08:46.0205 0x0c50  intelppm - ok
12:08:46.0264 0x0c50  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:08:46.0268 0x0c50  IPBusEnum - ok
12:08:46.0283 0x0c50  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:08:46.0285 0x0c50  IpFilterDriver - ok
12:08:46.0369 0x0c50  [ 4D65A07B795D6674312F879D09AA7663, 8D72FE0B51A6FF71F85D2602DB3AE91C8749F70869B6789552F047BA81411EDA ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
12:08:46.0385 0x0c50  IpHlpSvc - ok
12:08:46.0418 0x0c50  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:08:46.0420 0x0c50  IPMIDRV - ok
12:08:46.0433 0x0c50  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:08:46.0436 0x0c50  IPNAT - ok
12:08:46.0460 0x0c50  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:08:46.0461 0x0c50  IRENUM - ok
12:08:46.0479 0x0c50  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:08:46.0481 0x0c50  isapnp - ok
12:08:46.0534 0x0c50  [ CB7A9ABB12B8415BCE5D74994C7BA3AE, 464BFF3F5EEE985BE075E23E1813F5CB82A9A0771A92C6D889B13B867BCDF647 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:08:46.0540 0x0c50  iScsiPrt - ok
12:08:46.0633 0x0c50  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:08:46.0635 0x0c50  kbdclass - ok
12:08:46.0654 0x0c50  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
12:08:46.0655 0x0c50  kbdhid - ok
12:08:46.0685 0x0c50  [ 4C8FF1947E9740EA266CEA330496899D, D1B90D880E19982D9AD85753F5E622FEDB097DEF912450646B27C49AEC72E0C7 ] KeyIso          C:\Windows\system32\lsass.exe
12:08:46.0687 0x0c50  KeyIso - ok
12:08:46.0724 0x0c50  [ E58CFE0F44B9775603BA70813D48D66A, C65EC45F05B3C000D2328FE454A7C3C0D328CB16DF9C197A129E8FF7225480F6 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:08:46.0726 0x0c50  KSecDD - ok
12:08:46.0757 0x0c50  [ 50D1D9B3C24E783B6A8451158215AA55, DDF0D0736097B4F643C8664F2115F860101CA447F6B9D9F2FAE0BBDBA6F25DA4 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:08:46.0760 0x0c50  KSecPkg - ok
12:08:46.0793 0x0c50  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:08:46.0804 0x0c50  KtmRm - ok
12:08:46.0840 0x0c50  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:08:46.0847 0x0c50  LanmanServer - ok
12:08:46.0884 0x0c50  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:08:46.0888 0x0c50  LanmanWorkstation - ok
12:08:46.0928 0x0c50  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:08:46.0930 0x0c50  lltdio - ok
12:08:46.0974 0x0c50  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:08:46.0980 0x0c50  lltdsvc - ok
12:08:46.0993 0x0c50  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:08:46.0995 0x0c50  lmhosts - ok
12:08:47.0033 0x0c50  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:08:47.0037 0x0c50  LSI_FC - ok
12:08:47.0061 0x0c50  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:08:47.0064 0x0c50  LSI_SAS - ok
12:08:47.0074 0x0c50  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:08:47.0076 0x0c50  LSI_SAS2 - ok
12:08:47.0113 0x0c50  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:08:47.0116 0x0c50  LSI_SCSI - ok
12:08:47.0147 0x0c50  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:08:47.0149 0x0c50  luafv - ok
12:08:47.0157 0x0c50  massfilter - ok
12:08:47.0303 0x0c50  [ 9A5728733FC3B2BD46A82D39CC49B24E, 1E12D4E539FE2885B8652A2C846FE2DF8C1B049FA54467A830AF70E860E65644 ] MaxthonUpdateSvc C:\Program Files\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
12:08:47.0362 0x0c50  MaxthonUpdateSvc - ok
12:08:47.0438 0x0c50  [ 40C7F4B63337414F967AC53E0520B06B, 1E42F17F17B8BF748EFB15112EDA2DBD76761A011673B654020084AEC02089F1 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:08:47.0440 0x0c50  MBAMProtector - ok
12:08:47.0548 0x0c50  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
12:08:47.0562 0x0c78  Object required for P2P: [ 501E11AE85EE28D305D228F5931AC76C ] avast! Antivirus
12:08:47.0583 0x0c50  MBAMService - ok
12:08:47.0650 0x0c50  [ 63254775FE0F974F5316B4EC3F163038, 05C83C2A8C29075C25E506AA4554906096320DF5517EE550724A1DE35A7A5206 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
12:08:47.0651 0x0c50  MBAMWebAccessControl - ok
12:08:47.0682 0x0c50  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:08:47.0686 0x0c50  Mcx2Svc - ok
12:08:47.0728 0x0c50  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:08:47.0729 0x0c50  megasas - ok
12:08:47.0771 0x0c50  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:08:47.0777 0x0c50  MegaSR - ok
12:08:47.0822 0x0c50  [ 9E0A56C77E9244D2CAAC3811F4B47FCB, 0E70544BBA78DD8E43C5746C064C895A0990373F667A0B6AEA832FBEA2D2B764 ] MEI             C:\Windows\system32\DRIVERS\HECI.sys
12:08:47.0823 0x0c50  MEI - ok
12:08:47.0894 0x0c50  [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
12:08:47.0897 0x0c50  Microsoft Office Groove Audit Service - ok
12:08:47.0933 0x0c50  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
12:08:47.0936 0x0c50  MMCSS - ok
12:08:47.0944 0x0c50  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
12:08:47.0945 0x0c50  Modem - ok
12:08:48.0005 0x0c50  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:08:48.0007 0x0c50  monitor - ok
12:08:48.0044 0x0c50  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:08:48.0046 0x0c50  mouclass - ok
12:08:48.0092 0x0c50  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:08:48.0093 0x0c50  mouhid - ok
12:08:48.0131 0x0c50  [ BAD9C0366134BA181514E9263C8CE606, 7976B2D3DC283ACDBC21C7D197C0E2A650E6555F6569283302766B17D736BDB8 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:08:48.0134 0x0c50  mountmgr - ok
12:08:48.0211 0x0c50  [ EB4B5C8AB9DA5585CCC975CD3D072115, BEED5B7478F92C9FB1BBB62FFCEB5321A5C12A7C1AA9B20151BF22064589CD46 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:08:48.0216 0x0c50  MozillaMaintenance - ok
12:08:48.0270 0x0c50  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:08:48.0274 0x0c50  mpio - ok
12:08:48.0296 0x0c50  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:08:48.0298 0x0c50  mpsdrv - ok
12:08:48.0356 0x0c50  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:08:48.0375 0x0c50  MpsSvc - ok
12:08:48.0402 0x0c50  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:08:48.0405 0x0c50  MRxDAV - ok
12:08:48.0465 0x0c50  [ 1D5CC65FECC628397CB72F87DD6A78F3, D011572DA403281DEB211870FA52B3886D2019302079F46E3B52A0A2EC4688E0 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:08:48.0469 0x0c50  mrxsmb - ok
12:08:48.0491 0x0c50  [ D405E63A7FEED75B40ACE03E57B44AB5, 99C109BF745D60B2A1032D4D8C74790B26FD546C200061AEFEF7DBCAD20086E8 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:08:48.0497 0x0c50  mrxsmb10 - ok
12:08:48.0513 0x0c50  [ E688B7D9B5422F23102E1920E19473E9, 762B242B94153C813129F806A4E92BB33DE11C27CA52241D9317FC4B483639BA ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:08:48.0516 0x0c50  mrxsmb20 - ok
12:08:48.0527 0x0c50  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:08:48.0528 0x0c50  msahci - ok
12:08:48.0567 0x0c50  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:08:48.0571 0x0c50  msdsm - ok
12:08:48.0591 0x0c50  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
12:08:48.0596 0x0c50  MSDTC - ok
12:08:48.0623 0x0c50  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:08:48.0625 0x0c50  Msfs - ok
12:08:48.0643 0x0c50  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:08:48.0644 0x0c50  mshidkmdf - ok
12:08:48.0680 0x0c50  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:08:48.0681 0x0c50  msisadrv - ok
12:08:48.0738 0x0c50  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:08:48.0742 0x0c50  MSiSCSI - ok
12:08:48.0746 0x0c50  msiserver - ok
12:08:48.0783 0x0c50  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:08:48.0784 0x0c50  MSKSSRV - ok
12:08:48.0799 0x0c50  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:08:48.0800 0x0c50  MSPCLOCK - ok
12:08:48.0806 0x0c50  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:08:48.0807 0x0c50  MSPQM - ok
12:08:48.0847 0x0c50  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:08:48.0852 0x0c50  MsRPC - ok
12:08:48.0883 0x0c50  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:08:48.0885 0x0c50  mssmbios - ok
12:08:48.0909 0x0c50  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:08:48.0910 0x0c50  MSTEE - ok
12:08:48.0925 0x0c50  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:08:48.0926 0x0c50  MTConfig - ok
12:08:48.0937 0x0c50  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:08:48.0939 0x0c50  Mup - ok
12:08:48.0986 0x0c50  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
12:08:48.0997 0x0c50  napagent - ok
12:08:49.0051 0x0c50  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:08:49.0059 0x0c50  NativeWifiP - ok
12:08:49.0122 0x0c50  [ 9804FB2E46077F2977552347DFCA7E05, A34B703462C6998AB2B3EA6389F4B89616CDC257D44C400C92663E6FB4A8F196 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:08:49.0141 0x0c50  NDIS - ok
