Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomer.LRV AVG keeps detecting FRST & addition.TXT included


  • This topic is locked This topic is locked
19 replies to this topic

#1 kmcdonald

kmcdonald

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 23 August 2016 - 03:31 PM

Running windows 10 with AVG free and malwarebytes loaded. 3 or 4 time over the last week AVG pops up detecting (1st time) Ranson:win32/Exxroute (following times) Ransomer.LRV and points to a random .DLL file in the windows/temp directory. I took a look today and did not see that or any other DLL's in temp (checked hidden) directory prior to cleaning then I let AVG clean as I have before, I have run Malwarebytes and found nothing, today ran Adcleaner and it came up with a registry threat at HKLM/software/description I searched the registry and was unable to find that combination (I did not have adcleaner repair it). At this point I believe that the ransomer exists on my PC as nothing has been cleaned and it keeps popping up.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by NCIS (administrator) on NCIS-FC2 (23-08-2016 13:06:11)
Running from C:\Users\NCIS\Desktop
Loaded Profiles: NCIS (Available Profiles: NCIS)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [204560 2016-08-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6709008 2016-07-28] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1629447234-2497554020-3744553318-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1629447234-2497554020-3744553318-1000\...\RunOnce: [Uninstall C:\Users\NCIS\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\NCIS\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-1629447234-2497554020-3744553318-1000\...\RunOnce: [Uninstall C:\Users\NCIS\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\NCIS\AppData\Local\Microsoft\OneDrive\17.3.6390.0509"
HKU\S-1-5-21-1629447234-2497554020-3744553318-1000\...\MountPoints2: {ffbb593a-340d-11e6-a916-0024e8231cc1} - "I:\Autorun.exe" 
HKU\S-1-5-21-1629447234-2497554020-3744553318-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 64.105.132.250 64.105.156.138
Tcpip\..\Interfaces\{a8ac9e11-3d04-428a-bda9-e69604807b1c}: [DhcpNameServer] 64.105.132.250 64.105.156.138
 
Internet Explorer:
==================
HKU\S-1-5-21-1629447234-2497554020-3744553318-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/en-us/?ocid=U221DHP&pc=U221
HKU\S-1-5-21-1629447234-2497554020-3744553318-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/MSE_WCP
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-10] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-10] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-18] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-01]
CHR Extension: (Chrome Media Router) - C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5267456 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-08-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtlService; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [314112 2016-06-30] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [261888 2016-07-19] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313088 2016-07-20] (AVG Technologies CZ, s.r.o.)
R3 e1kexpress; C:\Windows\system32\DRIVERS\e1k63x64.sys [498032 2013-02-20] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-23] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-23 13:06 - 2016-08-23 13:07 - 00011884 _____ C:\Users\NCIS\Desktop\FRST.txt
2016-08-23 13:04 - 2016-08-23 13:06 - 00000000 ____D C:\FRST
2016-08-23 13:00 - 2016-08-23 13:04 - 02396672 _____ (Farbar) C:\Users\NCIS\Desktop\FRST64.exe
2016-08-23 08:48 - 2016-08-23 08:49 - 00000000 ____D C:\AdwCleaner
2016-08-23 08:44 - 2016-08-23 08:48 - 03784256 _____ C:\Users\NCIS\Downloads\adwcleaner_6.000.exe
2016-08-23 07:25 - 2016-08-23 07:25 - 00003324 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-19 12:02 - 2016-08-19 12:02 - 00000000 ____D C:\Users\NCIS\AppData\Local\ESET
2016-08-19 12:01 - 2016-08-19 12:02 - 06761600 _____ (ESET spol. s r.o.) C:\Users\NCIS\Downloads\esetonlinescanner_enu.exe
2016-08-18 12:19 - 2016-08-18 12:19 - 00000000 ____D C:\ProgramData\Avg_Update_0516piz
2016-08-18 12:11 - 2016-08-18 12:11 - 00000000 ____D C:\Users\NCIS\AppData\Roaming\TuneUp Software
2016-08-18 12:11 - 2016-08-18 12:11 - 00000000 ____D C:\Users\NCIS\AppData\Roaming\AVG
2016-08-18 12:11 - 2016-08-18 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-08-18 12:10 - 2016-08-18 12:10 - 00000000 ___HD C:\$AVG
2016-08-18 12:07 - 2016-08-23 12:51 - 00000000 ____D C:\ProgramData\MFAData
2016-08-18 12:07 - 2016-08-18 12:07 - 00000000 ____D C:\Users\NCIS\AppData\Local\MFAData
2016-08-18 11:57 - 2016-08-18 11:57 - 00000943 _____ C:\Users\Public\Desktop\AVG.lnk
2016-08-18 11:57 - 2016-08-18 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-08-18 11:55 - 2016-08-18 12:10 - 00000000 ____D C:\Program Files (x86)\AVG
2016-08-18 11:33 - 2016-08-18 12:11 - 00000000 ____D C:\Users\NCIS\AppData\Local\Avg
2016-08-18 11:33 - 2016-08-18 12:10 - 00000000 ____D C:\ProgramData\Avg
2016-08-18 11:33 - 2016-08-18 12:07 - 00000000 ____D C:\Users\NCIS\AppData\Local\AvgSetupLog
2016-08-18 11:32 - 2016-08-18 11:33 - 03143504 _____ (AVG Technologies CZ, s.r.o.) C:\Users\NCIS\Downloads\AVG_Protection_Free_1606.exe
2016-08-18 11:30 - 2016-08-18 11:30 - 02895464 _____ (AVG Technologies) C:\Users\NCIS\Downloads\AVG_Protection_Free_1115.exe
2016-08-18 11:01 - 2016-08-23 11:19 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-18 11:01 - 2016-08-18 11:01 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-18 11:01 - 2016-08-18 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-18 11:01 - 2016-08-18 11:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-18 11:01 - 2016-08-18 11:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-18 11:01 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-18 11:01 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-18 11:01 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-18 10:59 - 2016-08-18 11:00 - 22851472 _____ (Malwarebytes ) C:\Users\NCIS\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-10 10:36 - 2016-08-03 04:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 10:36 - 2016-08-03 04:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 10:36 - 2016-08-03 04:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 10:36 - 2016-08-03 03:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 10:36 - 2016-08-03 03:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 10:36 - 2016-08-03 03:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 10:36 - 2016-08-03 03:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 10:36 - 2016-08-03 03:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 10:36 - 2016-08-03 03:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 10:36 - 2016-08-03 03:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 10:36 - 2016-08-03 03:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 10:36 - 2016-08-03 03:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 10:36 - 2016-08-03 03:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 10:36 - 2016-08-03 03:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 10:36 - 2016-08-03 03:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 10:36 - 2016-08-03 03:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 10:36 - 2016-08-03 03:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 10:36 - 2016-08-03 03:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 10:36 - 2016-08-03 03:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 10:36 - 2016-08-03 03:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 10:36 - 2016-08-03 03:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 10:36 - 2016-08-03 03:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 10:36 - 2016-08-03 03:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 10:36 - 2016-08-03 03:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 10:36 - 2016-08-03 03:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 10:36 - 2016-08-03 03:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 10:36 - 2016-08-03 02:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 10:36 - 2016-08-03 02:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 10:36 - 2016-08-03 02:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 10:36 - 2016-08-03 02:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 10:36 - 2016-08-03 02:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 10:36 - 2016-08-03 02:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 