12:08:49.0159 0x0c50  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:08:49.0160 0x0c50  NdisCap - ok
12:08:49.0190 0x0c50  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:08:49.0191 0x0c50  NdisTapi - ok
12:08:49.0223 0x0c50  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:08:49.0225 0x0c50  Ndisuio - ok
12:08:49.0242 0x0c50  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:08:49.0245 0x0c50  NdisWan - ok
12:08:49.0265 0x0c50  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:08:49.0267 0x0c50  NDProxy - ok
12:08:49.0309 0x0c50  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:08:49.0310 0x0c50  NetBIOS - ok
12:08:49.0327 0x0c50  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:08:49.0333 0x0c50  NetBT - ok
12:08:49.0341 0x0c50  [ 4C8FF1947E9740EA266CEA330496899D, D1B90D880E19982D9AD85753F5E622FEDB097DEF912450646B27C49AEC72E0C7 ] Netlogon        C:\Windows\system32\lsass.exe
12:08:49.0343 0x0c50  Netlogon - ok
12:08:49.0394 0x0c50  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
12:08:49.0404 0x0c50  Netman - ok
12:08:49.0457 0x0c50  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:08:49.0497 0x0c50  NetMsmqActivator - ok
12:08:49.0505 0x0c50  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:08:49.0509 0x0c50  NetPipeActivator - ok
12:08:49.0530 0x0c50  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
12:08:49.0542 0x0c50  netprofm - ok
12:08:49.0579 0x0c50  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:08:49.0584 0x0c50  NetTcpActivator - ok
12:08:49.0591 0x0c50  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:08:49.0595 0x0c50  NetTcpPortSharing - ok
12:08:49.0643 0x0c50  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:08:49.0645 0x0c50  nfrd960 - ok
12:08:49.0709 0x0c50  [ E448700669FC4A15235E710B937FF6F8, 63CE29D4CF8BD8FA32B709196AECAE45AA83D8109A2BF3E4F02C0A7E2641D27D ] ngvss           C:\Windows\system32\drivers\ngvss.sys
12:08:49.0713 0x0c50  ngvss - ok
12:08:49.0769 0x0c50  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:08:49.0778 0x0c50  NlaSvc - ok
12:08:49.0791 0x0c50  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:08:49.0792 0x0c50  Npfs - ok
12:08:49.0832 0x0c50  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
12:08:49.0834 0x0c50  nsi - ok
12:08:49.0862 0x0c50  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:08:49.0863 0x0c50  nsiproxy - ok
12:08:49.0947 0x0c50  [ 5E43D2B0EE64123D4880DFA6626DEFDE, 164413A22DE58B19EA2B4120034B46D6BE1F424B80C3421E10BE5C81153D049F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:08:49.0979 0x0c50  Ntfs - ok
12:08:49.0989 0x0c50  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
12:08:49.0990 0x0c50  Null - ok
12:08:50.0008 0x0c50  [ AF2EEC9580C1D32FB7EAF105D9784061, 6DAAE3BCA048ACD7FFD26A65C793C461933179070F03855FE3DC3C01F968163A ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:08:50.0012 0x0c50  nvraid - ok
12:08:50.0045 0x0c50  [ 9283C58EBAA2618F93482EB5DABCEC82, 0BC119D4EAFDEA879E4C1CFBA5402499DBD1970EDF963C6D2034D4867C34D15E ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:08:50.0049 0x0c50  nvstor - ok
12:08:50.0064 0x0c50  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:08:50.0067 0x0c50  nv_agp - ok
12:08:50.0144 0x0c50  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:08:50.0159 0x0c50  odserv - ok
12:08:50.0168 0x0c50  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:08:50.0170 0x0c50  ohci1394 - ok
12:08:50.0216 0x0c50  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:08:50.0221 0x0c50  ose - ok
12:08:50.0273 0x0c50  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:08:50.0283 0x0c50  p2pimsvc - ok
12:08:50.0316 0x0c50  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:08:50.0328 0x0c50  p2psvc - ok
12:08:50.0355 0x0c50  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
12:08:50.0357 0x0c50  Parport - ok
12:08:50.0390 0x0c50  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:08:50.0392 0x0c50  partmgr - ok
12:08:50.0408 0x0c50  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
12:08:50.0409 0x0c50  Parvdm - ok
12:08:50.0482 0x0c50  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
12:08:50.0487 0x0c50  pci - ok
12:08:50.0524 0x0c50  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:08:50.0525 0x0c50  pciide - ok
12:08:50.0559 0x0c88  Object required for P2P: [ C35B91B6777E7C6DB67B8583D2AA66A7 ] c2cpnrsvc
12:08:50.0570 0x0c50  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:08:50.0575 0x0c50  pcmcia - ok
12:08:50.0597 0x0c50  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:08:50.0599 0x0c50  pcw - ok
12:08:50.0661 0x0c50  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:08:50.0677 0x0c50  PEAUTH - ok
12:08:50.0751 0x0c50  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:08:50.0783 0x0c50  PeerDistSvc - ok
12:08:50.0877 0x0c50  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
12:08:50.0925 0x0c50  pla - ok
12:08:50.0985 0x0c50  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:08:50.0996 0x0c50  PlugPlay - ok
12:08:51.0006 0x0c50  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:08:51.0009 0x0c50  PNRPAutoReg - ok
12:08:51.0029 0x0c50  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:08:51.0037 0x0c50  PNRPsvc - ok
12:08:51.0094 0x0c50  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
12:08:51.0100 0x0c50  Power - ok
12:08:51.0159 0x0c50  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:08:51.0161 0x0c50  PptpMiniport - ok
12:08:51.0184 0x0c50  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
12:08:51.0186 0x0c50  Processor - ok
12:08:51.0227 0x0c50  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:08:51.0234 0x0c50  ProfSvc - ok
12:08:51.0263 0x0c50  [ 4C8FF1947E9740EA266CEA330496899D, D1B90D880E19982D9AD85753F5E622FEDB097DEF912450646B27C49AEC72E0C7 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:08:51.0265 0x0c50  ProtectedStorage - ok
12:08:51.0293 0x0c50  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:08:51.0296 0x0c50  Psched - ok
12:08:51.0398 0x0c50  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:08:51.0434 0x0c50  ql2300 - ok
12:08:51.0452 0x0c50  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:08:51.0456 0x0c50  ql40xx - ok
12:08:51.0483 0x0c50  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
12:08:51.0491 0x0c50  QWAVE - ok
12:08:51.0536 0x0c50  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:08:51.0538 0x0c50  QWAVEdrv - ok
12:08:51.0575 0x0c50  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:08:51.0576 0x0c50  RasAcd - ok
12:08:51.0607 0x0c50  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:08:51.0609 0x0c50  RasAgileVpn - ok
12:08:51.0655 0x0c50  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
12:08:51.0659 0x0c50  RasAuto - ok
12:08:51.0713 0x0c50  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:08:51.0716 0x0c50  Rasl2tp - ok
12:08:51.0767 0x0c50  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
12:08:51.0778 0x0c50  RasMan - ok
12:08:51.0787 0x0c50  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:08:51.0790 0x0c50  RasPppoe - ok
12:08:51.0846 0x0c50  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:08:51.0848 0x0c50  RasSstp - ok
12:08:51.0863 0x0c50  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:08:51.0870 0x0c50  rdbss - ok
12:08:51.0895 0x0c50  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:08:51.0897 0x0c50  rdpbus - ok
12:08:51.0904 0x0c50  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:08:51.0905 0x0c50  RDPCDD - ok
12:08:51.0974 0x0c50  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:08:51.0978 0x0c50  RDPDR - ok
12:08:52.0023 0x0c50  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:08:52.0023 0x0c50  RDPENCDD - ok
12:08:52.0050 0x0c50  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:08:52.0050 0x0c50  RDPREFMP - ok
12:08:52.0103 0x0c50  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:08:52.0108 0x0c50  RDPWD - ok
12:08:52.0139 0x0c50  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:08:52.0144 0x0c50  rdyboost - ok
12:08:52.0171 0x0c50  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:08:52.0176 0x0c50  RemoteRegistry - ok
12:08:52.0225 0x0c50  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:08:52.0229 0x0c50  RFCOMM - ok
12:08:52.0260 0x0c50  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:08:52.0264 0x0c50  RpcEptMapper - ok
12:08:52.0298 0x0c50  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
12:08:52.0300 0x0c50  RpcLocator - ok
12:08:52.0335 0x0c50  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
12:08:52.0347 0x0c50  RpcSs - ok
12:08:52.0402 0x0c50  [ 26951FBEB3EAB7943CA689E20A2189B4, 8BCCE7A10546D0BDAE5CDB386F6CCA6E4F6DDDA6F9C7365A40B780AF8A31F81F ] RSP2STOR        C:\Windows\system32\DRIVERS\RtsP2Stor.sys
12:08:52.0408 0x0c50  RSP2STOR - ok
12:08:52.0442 0x0c50  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:08:52.0445 0x0c50  rspndr - ok