10:36 - 2016-08-03 02:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 10:36 - 2016-08-03 02:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 10:36 - 2016-08-03 02:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 10:36 - 2016-08-03 02:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 10:36 - 2016-08-03 02:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 10:36 - 2016-08-03 02:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 10:36 - 2016-08-03 02:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 10:36 - 2016-08-03 02:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 10:36 - 2016-08-03 02:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 10:36 - 2016-08-03 02:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 10:36 - 2016-08-03 02:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 10:36 - 2016-08-03 02:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 10:36 - 2016-08-03 02:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 10:36 - 2016-08-03 02:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 10:36 - 2016-08-03 02:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 10:36 - 2016-08-03 02:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 10:36 - 2016-08-03 02:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 10:36 - 2016-08-03 02:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 10:36 - 2016-08-03 02:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 10:36 - 2016-08-03 02:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 10:36 - 2016-08-03 02:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 10:36 - 2016-08-03 02:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 10:36 - 2016-08-03 02:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 10:36 - 2016-08-03 02:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 10:36 - 2016-08-03 02:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 10:36 - 2016-08-03 02:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 10:36 - 2016-08-03 02:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 10:36 - 2016-08-03 02:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 10:36 - 2016-08-03 02:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 10:36 - 2016-08-03 02:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 10:36 - 2016-08-03 02:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 10:36 - 2016-08-03 02:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 10:36 - 2016-08-03 02:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 10:36 - 2016-08-03 02:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 10:36 - 2016-08-03 02:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 10:36 - 2016-08-03 02:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 10:36 - 2016-08-03 02:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 10:36 - 2016-08-03 02:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 10:36 - 2016-08-03 02:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 10:36 - 2016-08-03 02:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 10:36 - 2016-08-03 02:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 10:36 - 2016-08-03 02:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 10:36 - 2016-08-03 02:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 10:36 - 2016-08-03 02:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 10:36 - 2016-08-03 02:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 10:36 - 2016-08-03 02:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 10:36 - 2016-08-03 02:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 10:36 - 2016-08-03 02:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 10:36 - 2016-08-03 02:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 10:36 - 2016-08-03 02:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 10:36 - 2016-08-03 02:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 10:36 - 2016-08-03 02:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 10:36 - 2016-08-03 02:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 10:36 - 2016-08-02 22:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 10:36 - 2016-08-02 22:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 10:36 - 2016-08-02 22:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 10:36 - 2016-08-02 22:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 10:36 - 2016-08-02 22:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 10:36 - 2016-08-02 22:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 10:36 - 2016-08-02 22:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 10:36 - 2016-08-02 22:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 10:36 - 2016-08-02 22:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 10:36 - 2016-08-02 22:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 10:36 - 2016-08-02 21:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 10:36 - 2016-08-02 21:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 10:36 - 2016-08-02 21:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 10:36 - 2016-08-02 21:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 10:36 - 2016-08-02 21:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 10:36 - 2016-08-02 21:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 10:36 - 2016-08-02 21:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 10:36 - 2016-08-02 21:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 10:36 - 2016-08-02 21:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 10:36 - 2016-08-02 21:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 10:36 - 2016-08-02 21:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 10:36 - 2016-08-02 21:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 10:36 - 2016-08-02 21:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 10:36 - 2016-08-02 21:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 10:36 - 2016-08-02 21:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 10:36 - 2016-08-02 21:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 10:36 - 2016-08-02 21:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 10:36 - 2016-08-02 21:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 10:36 - 2016-08-02 21:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 10:36 - 2016-08-02 21:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 10:36 - 2016-08-02 21:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 10:36 - 2016-08-02 21:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 10:36 - 2016-08-02 21:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 10:36 - 2016-08-02 21:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 10:36 - 2016-08-02 21:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 10:36 - 2016-08-02 21:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 10:36 - 2016-08-02 21:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 10:36 - 2016-08-02 21:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 10:36 - 2016-08-02 21:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 10:36 - 2016-08-02 21:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 10:36 - 2016-08-02 21:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 10:36 - 2016-08-02 21:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-10 10:36 - 2016-08-02 21:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 10:35 - 2016-08-03 02:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-07-28 16:29 - 2016-08-23 12:34 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d1e927db4f0e16.job
2016-07-28 16:29 - 2016-07-28 16:29 - 00004012 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d1e927db4f0e16
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-23 08:55 - 2016-06-10 13:38 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2016-08-23 08:48 - 2016-05-31 23:22 - 00000032 _____ C:\WINDOWS\mxtrxpro.ini
2016-08-23 07:25 - 2016-06-10 13:24 - 00002371 _____ C:\Users\NCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-23 07:25 - 2016-06-10 13:24 - 00000000 ___RD C:\Users\NCIS\OneDrive
2016-08-23 07:23 - 2016-05-31 23:16 - 00000000 ____D C:\Users\NCIS\AppData\Roaming\Skype
2016-08-23 04:38 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-23 04:38 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-22 16:34 - 2015-12-11 13:47 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-22 15:49 - 2016-06-01 00:35 - 00000000 ____D C:\speedDIAL
2016-08-22 07:21 - 2016-06-10 12:59 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2016-08-18 12:19 - 2015-10-29 23:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-18 12:11 - 2015-10-30 00:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-08-17 10:11 - 2016-05-24 15:18 - 00000166 __RSH C:\ProgramData\3002.xml