12:08:52.0536 0x0c50  [ 568C33723F09B341A11800D5EEA02038, F61CAAD43493EEC67ABFB31FED465BD0AE3935915751FC8D76955CD39B814AF6 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
12:08:52.0551 0x0c50  RTL8167 - ok
12:08:52.0605 0x0c50  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:08:52.0606 0x0c50  s3cap - ok
12:08:52.0618 0x0c50  [ 4C8FF1947E9740EA266CEA330496899D, D1B90D880E19982D9AD85753F5E622FEDB097DEF912450646B27C49AEC72E0C7 ] SamSs           C:\Windows\system32\lsass.exe
12:08:52.0620 0x0c50  SamSs - ok
12:08:52.0671 0x0c50  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:08:52.0674 0x0c50  sbp2port - ok
12:08:52.0705 0x0c50  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:08:52.0711 0x0c50  SCardSvr - ok
12:08:52.0722 0x0c50  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:08:52.0723 0x0c50  scfilter - ok
12:08:52.0779 0x0c50  [ 9060B8D5BCD5F2B019249F85E3D811F3, 7FB32AB7FE118462988321B9230074DAA960B587417EB463187539C3215445AE ] Schedule        C:\Windows\system32\schedsvc.dll
12:08:52.0804 0x0c50  Schedule - ok
12:08:52.0836 0x0c50  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:08:52.0838 0x0c50  SCPolicySvc - ok
12:08:52.0845 0x0c50  scwamimy - ok
12:08:52.0888 0x0c50  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:08:52.0893 0x0c50  SDRSVC - ok
12:08:52.0931 0x0c50  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:08:52.0932 0x0c50  secdrv - ok
12:08:52.0941 0x0c50  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
12:08:52.0944 0x0c50  seclogon - ok
12:08:52.0968 0x0c50  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
12:08:52.0971 0x0c50  SENS - ok
12:08:53.0028 0x0c50  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:08:53.0030 0x0c50  SensrSvc - ok
12:08:53.0043 0x0c50  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:08:53.0044 0x0c50  Serenum - ok
12:08:53.0085 0x0c50  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
12:08:53.0088 0x0c50  Serial - ok
12:08:53.0102 0x0c50  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:08:53.0103 0x0c50  sermouse - ok
12:08:53.0145 0x0c50  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:08:53.0150 0x0c50  SessionEnv - ok
12:08:53.0163 0x0c50  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:08:53.0164 0x0c50  sffdisk - ok
12:08:53.0216 0x0c50  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:08:53.0217 0x0c50  sffp_mmc - ok
12:08:53.0226 0x0c50  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:08:53.0227 0x0c50  sffp_sd - ok
12:08:53.0246 0x0c50  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:08:53.0247 0x0c50  sfloppy - ok
12:08:53.0318 0x0c50  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:08:53.0328 0x0c50  SharedAccess - ok
12:08:53.0382 0x0c50  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:08:53.0394 0x0c50  ShellHWDetection - ok
12:08:53.0440 0x0c50  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:08:53.0441 0x0c50  sisagp - ok
12:08:53.0470 0x0c50  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:08:53.0471 0x0c50  SiSRaid2 - ok
12:08:53.0488 0x0c50  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:08:53.0490 0x0c50  SiSRaid4 - ok
12:08:53.0583 0x0c50  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
12:08:53.0594 0x0c50  SkypeUpdate - ok
12:08:53.0613 0x0c50  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:08:53.0615 0x0c50  Smb - ok
12:08:53.0643 0x0c50  [ E3C6C41C8882325E80FE7AF1944E3C16, D81665A0DF6669234185388F929173EC0549C2F14BED223F82396F7F03E6888B ] SmbDrv          C:\Windows\system32\DRIVERS\Smb_driver.sys
12:08:53.0644 0x0c50  SmbDrv - ok
12:08:53.0696 0x0c50  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:08:53.0699 0x0c50  SNMPTRAP - ok
12:08:53.0751 0x0c50  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:08:53.0752 0x0c50  spldr - ok
12:08:53.0797 0x0c50  [ 866A43013535DC8587C258E43579C764, B2BE846B5167A2ECD1E30C69A81385FCC6EAE6033394D08458A5583D311C4D82 ] Spooler         C:\Windows\System32\spoolsv.exe
12:08:53.0808 0x0c50  Spooler - ok
12:08:53.0940 0x0c50  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
12:08:54.0063 0x0c50  sppsvc - ok
12:08:54.0085 0x0c50  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:08:54.0089 0x0c50  sppuinotify - ok
12:08:54.0154 0x0c50  [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd            C:\Windows\system32\Drivers\sptd.sys
12:08:54.0172 0x0c50  sptd - ok
12:08:54.0207 0x0c50  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:08:54.0216 0x0c50  srv - ok
12:08:54.0275 0x0c50  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:08:54.0283 0x0c50  srv2 - ok
12:08:54.0329 0x0c50  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:08:54.0333 0x0c50  srvnet - ok
12:08:54.0365 0x0c50  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:08:54.0372 0x0c50  SSDPSRV - ok
12:08:54.0397 0x0c50  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:08:54.0401 0x0c50  SstpSvc - ok
12:08:54.0484 0x0c50  [ C04A273FDC50FBC6FF07EFBD62BDF93E, F20E55489CBD239D2A4E04154FB116429DD0C25651481B45201D7BDAFA26B7F4 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:08:54.0489 0x0c50  ssudmdm - ok
12:08:54.0532 0x0c50  [ E0B86430E0B26C10B355B9E590FD25E0, ACCAF68AB6F905DC474D49E3664D2BEC82B489813F1355E7B4E48C47051DF278 ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
12:08:54.0537 0x0c50  ssudserd - ok
12:08:54.0628 0x0c50  [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
12:08:54.0652 0x0c50  ss_conn_service - ok
12:08:54.0684 0x0c50  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:08:54.0685 0x0c50  stexstor - ok
12:08:54.0733 0x0c50  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
12:08:54.0749 0x0c50  StiSvc - ok
12:08:54.0782 0x0c50  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:08:54.0784 0x0c50  storflt - ok
12:08:54.0809 0x0c50  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
12:08:54.0812 0x0c50  StorSvc - ok
12:08:54.0848 0x0c50  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:08:54.0849 0x0c50  storvsc - ok
12:08:54.0906 0x0c50  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:08:54.0907 0x0c50  swenum - ok
12:08:54.0954 0x0c50  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
12:08:54.0965 0x0c50  swprv - ok
12:08:55.0019 0x0c50  [ 3B89A6A7F5F1D6983D1620C11A429871, A3DDC6493E03B3FBBE157DB7B9471137821E10A17614524F741E54937042992B ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:08:55.0028 0x0c50  SynTP - ok
12:08:55.0120 0x0c50  [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain         C:\Windows\system32\sysmain.dll
12:08:55.0158 0x0c50  SysMain - ok
12:08:55.0189 0x0c50  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
12:08:55.0193 0x0c50  TabletInputService - ok
12:08:55.0216 0x0c50  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:08:55.0225 0x0c50  TapiSrv - ok
12:08:55.0234 0x0c50  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
12:08:55.0239 0x0c50  TBS - ok
12:08:55.0334 0x0c50  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:08:55.0368 0x0c50  Tcpip - ok
12:08:55.0414 0x0c50  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:08:55.0449 0x0c50  TCPIP6 - ok
12:08:55.0488 0x0c50  [ CCA24162E055C3714CE5A88B100C64ED, 9B7712E793B9478BA7A1EF71EA9CC03CCB9C4004C54EAA911F158958519EDCD9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:08:55.0490 0x0c50  tcpipreg - ok
12:08:55.0513 0x0c50  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:08:55.0514 0x0c50  TDPIPE - ok
12:08:55.0554 0x0c50  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:08:55.0555 0x0c50  TDTCP - ok
12:08:55.0591 0x0c50  [ BB8817D0508DD5EA69C770C8DEF5AB67, C55671524EEF6E16BBCC92556E83FD1D6457E707EA9330FC1CDD28FB11D99B77 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:08:55.0593 0x0c50  tdx - ok
12:08:55.0631 0x0c50  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:08:55.0633 0x0c50  TermDD - ok
12:08:55.0692 0x0c50  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
12:08:55.0710 0x0c50  TermService - ok
12:08:55.0737 0x0c50  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
12:08:55.0740 0x0c50  Themes - ok
12:08:55.0757 0x0c50  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:08:55.0759 0x0c50  THREADORDER - ok
12:08:55.0771 0x0c50  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
12:08:55.0775 0x0c50  TrkWks - ok
12:08:55.0862 0x0c50  [ 0C997B061E3C66BD9E927C1288EB1CC7, 3807E9A1BC159B9E8FC0C7CAAD10D7213FF8ED8AD1CEA9EA552B093C81BF624B ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
12:08:55.0863 0x0c50  TrueSight - ok
12:08:55.0930 0x0c50  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:08:55.0938 0x0c50  TrustedInstaller - ok
12:08:55.0974 0x0c50  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:08:55.0976 0x0c50  tssecsrv - ok
12:08:55.0999 0x0c50  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:08:56.0001 0x0c50  TsUsbFlt - ok