2016-08-15 09:09 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-11 17:22 - 2016-06-10 13:04 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-11 17:22 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-11 17:18 - 2016-05-24 15:17 - 00078032 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll
2016-08-11 17:18 - 2016-04-26 23:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-11 17:17 - 2016-04-26 23:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-11 17:17 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-08-11 17:16 - 2016-04-26 23:21 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-11 17:16 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-11 17:16 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 12:06 - 2015-12-10 13:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 12:06 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 12:06 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 12:03 - 2015-12-10 13:57 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 14:36 - 2015-12-11 13:53 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 14:36 - 2015-12-11 13:53 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-04 13:48 - 2015-12-11 13:47 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-28 16:29 - 2015-12-11 13:47 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 12:25 - 2010-11-20 20:27 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2016-05-24 15:18 - 2016-05-31 23:14 - 0032432 __RSH () C:\ProgramData\3002.abs
2016-05-24 15:18 - 2016-08-17 10:11 - 0000166 __RSH () C:\ProgramData\3002.xml
2016-05-24 15:18 - 2016-05-24 15:18 - 0015568 __RSH () C:\ProgramData\3029.abs
 
Some files in TEMP:
====================
C:\Users\NCIS\AppData\Local\Temp\avguirn_081392734735.exe
C:\Users\NCIS\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\NCIS\AppData\Local\Temp\Setup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-22 07:40
 
==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:13 AM

Posted 24 August 2016 - 05:59 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 kmcdonald

kmcdonald
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 24 August 2016 - 09:47 AM

07:39:24.0585 0x1384  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
07:39:29.0146 0x1384  ============================================================
07:39:29.0146 0x1384  Current date / time: 2016/08/24 07:39:29.0146
07:39:29.0146 0x1384  SystemInfo:
07:39:29.0146 0x1384  
07:39:29.0146 0x1384  OS Version: 10.0.10586 ServicePack: 0.0
07:39:29.0146 0x1384  Product type: Workstation
07:39:29.0146 0x1384  ComputerName: NCIS-FC2
07:39:29.0146 0x1384  UserName: NCIS
07:39:29.0146 0x1384  Windows directory: C:\WINDOWS
07:39:29.0146 0x1384  System windows directory: C:\WINDOWS
07:39:29.0146 0x1384  Running under WOW64
07:39:29.0146 0x1384  Processor architecture: Intel x64
07:39:29.0146 0x1384  Number of processors: 2
07:39:29.0146 0x1384  Page size: 0x1000
07:39:29.0146 0x1384  Boot type: Normal boot
07:39:29.0146 0x1384  CodeIntegrityOptions = 0x00000001
07:39:29.0146 0x1384  ============================================================
07:39:29.0639 0x1384  KLMD registered as C:\WINDOWS\system32\drivers\39520765.sys
07:39:29.0639 0x1384  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 10586.545, osProperties = 0x19
07:39:30.0166 0x1384  System UUID: {0D066494-0945-7A1B-3D5F-95EA44770530}
07:39:30.0904 0x1384  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:39:30.0944 0x1384  ============================================================
07:39:30.0944 0x1384  \Device\Harddisk0\DR0:
07:39:30.0944 0x1384  MBR partitions:
07:39:30.0944 0x1384  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1088800, BlocksNum 0x1C05B970
07:39:30.0944 0x1384  ============================================================
07:39:30.0973 0x1384  C: <-> \Device\Harddisk0\DR0\Partition1
07:39:30.0973 0x1384  ============================================================
07:39:30.0973 0x1384  Initialize success
07:39:30.0973 0x1384  ============================================================
07:40:19.0482 0x0c5c  ============================================================
07:40:19.0482 0x0c5c  Scan started
07:40:19.0482 0x0c5c  Mode: Manual; SigCheck; TDLFS; 
07:40:19.0482 0x0c5c  ============================================================
07:40:19.0482 0x0c5c  KSN ping started
07:40:20.0140 0x0c5c  KSN ping finished: true
07:40:22.0297 0x0c5c  ================ Scan system memory ========================
07:40:22.0297 0x0c5c  System memory - ok
07:40:22.0297 0x0c5c  ================ Scan services =============================
07:40:22.0478 0x0c5c  [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
07:40:22.0625 0x0c5c  1394ohci - ok
07:40:22.0644 0x0c5c  [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
07:40:22.0660 0x0c5c  3ware - ok
07:40:22.0688 0x0c5c  [ 469441BAE3FF8A16826FC62C51EF5E18, E1204677B87F47222D05F670F8DF3DB65EA0881782A8DCFBE0103478ED71187C ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
07:40:22.0714 0x0c5c  ACPI - ok
07:40:22.0761 0x0c5c  [ 7EADED8087C392876521F7EBCE846EF4, 99BF1BD948F97C1ECBC049C7F949B71D73D0B41FB505B2F75B208E655F7DC8A3 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
07:40:22.0778 0x0c5c  acpiex - ok
07:40:22.0794 0x0c5c  [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
07:40:22.0820 0x0c5c  acpipagr - ok
07:40:22.0862 0x0c5c  [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
07:40:22.0945 0x0c5c  AcpiPmi - ok
07:40:22.0949 0x0c5c  [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
07:40:22.0964 0x0c5c  acpitime - ok
07:40:23.0033 0x0c5c  [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
07:40:23.0089 0x0c5c  ADP80XX - ok
07:40:23.0123 0x0c5c  [ 70148EFA9A562E7185B75BBE7D376BF7, 8200E3349A1AFA1040B3D956A17BAF3CDC784A1A3CA396125E7872B36C03D84A ] AFD             C:\WINDOWS\system32\drivers\afd.sys
07:40:23.0156 0x0c5c  AFD - ok
07:40:23.0170 0x0c5c  [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
07:40:23.0185 0x0c5c  agp440 - ok
07:40:23.0235 0x0c5c  [ 3DF7751D5DC6525E7DC6617FBB45054F, 8E6D4C809DB3B66E7558C4829E01F5C227EE614AC82F33FD99DCC629770D1BE3 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
07:40:23.0323 0x0c5c  ahcache - ok
07:40:23.0360 0x0c5c  [ 19707ECBCEA71080A85DB2336580DB39, A09AE69C9DE2F3765417F212453B6927C317A94801AE68FBA6A8E8A7CB16CED7 ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
07:40:23.0462 0x0c5c  AJRouter - ok
07:40:23.0511 0x0c5c  [ AA91A5E156D0364ABA7B01658C2EB014, F61055D581745023939C741CAB3370074D1416BB5A0BE0BD47642D5A75669E12 ] ALG             C:\WINDOWS\System32\alg.exe
07:40:23.0615 0x0c5c  ALG - ok
07:40:23.0630 0x0c5c  [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
07:40:23.0692 0x0c5c  AmdK8 - ok
07:40:23.0714 0x0c5c  [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
07:40:23.0750 0x0c5c  AmdPPM - ok
07:40:23.0769 0x0c5c  [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
07:40:23.0783 0x0c5c  amdsata - ok
07:40:23.0825 0x0c5c  [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
07:40:23.0844 0x0c5c  amdsbs - ok
07:40:23.0860 0x0c5c  [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
07:40:23.0874 0x0c5c  amdxata - ok
07:40:23.0976 0x0c5c  [ ADFFD587A8CBDCEB0566521ACEF707DB, 17CF539B17FAAF4CC4306B6D2BBD36D80C93FB49A614293D7351A92445C6C1D0 ] AppHostSvc      C:\WINDOWS\system32\inetsrv\apphostsvc.dll
07:40:24.0080 0x0c5c  AppHostSvc - ok
07:40:24.0099 0x0c5c  [ EDDB0D726DBECDFC1DBCC6DB464E5A13, 98D128D1E6FA270ED9ADBFE50078F68A794C00D4CBB86E28EC6161FFAD0CA8FF ] AppID           C:\WINDOWS\system32\drivers\appid.sys
07:40:24.0115 0x0c5c  AppID - ok
07:40:24.0159 0x0c5c  [ 7A55F9237F726D1667073A47B0D1B90F, 7C2D9AA84F1D4CC6C1FAF6848DF9479A534E01029C4387E8C0647745F1E74603 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
07:40:24.0260 0x0c5c  AppIDSvc - ok
07:40:24.0269 0x0c5c  [ 56E219DF92BE16F62308F884739BE022, FE189EE8A52BC5A0E6B76C632021F84F60307A182F2A67C0C0C7CAA72DEFC723 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
07:40:24.0298 0x0c5c  Appinfo - ok
07:40:24.0344 0x0c5c  [ B4AE5296C9597F45E1CFE0B1DBE7739E, C9DCA8EF32720D68119CC23DF4BCD783FFB5F999D14EDCC7937D17C590323B4B ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
07:40:24.0434 0x0c5c  AppMgmt - ok
07:40:24.0493 0x0c5c  [ 682F73D86501D75B131A1D59539A475D, 1C3E1728F3995BBFC2BCE90EFD118B0B864103B16F587A1374D8B3A00403B9E3 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