12:08:56.0031 0x0c50  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:08:56.0033 0x0c50  TsUsbGD - ok
12:08:56.0082 0x0c50  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:08:56.0086 0x0c50  tunnel - ok
12:08:56.0117 0x0c50  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:08:56.0119 0x0c50  uagp35 - ok
12:08:56.0145 0x0c50  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:08:56.0152 0x0c50  udfs - ok
12:08:56.0209 0x0c50  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:08:56.0212 0x0c50  UI0Detect - ok
12:08:56.0240 0x0c50  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:08:56.0242 0x0c50  uliagpkx - ok
12:08:56.0304 0x0c50  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:08:56.0305 0x0c50  umbus - ok
12:08:56.0334 0x0c50  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:08:56.0335 0x0c50  UmPass - ok
12:08:56.0375 0x0c50  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:08:56.0382 0x0c50  UmRdpService - ok
12:08:56.0454 0x0c50  [ BD93D1A0E0A7A96BEA4585F17C9B3307, 6F895E70E5E560B4B8189A8F7EDDF59EA1D237C3D69AF7C9E55CFBD76F334827 ] Update service  C:\Program Files\Popcorn Time\Updater.exe
12:08:56.0465 0x0c50  Update service - ok
12:08:56.0505 0x0c50  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
12:08:56.0515 0x0c50  upnphost - ok
12:08:56.0564 0x0c50  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:08:56.0567 0x0c50  usbaudio - ok
12:08:56.0587 0x0c50  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:08:56.0590 0x0c50  usbccgp - ok
12:08:56.0611 0x0c50  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:08:56.0614 0x0c50  usbcir - ok
12:08:56.0640 0x0c50  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:08:56.0642 0x0c50  usbehci - ok
12:08:56.0686 0x0c50  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:08:56.0693 0x0c50  usbhub - ok
12:08:56.0706 0x0c50  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:08:56.0707 0x0c50  usbohci - ok
12:08:56.0765 0x0c50  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:08:56.0766 0x0c50  usbprint - ok
12:08:56.0826 0x0c50  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:08:56.0828 0x0c50  usbscan - ok
12:08:56.0840 0x0c50  [ BF63EBFC6979FEFB2BC03DF7989A0C1A, AFEF764A3E5D52CDBB5074F0E87F2B5EBCDF8D9B6E8F88EE235602B80145BE31 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:08:56.0843 0x0c50  USBSTOR - ok
12:08:56.0893 0x0c50  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:08:56.0895 0x0c50  usbuhci - ok
12:08:56.0919 0x0c50  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:08:56.0924 0x0c50  usbvideo - ok
12:08:56.0972 0x0c50  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
12:08:56.0975 0x0c50  UxSms - ok
12:08:56.0986 0x0c50  [ 4C8FF1947E9740EA266CEA330496899D, D1B90D880E19982D9AD85753F5E622FEDB097DEF912450646B27C49AEC72E0C7 ] VaultSvc        C:\Windows\system32\lsass.exe
12:08:56.0988 0x0c50  VaultSvc - ok
12:08:57.0107 0x0c78  Object send P2P result: true
12:08:57.0107 0x0c78  Object required for P2P: [ F9F63E0EE8A9174D35E2B57716E57813 ] AvastVBoxSvc
12:08:57.0144 0x0c50  [ 2BF16C4665B3F2A20F0853553FDBFC95, 74E575E5349DF908142DB97025AA70179A3770A68B8C5F49EC987F67F77301C0 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
12:08:57.0153 0x0c50  VBoxAswDrv - ok
12:08:57.0179 0x0c50  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:08:57.0181 0x0c50  vdrvroot - ok
12:08:57.0226 0x0c50  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
12:08:57.0243 0x0c50  vds - ok
12:08:57.0311 0x0c50  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:08:57.0312 0x0c50  vga - ok
12:08:57.0354 0x0c50  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:08:57.0355 0x0c50  VgaSave - ok
12:08:57.0388 0x0c50  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:08:57.0393 0x0c50  vhdmp - ok
12:08:57.0430 0x0c50  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:08:57.0432 0x0c50  viaagp - ok
12:08:57.0437 0x0c50  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
12:08:57.0439 0x0c50  ViaC7 - ok
12:08:57.0491 0x0c50  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:08:57.0492 0x0c50  viaide - ok
12:08:57.0528 0x0c50  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:08:57.0534 0x0c50  vmbus - ok
12:08:57.0545 0x0c50  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:08:57.0546 0x0c50  VMBusHID - ok
12:08:57.0556 0x0c50  vmci - ok
12:08:57.0599 0x0c50  VMnetAdapter - ok
12:08:57.0640 0x0c50  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:08:57.0642 0x0c50  volmgr - ok
12:08:57.0671 0x0c50  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:08:57.0679 0x0c50  volmgrx - ok
12:08:57.0699 0x0c50  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:08:57.0705 0x0c50  volsnap - ok
12:08:57.0745 0x0c50  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:08:57.0749 0x0c50  vsmraid - ok
12:08:57.0817 0x0c50  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
12:08:57.0851 0x0c50  VSS - ok
12:08:57.0869 0x0c50  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:08:57.0870 0x0c50  vwifibus - ok
12:08:57.0902 0x0c50  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:08:57.0904 0x0c50  vwififlt - ok
12:08:57.0935 0x0c50  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:08:57.0936 0x0c50  vwifimp - ok
12:08:57.0960 0x0c50  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
12:08:57.0971 0x0c50  W32Time - ok
12:08:58.0007 0x0c50  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:08:58.0009 0x0c50  WacomPen - ok
12:08:58.0049 0x0c50  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:08:58.0051 0x0c50  WANARP - ok
12:08:58.0056 0x0c50  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:08:58.0058 0x0c50  Wanarpv6 - ok
12:08:58.0147 0x0c50  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:08:58.0190 0x0c50  WatAdminSvc - ok
12:08:58.0264 0x0c50  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
12:08:58.0303 0x0c50  wbengine - ok
12:08:58.0318 0x0c50  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:08:58.0325 0x0c50  WbioSrvc - ok
12:08:58.0362 0x0c50  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:08:58.0373 0x0c50  wcncsvc - ok
12:08:58.0389 0x0c50  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:08:58.0393 0x0c50  WcsPlugInService - ok
12:08:58.0430 0x0c50  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
12:08:58.0432 0x0c50  Wd - ok
12:08:58.0477 0x0c50  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:08:58.0492 0x0c50  Wdf01000 - ok
12:08:58.0514 0x0c50  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:08:58.0518 0x0c50  WdiServiceHost - ok
12:08:58.0524 0x0c50  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:08:58.0528 0x0c50  WdiSystemHost - ok
12:08:58.0571 0x0c50  [ 55C70654420DBF429604FD567E6F3CD3, 22191B049BCA76EF13AEDF8078E452E6B35E998A75AD63F14C542B541EA9F67D ] WebClient       C:\Windows\System32\webclnt.dll
12:08:58.0579 0x0c50  WebClient - ok
12:08:58.0612 0x0c50  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:08:58.0618 0x0c50  Wecsvc - ok
12:08:58.0641 0x0c50  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:08:58.0645 0x0c50  wercplsupport - ok
12:08:58.0678 0x0c50  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
12:08:58.0682 0x0c50  WerSvc - ok
12:08:58.0723 0x0c50  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:08:58.0724 0x0c50  WfpLwf - ok
12:08:58.0741 0x0c50  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:08:58.0742 0x0c50  WIMMount - ok
12:08:58.0848 0x0c50  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:08:58.0870 0x0c50  WinDefend - ok
12:08:58.0878 0x0c50  WinHttpAutoProxySvc - ok
12:08:58.0945 0x0c50  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:08:58.0951 0x0c50  Winmgmt - ok
12:08:59.0020 0x0c50  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:08:59.0058 0x0c50  WinRM - ok
12:08:59.0148 0x0c50  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:08:59.0149 0x0c50  WinUsb - ok
12:08:59.0207 0x0c50  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:08:59.0236 0x0c50  Wlansvc - ok
12:08:59.0278 0x0c50  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:08:59.0279 0x0c50  WmiAcpi - ok
12:08:59.0315 0x0c50  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:08:59.0320 0x0c50  wmiApSrv - ok
12:08:59.0420 0x0c50  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:08:59.0455 0x0c50  WMPNetworkSvc - ok
12:08:59.0494 0x0c50  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:08:59.0497 0x0c50  WPCSvc - ok
12:08:59.0527 0x0c50  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:08:59.0532 0x0c50  WPDBusEnum - ok
12:08:59.0564 0x0c50  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:08:59.0565 0x0c50  ws2ifsl - ok
12:08:59.0596 0x0c50  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
12:08:59.0600 0x0c50  wscsvc - ok
12:08:59.0614 0x0c50  WsDrvInst - ok
12:08:59.0619 0x0c50  WSearch - ok
12:08:59.0734 0x0c50  [ 8F145DC71B87BB4D6829FF6ECC9FB8CE, 7841671FAF9EEF326B6A5F2E63C65DB2F54D15357527EBAD2ADDA1BB1FE0479E ] wuauserv        C:\Windows\system32\wuaueng.dll
12:08:59.0800 0x0c50  wuauserv - ok
12:08:59.0843 0x0c50  [ E714A1C0354636837E20CCBF00888EE7, 0E31F0DB0AA318E3B0DACD26C0D3B11519B42F2A996AE580BE67FA8B3C42C436 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:08:59.0846 0x0c50  WudfPf - ok
12:08:59.0871 0x0c50  [ 1023EE888C9B47178C5293ED5336AB69, 62221C80C3F719A585266247482A64F7CB2F5EF69AFA8FA07D563CA2B0A37561 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:08:59.0875 0x0c50  WUDFRd - ok
12:08:59.0913 0x0c50  [ 8D1E1E529A2C9E9B6A85B55A345F7629, 64B637CFE2AF58A4F7CE6D8C3D603F8EFD527500F7137E0A37840313C712CA93 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:08:59.0917 0x0c50  wudfsvc - ok
12:08:59.0935 0x0c50  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:08:59.0942 0x0c50  WwanSvc - ok
12:09:00.0008 0x0c50  [ A5B25E310678175F4779499FFF7D0994, 0CD1886016354AE95EB626CDFC276BA049B3106723E0EC64F39BAE1D1B4A1121 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
12:09:00.0013 0x0c50  ZAtheros Bt&Wlan Coex Agent - ok
12:09:00.0025 0x0c50  ZTEusbmdm6k - ok
12:09:00.0030 0x0c50  ZTEusbnmea - ok
12:09:00.0035 0x0c50  ZTEusbser6k - ok
12:09:00.0055 0x0c50  ================ Scan global ===============================
12:09:00.0084 0x0c50  [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\Windows\system32\basesrv.dll
12:09:00.0116 0x0c88  Object send P2P result: true
12:09:00.0123 0x0c50  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
12:09:00.0138 0x0c50  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
12:09:00.0179 0x0c50  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
12:09:00.0211 0x0c50  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
12:09:00.0219 0x0c50  [ Global ] - ok
12:09:00.0220 0x0c50  ================ Scan MBR ==================================
12:09:00.0225 0x0c50  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:09:00.0548 0x0c50  \Device\Harddisk0\DR0 - ok
12:09:00.0548 0x0c50  ================ Scan VBR ==================================
12:09:00.0556 0x0c50  [ 82B48A004A819E918BDA505B811E066F ] \Device\Harddisk0\DR0\Partition1
12:09:00.0558 0x0c50  \Device\Harddisk0\DR0\Partition1 - ok
12:09:00.0566 0x0c50  [ CD3ACC00C62B4376A6761BAAFB680987 ] \Device\Harddisk0\DR0\Partition2
12:09:00.0568 0x0c50  \Device\Harddisk0\DR0\Partition2 - ok
12:09:00.0587 0x0c50  [ 0D231CD9385205A417AC46C0C475E8D4 ] \Device\Harddisk0\DR0\Partition3
12:09:00.0588 0x0c50  \Device\Harddisk0\DR0\Partition3 - ok
12:09:00.0593 0x0c50  ================ Scan generic autorun ======================
12:09:00.0692 0x0c50  [ 766AE515B1749F2141E418CC6C08515B, 02DDB5A7DB8278AA47A951604818E73DB69155DBF1ECD06B6E11926204EADAE7 ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
12:09:00.0702 0x0c50  IAStorIcon - ok
12:09:00.0820 0x0c50  [ D21D0FFF8D2BAE2822F860BCDECED294, C667961A46DFBAC53C5D242A1F594E9AAC2EA2293F9657FA1300433C8E31CAF5 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
12:09:00.0941 0x0c50  SynTPEnh - ok
12:09:01.0004 0x0c50  [ 31956233E6CA71C3225D513ADAEFFD62, E23CD13E2B908146D7D342710F7DBED7B4FEF8A145BE334DADD4E12D36B8E07C ] C:\Program Files\Bluetooth Suite\BtvStack.exe
12:09:01.0030 0x0c50  AtherosBtStack - ok
12:09:01.0093 0x0c50  [ E84D0199D94AA7689B59FC794DDA405F, B1BEA637BA52CE0403DE0C1F48CFF6930621966A584BF1708D08AD6A527BB046 ] C:\Program Files\Bluetooth Suite\AthBtTray.exe
12:09:01.0113 0x0c50  AthBtTray - ok
12:09:01.0195 0x0c50  [ 656DFDB81019B8A11EFB05D974701AFD, 1F7228F9EDAB7EDD531127F004C2BB0FABE2D43A609B8E5A94C3DEC5094B1839 ] C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
12:09:01.0206 0x0c50  BtTray - ok
12:09:01.0287 0x0c50  [ 38D198A2DD54A67120040566A38103BA, 01604BD91A5B2C0DDC7B52036511F8219952626716E75979D8464F2C56BA0114 ] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
12:09:01.0290 0x0c50  GrooveMonitor - ok
12:09:01.0323 0x0c50  [ 5ABD4A5397091DD4B85D80B2FC8AB759, C9A4E795C0214BB17C18B34C9323EE7D237BD759ABAFEE8792DACAC9BDC33675 ] C:\Windows\system32\igfxtray.exe
12:09:01.0329 0x0c50  IgfxTray - ok
12:09:01.0352 0x0c50  [ 5FA22B1D96C24A90CB8A912F1B7E728E, D4905450164F6BA2E67A08562DECFD03D56E3C7F56A9D33D0C1DF087342D2395 ] C:\Windows\system32\hkcmd.exe
12:09:01.0358 0x0c50  HotKeysCmds - ok
12:09:01.0374 0x0c50  [ 453345E0B1BECA4230799CC553B43DFD, 972BF1AD8F17A1A2DFAF73767A468B955B0399CAA574537174BC5B28A9C7EC3F ] C:\Windows\system32\igfxpers.exe
12:09:01.0381 0x0c50  Persistence - ok
12:09:01.0686 0x0c50  [ EED665FF8003D08E3A0F16E3EA216BF3, 3E4BEA3FDAFEDE0608682031A638CCE21B96EFDC05EC8AC7688C34AD947367A3 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
12:09:01.0867 0x0c50  AvastUI.exe - ok
12:09:02.0045 0x0c50  [ E1636F57581CAB5D995FD54D2991EF57, BB6B3D005054D386D596A4BA4D9D2F1284D7C845C1CD5EE63775B4569559E0EB ] C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
12:09:02.0092 0x0c50  AdobeCS5.5ServiceManager - ok
12:09:02.0206 0x0c50  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
12:09:02.0237 0x0c50  Sidebar - ok
12:09:02.0265 0x0c50  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
12:09:02.0268 0x0c50  mctadmin - ok
12:09:02.0328 0x0c50  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
12:09:02.0358 0x0c50  Sidebar - ok
12:09:02.0367 0x0c50  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
12:09:02.0371 0x0c50  mctadmin - ok
12:09:02.0947 0x0c50  [ 7E49CB7F9BB53542F2944A527BC4E24D, D86D7A7B5E808CE05D07BE9DC06FC4BFAAC208F785FB126BE49706D2AED39EE3 ] C:\Program Files\CCleaner\CCleaner.exe
12:09:03.0116 0x0c50  CCleaner Monitoring - ok
12:09:03.0127 0x0c50  Waiting for KSN requests completion. In queue: 341
12:09:04.0127 0x0c50  Waiting for KSN requests completion. In queue: 341
12:09:05.0127 0x0c50  Waiting for KSN requests completion. In queue: 341
12:09:06.0127 0x0c50  Waiting for KSN requests completion. In queue: 341
12:09:07.0094 0x0c78  Object send P2P result: true
12:09:07.0127 0x0c50  Waiting for KSN requests completion. In queue: 334
12:09:07.0746 0x0c9c  Object required for P2P: [ 9A5728733FC3B2BD46A82D39CC49B24E ] MaxthonUpdateSvc
12:09:08.0127 0x0c50  Waiting for KSN requests completion. In queue: 276
12:09:09.0127 0x0c50  Waiting for KSN requests completion. In queue: 276
12:09:10.0127 0x0c50  Waiting for KSN requests completion. In queue: 276
12:09:11.0127 0x0c50  Waiting for KSN requests completion. In queue: 276
12:09:11.0569 0x0cb4  Object required for P2P: [ EED665FF8003D08E3A0F16E3EA216BF3 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
12:09:12.0127 0x0c50  Waiting for KSN requests completion. In queue: 256
12:09:13.0128 0x0c50  Waiting for KSN requests completion. In queue: 256
12:09:14.0128 0x0c50  Waiting for KSN requests completion. In queue: 256
12:09:15.0128 0x0c50  Waiting for KSN requests completion. In queue: 256
12:09:16.0128 0x0c50  Waiting for KSN requests completion. In queue: 256
12:09:17.0101 0x0c9c  Object send P2P result: true
12:09:17.0128 0x0c50  Waiting for KSN requests completion. In queue: 7
12:09:18.0128 0x0c50  Waiting for KSN requests completion. In queue: 7
12:09:19.0128 0x0c50  Waiting for KSN requests completion. In queue: 7
12:09:20.0128 0x0c50  Waiting for KSN requests completion. In queue: 7
12:09:21.0117 0x0cb4  Object send P2P result: true
12:09:21.0117 0x0cb4  Object required for P2P: [ 7E49CB7F9BB53542F2944A527BC4E24D ] C:\Program Files\CCleaner\CCleaner.exe
12:09:21.0128 0x0c50  Waiting for KSN requests completion. In queue: 1
12:09:22.0128 0x0c50  Waiting for KSN requests completion. In queue: 1
12:09:23.0128 0x0c50  Waiting for KSN requests completion. In queue: 1
12:09:24.0128 0x0c50  Waiting for KSN requests completion. In queue: 1
12:09:25.0128 0x0c50  Waiting for KSN requests completion. In queue: 1
12:09:26.0128 0x0c50  Waiting for KSN requests completion. In queue: 1
12:09:27.0128 0x0c50  Waiting for KSN requests completion. In queue: 1
12:09:28.0128 0x0c50  Waiting for KSN requests completion. In queue: 1
12:09:29.0128 0x0c50  Waiting for KSN requests completion. In queue: 1
12:09:30.0129 0x0c50  Waiting for KSN requests completion. In queue: 1
12:09:31.0129 0x0c50  Waiting for KSN requests completion. In queue: 1
12:09:31.0252 0x0cb4  Object send P2P result: true
12:09:32.0245 0x0c50  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2253.1653 ), 0x41000 ( enabled : updated )
12:09:32.0257 0x0c50  FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2253.1653 ), 0x41010 ( enabled )
12:09:42.0218 0x0c50  ============================================================
12:09:42.0218 0x0c50  Scan finished
12:09:42.0218 0x0c50  ============================================================
12:09:42.0225 0x0c48  Detected object count: 0
12:09:42.0225 0x0c48  Actual detected object count: 0
12:11:13.0401 0x0bf4  Deinitialize success
 
 
here is fixlog
 
Fix result of Farbar Recovery Scan Tool (x86) Version:17-02-2016
Ran by PC (2016-02-20 13:15:57) Run:2
Running from C:\Users\PC\Downloads\Desktop
Loaded Profiles: PC (Available Profiles: PC)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CloseProcesses:
 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\...\MountPoints2: {0a24d1fc-30bd-11e3-91aa-6c3be5f63e9c} - G:\Autorun.exe
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\...\MountPoints2: {421bb9de-2306-11e3-8abf-20689dffc62f} - F:\setup.exe
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\...\MountPoints2: {4d54cd05-abf2-11e5-9995-6c3be5f63e9c} - F:\autorun.exe
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\...\MountPoints2: {ffe118cc-0feb-11e3-9bd2-2016d800397f} - E:\autorun.exe
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\...\MountPoints2: {ffe118de-0feb-11e3-9bd2-2016d800397f} - E:\autorun.exe
 
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
 
FF Extension: No Name - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\el64wpyj.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [not found]
 
U3 *56etadpug;  <==== ATTENTION (ZeroAccess)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-16] ()
 
C:\Program Files\Google\Desktop
C:\Windows\System32\drivers\TrueSight.sys
 
CustomCLSID: HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> no filepath
 
CMD: netsh winsock reset
 
EmptyTemp:
*****************
 
Processes closed successfully.
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a24d1fc-30bd-11e3-91aa-6c3be5f63e9c} => key not found. 
HKCR\CLSID\{0a24d1fc-30bd-11e3-91aa-6c3be5f63e9c} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{421bb9de-2306-11e3-8abf-20689dffc62f} => key not found. 
HKCR\CLSID\{421bb9de-2306-11e3-8abf-20689dffc62f} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d54cd05-abf2-11e5-9995-6c3be5f63e9c} => key not found. 
HKCR\CLSID\{4d54cd05-abf2-11e5-9995-6c3be5f63e9c} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffe118cc-0feb-11e3-9bd2-2016d800397f} => key not found. 
HKCR\CLSID\{ffe118cc-0feb-11e3-9bd2-2016d800397f} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffe118de-0feb-11e3-9bd2-2016d800397f} => key not found. 
HKCR\CLSID\{ffe118de-0feb-11e3-9bd2-2016d800397f} => key not found. 
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\el64wpyj.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} => not found.
*56etadpug => service not found.
TrueSight => service not found.
"C:\Program Files\Google\Desktop" => not found.
"C:\Windows\System32\drivers\TrueSight.sys" => not found.
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07} => key not found. 
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731} => key not found. 
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
EmptyTemp: => 38.4 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:16:06 ====


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 20 February 2016 - 04:01 PM

No worries Gile :) Security software (such as Antivirus) can often interfere with the tools and programs we asks you to run here. What we ask you to do in that case, is to temporarily disable your protection and run the tool until you get the log, then re-enable it. All the tools and programs recommended here are safe to use and malware-free, so you don't have to worry about disabling your security software when running them.

Now, let's run RogueKiller and grab a new pair of FRST logs to see if there's any ZeroAccess remnants left. Follow the instructions below please.

RQKuhw1.pngRogueKiller
  • Download RogueKiller x64 portable from the link below:
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • On opening, a first automatic scan will start, let it complete;
  • Once it's done, a prompt will appear asking you to accept the EULA of RogueKiller, click on Accept (your browser will open Adlice's RogueKiller website, you can close it);
  • Once you accepted the EULA, click on the Scan button. You can see the progression of the scan via the progress bars in the middle and on the right;
    vM3y3hL.png
  • After the scan is finished, click on the Report button on the right;
  • A notepad window will open, with the RogueKiller Scan report in it. Copy and paste it in your next reply;
iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of FRST.txt in your next reply, and attach Addition.txt to it;
Your next reply should include:
  • Copy/pasted content of the RogueKiller scan log;
  • Copy/pasted content of the FRST.txt log;
  • Copy/pasted content of the Addition.txt log;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Gile

Gile
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 20 February 2016 - 06:56 PM

Ok Aura, I downloaded 32 bit version of RogueKiller, this is log from it

 

RogueKiller V11.0.12.0 [Feb 15 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : PC [Administrator]
Started from : C:\Users\PC\Downloads\Desktop\RogueKiller.exe
Mode : Scan -- Date : 02/21/2016 00:24:47
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] eefa6596bccbd3ce82d77c161c2963f7
[BSP] a370292d650f989bb43dc616dc318fa5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 389974 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 798873600 | Size: 325327 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
THIS IS FROM FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-02-2016
Ran by PC (administrator) on PC-PC (21-02-2016 00:45:07)
Running from C:\Users\PC\Downloads\Desktop\Programi
Loaded Profiles: PC (Available Profiles: PC)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Maxthon\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(IVT Corporation) C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Atheros) C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
(IVT Corporation) C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AthBtTray.exe
(IVT Corporation) C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files\Maxthon\Bin\Maxthon.exe
(Sports Interactive) C:\Program Files\Football Manager 2014\fm.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2333968 2012-04-06] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files\Bluetooth Suite\BtvStack.exe [870560 2012-01-19] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files\Bluetooth Suite\AthBtTray.exe [695456 2012-01-19] (Atheros Commnucations)
HKLM\...\Run: [BtTray] => C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-20] (AVAST Software)
HKU\S-1-5-21-3134030973-3697508781-1474180787-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-02-20] (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{675E1A36-57BE-4C9A-B3E6-4EBB0C0E7B6D}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D5E1C1F4-9BD8-4D6D-AA0B-2CBBE891574C}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll [2012-01-19] (Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-20] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\el64wpyj.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
FF Extension: Skype - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-20]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (Google Search) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Avast SafePrice) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-20]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [85664 2012-01-19] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-20] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R3 BsHelpCS; C:\Program Files\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [99080 2012-09-19] (IVT Corporation)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation)
S3 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1045840 2015-12-12] (Flexera Software LLC.)
S3 MaxthonUpdateSvc; C:\Program Files\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [1872808 2015-11-30] (Maxthon)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
S3 Update service; C:\Program Files\Popcorn Time\Updater.exe [339968 2015-10-19] (Popcorn Time) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-01-19] (Atheros) [File not signed]
U3 *56etadpug;  <==== ATTENTION (ZeroAccess)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-02-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-02-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-02-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-02-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [812720 2016-02-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-02-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [127432 2016-02-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-02-20] (AVAST Software)
S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [35488 2012-01-19] (Atheros)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [2957312 2012-06-20] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [298144 2012-01-19] (Atheros)
S3 btath_avdt; C:\Windows\System32\drivers\btath_avdt.sys [97952 2012-01-19] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [25248 2012-01-19] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [147616 2012-01-19] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [60064 2012-01-19] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [263968 2012-01-19] (Atheros)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [20320 2012-06-15] (IVT Corporation)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [468640 2012-01-19] (Atheros)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [44616 2012-07-20] (Ralink Corporation)
S3 hwdatacard; C:\Windows\System32\DRIVERS\ZDDriver.sys [106496 2010-01-14] (ZD Secret Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [195176 2011-10-28] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [20240 2012-04-06] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2013-09-21] (Duplex Secure Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [31328 2012-06-15] (Ralink Corporation.)
S3 massfilter; system32\drivers\massfilter.sys [X]
S1 scwamimy; \??\C:\Windows\system32\drivers\scwamimy.sys [X]
U3 UI Assistant Service; no ImagePath
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-20 23:55 - 2016-02-20 23:56 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-02-20 13:11 - 2016-02-20 13:07 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-20 13:08 - 2016-02-20 13:08 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-02-20 13:08 - 2016-02-20 13:08 - 00000000 ____D C:\Users\PC\AppData\Roaming\AVAST Software
2016-02-20 13:08 - 2016-02-20 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-02-20 13:08 - 2016-02-20 13:07 - 00812720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-20 13:08 - 2016-02-20 13:07 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-02-20 13:08 - 2016-02-20 13:07 - 00127432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-02-20 13:08 - 2016-02-20 13:07 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-02-20 13:08 - 2016-02-20 13:07 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-20 13:08 - 2016-02-20 13:07 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-20 13:08 - 2016-02-20 13:07 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-20 13:07 - 2016-02-20 13:07 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-20 13:05 - 2016-02-20 13:05 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-20 12:32 - 2016-02-20 12:32 - 00090006 _____ C:\Windows\ntbtlog.txt
2016-02-20 11:54 - 2016-02-20 11:54 - 00000000 ____D C:\ProgramData\Sun
2016-02-17 01:31 - 2016-02-21 00:45 - 00000000 ____D C:\FRST
2016-02-16 12:40 - 2016-02-16 12:46 - 00000000 ____D C:\AdwCleaner
2016-02-16 12:07 - 2016-02-16 12:11 - 00225646 _____ C:\TDSSKiller.3.1.0.9_16.02.2016_12.07.25_log.txt
2016-02-16 11:34 - 2016-02-16 11:35 - 00000000 ____D C:\Program Files\CCleaner
2016-02-16 11:34 - 2016-02-16 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-02-16 11:15 - 2016-02-16 11:32 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-16 10:58 - 2016-02-16 10:58 - 00000000 ____D C:\Windows\pss
2016-02-08 23:07 - 2016-02-08 23:07 - 00294816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2016-02-05 10:39 - 2016-02-05 10:39 - 00001588 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS5.1.lnk
2016-02-05 10:38 - 2016-02-05 10:38 - 00001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
2016-02-05 10:38 - 2016-02-05 10:38 - 00000000 ____D C:\ProgramData\ALM
2016-02-05 10:37 - 2016-02-05 10:37 - 00001200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
2016-02-05 10:36 - 2016-02-05 10:36 - 00001473 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
2016-02-05 10:36 - 2016-02-05 10:36 - 00001301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
2016-02-05 10:35 - 2016-02-05 10:35 - 00000927 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-02-05 10:35 - 2016-02-05 10:35 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-02-05 10:35 - 2016-02-05 10:35 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-02-02 15:01 - 2015-12-30 19:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-02-02 15:01 - 2015-12-30 19:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-02 15:01 - 2015-12-30 19:47 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-02 15:01 - 2015-12-30 19:47 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-02 15:01 - 2015-12-30 19:44 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-02 15:01 - 2015-12-30 19:41 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-02 15:01 - 2015-12-30 19:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-02 15:01 - 2015-12-30 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-02 15:01 - 2015-12-30 19:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-02 15:01 - 2015-12-30 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-02 15:01 - 2015-12-30 19:40 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-02 15:01 - 2015-12-30 19:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-02 15:01 - 2015-12-30 19:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-02 15:01 - 2015-12-30 19:39 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-02 15:01 - 2015-12-30 19:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-02 15:01 - 2015-12-30 19:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-02 15:01 - 2015-12-30 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-02 15:01 - 2015-12-30 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-02 15:01 - 2015-12-30 19:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-02 15:01 - 2015-12-30 19:38 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-02 15:01 - 2015-12-30 19:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-02 15:01 - 2015-12-30 19:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-02 15:01 - 2015-12-30 19:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-02 15:01 - 2015-12-30 18:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-02 15:01 - 2015-12-30 18:38 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-02 15:01 - 2015-12-30 18:32 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-02 15:01 - 2015-12-30 18:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-02 15:01 - 2015-12-30 18:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-02 15:01 - 2015-12-30 18:30 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-02 15:01 - 2015-12-30 18:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-02 15:01 - 2015-12-30 18:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-02 15:01 - 2015-12-30 18:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 02956800 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-02 15:01 - 2015-11-20 19:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-02 15:01 - 2015-11-20 19:33 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-02-02 15:01 - 2015-11-20 19:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-02-02 15:01 - 2015-11-20 19:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-02-02 15:00 - 2015-12-08 22:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-02 15:00 - 2015-12-08 22:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-02-02 15:00 - 2015-12-08 22:53 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-02-02 15:00 - 2015-12-08 22:00 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-02 15:00 - 2015-11-11 19:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-02-02 15:00 - 2015-11-11 19:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-02-02 15:00 - 2015-11-10 19:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-02-02 15:00 - 2015-11-10 19:39 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-02-02 15:00 - 2015-11-10 19:39 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-02-02 15:00 - 2015-11-03 19:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-02-02 15:00 - 2015-11-03 19:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-02-02 15:00 - 2011-04-28 04:15 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-02-02 15:00 - 2011-04-28 04:15 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-02-02 14:59 - 2015-11-05 20:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-02-02 14:59 - 2015-11-05 10:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-02-02 14:58 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-02-02 14:58 - 2015-11-13 23:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-02-02 14:58 - 2015-11-13 23:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-02-02 14:57 - 2015-12-08 22:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-02-02 14:57 - 2015-12-08 22:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-02-02 14:57 - 2015-12-08 22:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-02-02 14:57 - 2015-12-08 22:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-02-02 14:57 - 2015-12-08 22:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-02-02 14:57 - 2015-12-08 22:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-02-02 14:57 - 2015-12-08 22:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-02-02 14:57 - 2015-12-08 22:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-02-02 14:57 - 2015-12-08 22:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-02-02 14:57 - 2015-12-08 22:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-02-02 14:57 - 2015-12-08 22:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-02-02 14:57 - 2015-12-08 22:11 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-02-02 14:57 - 2015-12-08 22:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-31 12:50 - 2016-01-31 12:52 - 00000000 ____D C:\Users\PC\Documents\Readon Player
2016-01-31 12:50 - 2016-01-31 12:50 - 00000000 ____D C:\Users\PC\AppData\Local\Readon_Technology
2016-01-25 15:50 - 2016-01-26 22:22 - 00000000 ____D C:\Users\PC\AppData\Roaming\VMware
2016-01-25 15:47 - 2016-01-25 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
2016-01-25 15:42 - 2016-01-26 22:24 - 00000000 ____D C:\ProgramData\VMware
2016-01-25 15:39 - 2016-01-25 15:50 - 00000000 ____D C:\Users\PC\Andy
2016-01-25 15:39 - 2016-01-25 15:39 - 00000000 ____D C:\Program Files\VMware
2016-01-25 15:37 - 2016-01-25 15:39 - 00000000 ____D C:\Program Files\AndyOfflineInstaller46.2
2016-01-25 15:35 - 2016-01-26 22:25 - 00000000 ____D C:\Users\PC\AppData\Roaming\Andy
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-20 22:49 - 2013-08-28 16:12 - 00000000 ____D C:\Users\PC\AppData\Local\CrashDumps
2016-02-20 13:17 - 2012-09-26 08:53 - 00000920 _____ C:\Windows\system32\bscs.ini
2016-02-20 13:17 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-20 13:04 - 2013-08-28 16:19 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-20 12:59 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-02-20 12:41 - 2013-08-28 14:28 - 00000000 ____D C:\Program Files\Google
2016-02-20 12:28 - 2015-08-29 08:49 - 00000000 ____D C:\Users\PC\AppData\Roaming\Maxthon3
2016-02-20 11:54 - 2013-12-02 12:56 - 00000000 ____D C:\Program Files\Java
2016-02-20 01:37 - 2013-08-28 14:29 - 00002118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 00:19 - 2013-08-28 14:29 - 00000000 ____D C:\Users\PC\AppData\Roaming\Winamp
2016-02-17 01:45 - 2009-07-14 05:34 - 00020848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-17 01:45 - 2009-07-14 05:34 - 00020848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-17 00:12 - 2016-01-08 13:49 - 00000000 ____D C:\Users\PC\Documents\Toon Boom Studio - Global Libraries 8.0
2016-02-16 17:44 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2016-02-16 12:57 - 2014-11-06 11:06 - 00000000 ____D C:\Program Files\SlimCleaner
2016-02-16 12:38 - 2015-12-16 23:41 - 00000000 ___HD C:\Program Files\InstallJammer Registry
2016-02-16 12:35 - 2013-11-02 13:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-16 12:35 - 2013-08-28 14:28 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-16 10:43 - 2009-07-14 05:53 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-16 10:35 - 2013-10-14 08:14 - 00007597 _____ C:\Users\PC\AppData\Local\Resmon.ResmonCfg
2016-02-16 10:31 - 2013-08-28 14:26 - 00000000 ____D C:\Windows\PCHEALTH
2016-02-16 10:09 - 2014-07-07 08:27 - 00000000 ____D C:\Users\PC\AppData\Roaming\vlc
2016-02-16 09:56 - 2015-08-27 22:10 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-16 09:55 - 2015-08-27 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-16 09:55 - 2015-08-27 22:09 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-02-16 09:52 - 2013-09-17 16:13 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent
2016-02-15 15:03 - 2015-11-24 23:06 - 00000000 ____D C:\Users\PC\Downloads\PopcornTime
2016-02-14 13:57 - 2015-07-14 19:33 - 00000000 ____D C:\Windows\system32\vbox
2016-02-10 02:10 - 2013-10-07 15:17 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-02-10 02:10 - 2013-10-07 15:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-02-07 22:16 - 2013-08-28 14:28 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-07 22:16 - 2009-07-14 05:33 - 04068672 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-07 09:25 - 2013-08-28 14:32 - 00000000 ____D C:\ProgramData\Adobe
2016-02-06 10:09 - 2013-09-21 18:51 - 00000000 ____D C:\Users\PC\AppData\Local\Adobe
2016-02-06 09:45 - 2013-08-28 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters
2016-02-06 09:45 - 2013-08-28 16:19 - 00000000 ____D C:\Program Files\Codemasters
2016-02-06 09:39 - 2013-12-25 23:34 - 00000000 ____D C:\ProgramData\Guitar and Bass
2016-02-06 09:37 - 2015-10-21 07:46 - 00000000 ____D C:\Program Files\Sports Interactive
2016-02-06 09:36 - 2015-12-16 23:49 - 00000000 ____D C:\Program Files\EveryonePiano
2016-02-06 09:28 - 2013-12-23 19:11 - 00000000 ____D C:\Windows\Minidump
2016-02-05 10:57 - 2016-01-19 22:16 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-02-05 10:57 - 2013-09-21 18:51 - 00000000 ____D C:\Users\PC\AppData\Roaming\Adobe
2016-02-05 10:57 - 2013-08-28 14:19 - 00169320 _____ C:\Users\PC\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-05 10:38 - 2013-08-28 14:32 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-02-05 10:38 - 2013-08-28 14:32 - 00000000 ____D C:\Program Files\Adobe
2016-02-05 10:35 - 2016-01-09 20:59 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2016-02-02 18:32 - 2010-11-20 22:01 - 00005976 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-02 15:14 - 2015-11-09 21:51 - 00000000 ____D C:\Windows\system32\MRT
2016-02-02 15:07 - 2013-12-26 22:14 - 141317472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-02 14:54 - 2016-01-01 12:28 - 00000000 ____D C:\Users\PC\AppData\Roaming\Audacity
2016-02-02 00:41 - 2015-12-29 17:12 - 00000000 ____D C:\Users\PC\Documents\MAGIX_MusicEditor
2016-01-25 15:39 - 2013-08-28 13:52 - 00000000 ____D C:\Users\PC
 
==================== Files in the root of some directories =======
 
2015-01-30 12:07 - 2015-12-21 01:27 - 0000933 _____ () C:\Users\PC\AppData\Roaming\burnaware.ini
2013-10-14 08:14 - 2016-02-16 10:35 - 0007597 _____ () C:\Users\PC\AppData\Local\Resmon.ResmonCfg
2013-12-26 21:37 - 2013-12-26 21:37 - 0000000 ____H () C:\ProgramData\rifmasterlic.lic
 
Some files in TEMP:
====================
C:\Users\PC\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-18 23:53
 
==================== End of FRST.txt ============================
 
 

 

 

Attached Files



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 20 February 2016 - 07:39 PM

It looks like ZeroAccess is completely gone from your system, except for what looks like an inactive service that belongs to it, so we'll remove it using FRST :) Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • First, boot your computer in Safe Mode (if you don't have FRST downloaded on your system, download it prior to booting in that mode);
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    
    U3 *56etadpug;  <==== ATTENTION (ZeroAccess)
    
    CMD: sc stop *56etadpug
    CMD: sc delete *56etadpug
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste that log in your next reply;
After running the FRST fix, you can boot back normally, then follow the instructions below.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Launch Malwarebytes and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted content of the FRST fixlog.txt;
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Gile

Gile
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 22 February 2016 - 04:58 AM

Hi Aura. Here are my logs.
 
Fix result of Farbar Recovery Scan Tool (x86) Version:17-02-2016
Ran by PC (2016-02-21 10:32:00) Run:3
Running from C:\Users\PC\Downloads\Desktop
Loaded Profiles: PC (Available Profiles: PC)
Boot Mode: Safe Mode (with Networking)
 
==============================================
 
fixlist content:
*****************
CloseProcesses:
 
U3 *56etadpug;  <==== ATTENTION (ZeroAccess)
 
CMD: sc stop *56etadpug
CMD: sc delete *56etadpug
*****************
 
Processes closed successfully.
*56etadpug => service not found.
 
=========  sc stop *56etadpug =========
 
[SC] OpenService FAILED 1060:
 
The specified service does not exist as an installed service.
 
 
========= End of CMD: =========
 
 
=========  sc delete *56etadpug =========
 
[SC] OpenService FAILED 1060:
 
The specified service does not exist as an installed service.
 
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 10:32:00 ====
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Professional x86 
Ran by PC (Administrator) on 21-02-16 at 11:03:25.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 9 
 
Failed to delete: C:\Users\PC\AppData\Local\slimware utilities inc (Folder) 
Successfully deleted: C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AO77V69 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQFPA5ZW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLX85X6X (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8N0BLFO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AO77V69 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQFPA5ZW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLX85X6X (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8N0BLFO (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21-02-16 at 11:05:42.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
# AdwCleaner v5.036 - Logfile created 22/02/2016 at 10:22:01
# Updated 22/02/2016 by Xplode
# Database : 2016-02-22.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : PC - PC-PC
# Running from : E:\dwnlds\AdwCleaner(1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\PC\AppData\Local\slimware utilities inc
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Conduit
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [7628 bytes] - [16/02/2016 12:46:56]
C:\AdwCleaner\AdwCleaner[C2].txt - [1010 bytes] - [22/02/2016 10:22:01]
C:\AdwCleaner\AdwCleaner[S1].txt - [7148 bytes] - [16/02/2016 12:41:14]
C:\AdwCleaner\AdwCleaner[S2].txt - [1121 bytes] - [22/02/2016 10:17:52]
C:\AdwCleaner\AdwCleaner[S3].txt - [1198 bytes] - [22/02/2016 10:20:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1302 bytes] ##########
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 22-02-16
Scan Time: 10:26
Logfile: mb.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.22.02
Rootkit Database: v2016.02.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: PC
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 315856
Time Elapsed: 24 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 22 February 2016 - 03:43 PM

This ZeroAccess-related service is quite persistent, FRST can't find it when comes the time to remove it, but it can still see it as being present on the system. Let's see if we can remove it from the Recovery PE. Follow the instructions below please.

On a clean machine, please download Farbar Recovery Scan Tool and the attached fixlist.txt and save it to a flash drive (make sure that you save both FRST and the fixlist.txt file on the same location on the flash drive!).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
==========

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt

==========

Once in the Command Prompt:
  • After the Command Prompt window loads type notepad and press enter
  • From notepad press File > Open > then navigate to your USB drive > choose all files
  • Right click on FRST.exe and run as admin
  • Press Fix
Your next reply should include:
  • Copy/pasted content of the FRST fixlog.txt;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Gile

Gile
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 23 February 2016 - 04:46 PM

Here it is

 

Fix result of Farbar Recovery Scan Tool (x86) Version:21-02-2016 01
Ran by SYSTEM (2016-02-23 22:42:30) Run:4
Running from H:\
Boot Mode: Recovery

==============================================

fixlist content:
*****************
U3 *56etadpug;  <==== ATTENTION (ZeroAccess)

CMD: sc stop *56etadpug
CMD: sc delete *56etadpug
*****************

*56etadpug => service not found.

=========  sc stop *56etadpug =========

'sc' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


=========  sc delete *56etadpug =========

'sc' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


==== End of Fixlog 22:42:30 ====



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 23 February 2016 - 08:55 PM

Still no no luck. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • In the Search text area, copy and paste the following:
    *56etadpug*
  • Once done, click on the Search Registry button and wait for FRST to finish the search;
  • On completion, a log will open in Notepad. Copy and paste that log in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Gile

Gile
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 26 February 2016 - 03:58 AM

Farbar Recovery Scan Tool (x86) Version:17-02-2016
Ran by PC (2016-02-26 09:57:33)
Running from C:\Users\PC\Downloads\Desktop
Boot Mode: Normal

================== Search Registry: "56etadpug" ===========

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\�56etadpug]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\�56etadpug]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\�56etadpug]

====== End of Search ======



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 PM

Posted 26 February 2016 - 09:07 PM

Alright, so it seems that there's a special Unicode character at the beginning of the key (and therefore, service) name, and because of that, FRST and sc fails to find and interact with it. We'll have to do this manually.

Press on the Win Key + R, type in Regedit and press on Enter. A UAC prompt will appear, allow it to go though, and you'll find yourself in the Registry editor. It looks like this.
AV0wePZ.png
The big zone is what I'll refer to as the left tab, or navigation tab. The second zone is what we call a key (in that case, HKEY_LOCAL_MACHINE). The third zone represents a small arrow that when you click on, will display the keys under that key. The concept is the same as the left tab of the Windows Explorer, so you shouldn't be too lost :) Now I want you to navigate to the following key.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services
So basically, you'll click on the arrow on the left of "HKEY_LOCAL_MACHINE", scroll down, click on the one on the left of "SYSTEM", and repeat the process until you click on the little arrow by "services". Once there, I want you to look for a key, which have "56etadpug" in it's name and click on it. What you can do as well, is press on Ctrl + F to bring up the search box, and search for 56etadpug. It should bring you to that key. Once you are on it, right-click on it and select Export, like shown in the screenshot below.
zPZ6qsn.png
Now, save the file in a .reg file format, somewhere easily accessible. What I want you to do next is to right-click on that .reg file you saved and select Edit. Then, you'll copy/paste its content in your next reply. You'll also put that file in a .zip file, and attach it in your next reply, so I'll have both files.

If there's any instruction/step you aren't sure of, don't be afraid to ask, I'll be there to guide you :)

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users