07:40:24.0561 0x0c5c  AppReadiness - ok
07:40:24.0635 0x0c5c  [ 736BC0930DF22D535C9667D78F8DEB71, 067337517BD7234FEA999C242C90F74328C0003DDFD24483915F5C1DC5B9C919 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
07:40:24.0777 0x0c5c  AppXSvc - ok
07:40:24.0792 0x0c5c  [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
07:40:24.0808 0x0c5c  arcsas - ok
07:40:24.0936 0x0c5c  [ 00B0FDD484914F388B5441285FDE24CB, 90AA8A12BB235BFC3A924F0E23BCEE8742817E3BC5A85E49D8AF8B52E8158ECB ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:40:24.0958 0x0c5c  aspnet_state - ok
07:40:24.0968 0x0c5c  [ 5E00748A1AD246CAECBBB7553BED36CC, DAD2C93F0894E7BB5E5D8D767D8286A909086B49172C504A01097C3A180998C6 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
07:40:25.0043 0x0c5c  AsyncMac - ok
07:40:25.0090 0x0c5c  [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
07:40:25.0103 0x0c5c  atapi - ok
07:40:25.0201 0x0c5c  [ 42BF7FA295F453618104B5A50BEE105B, AB44BA2AD2FC5AF3B6BE4489C444C03FD1AB02C22109BF5F39BE459294C4CB18 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
07:40:25.0305 0x0c5c  AudioEndpointBuilder - ok
07:40:25.0370 0x0c5c  [ 5C6F3312EACE1409DC2C4C2AD5D2719D, 415955E31458AE56182436EEF5A993BAEF08379C12C182CC073F3D0A3A0DE006 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
07:40:25.0461 0x0c5c  Audiosrv - ok
07:40:25.0579 0x0c5c  [ CAF8BC64B176E0538DD8E48843362BCD, 22DB7FBEE6C86E8083F40E4D355E97A123DCC9337E1B48F75A40CD6971576846 ] AvgAMPS         C:\Program Files (x86)\AVG\Av\avgamps.exe
07:40:25.0623 0x0c5c  AvgAMPS - ok
07:40:25.0647 0x0c5c  [ 344B89E8D91B1F25239310DCC7337ED0, CF57BD6AAA2A1527957DA4BA4FFC8072D4BE071C95A8741690CA051727B4E30C ] Avgboota        C:\WINDOWS\system32\DRIVERS\avgboota.sys
07:40:25.0662 0x0c5c  Avgboota - ok
07:40:25.0684 0x0c5c  [ EBE91430DEC70E1F81D1C48B31160CAE, DFFF9663D797D7E289EEB5591ACFED49454FAEB9840CBCB319B60043CD989550 ] Avgdiska        C:\WINDOWS\system32\DRIVERS\avgdiska.sys
07:40:25.0697 0x0c5c  Avgdiska - ok
07:40:25.0826 0x0c5c  [ 108BCEE353BB2EF57396F227755AE69E, F4061BDBA8938AE5697517368F733745F5357D3A982A5D83514C9F2378D19BF9 ] AVGIDSAgent     C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
07:40:25.0989 0x0c5c  AVGIDSAgent - ok
07:40:26.0018 0x0c5c  [ F363AE47CE4920A46F09BA858952DCBB, ED0B6DFD9984E801B4F2CD621D832810D9E43D425AB3E2CA15560474E4865DE2 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdrivera.sys
07:40:26.0033 0x0c5c  AVGIDSDriver - ok
07:40:26.0057 0x0c5c  [ 6E74613980F4691B95E6A10F71218D0B, DB42099501DD5AD10286E7CC77E4B17D9D6FA4406B20C876C0587EE637D3A50A ] AVGIDSHA        C:\WINDOWS\system32\DRIVERS\avgidsha.sys
07:40:26.0072 0x0c5c  AVGIDSHA - ok
07:40:26.0086 0x0c5c  [ 65E62E92584319747183FA54C08C0330, 26F3D9C36254499DC0A43B5FF4A6B35784BC49143CDAED7E0257A6C527BF2EE5 ] Avgldx64        C:\WINDOWS\system32\DRIVERS\avgldx64.sys
07:40:26.0100 0x0c5c  Avgldx64 - ok
07:40:26.0122 0x0c5c  [ 301E95F388C93D3C73EE35E3693C6A97, 512BA2905EDCC900B12037701A120EE527A14894BF562610F3CF57A65D20FCD5 ] Avgloga         C:\WINDOWS\system32\DRIVERS\avgloga.sys
07:40:26.0139 0x0c5c  Avgloga - ok
07:40:26.0156 0x0c5c  [ A1E22774E01EDB88EC9620EF017B3ABE, 94C26CBA3B37A530A76EE116DE42862B2AC635C434F097102B27562CE427D25E ] Avgmfx64        C:\WINDOWS\system32\DRIVERS\avgmfx64.sys
07:40:26.0171 0x0c5c  Avgmfx64 - ok
07:40:26.0182 0x0c5c  [ 2A0D6982D0492BF6266E64F25C23EAE8, 7400F85784C0658B4DF6C7424E3ACDCF421D8293D247E80D6AEE14FA91EBFBDC ] Avgrkx64        C:\WINDOWS\system32\DRIVERS\avgrkx64.sys
07:40:26.0192 0x0c5c  Avgrkx64 - ok
07:40:26.0275 0x0c5c  [ 8CD64A981787F589D867B275CCAA9E2E, 1A0740E50610F0CB5D507EE9D54BC7F01209DF82015E7CBB0982110FEEC36526 ] avgsvc          C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
07:40:26.0322 0x0c5c  avgsvc - ok
07:40:26.0334 0x0c5c  [ 1EEB894456B375A486950D343F6DB81F, C5D6EBAC49A4AABE360EE2FA791628C164608FAF5CF37049368CE061D8ABFC10 ] avguniva        C:\WINDOWS\system32\DRIVERS\avguniva.sys
07:40:26.0344 0x0c5c  avguniva - ok
07:40:26.0383 0x0c5c  [ A6AE2B2E79925C37F543A8D6EC6D8C68, 53498B84884CB2AA2E2FC700535EFBC8E809BC15239A72B5DB20A212A2BD0500 ] avgwd           C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
07:40:26.0421 0x0c5c  avgwd - ok
07:40:26.0448 0x0c5c  [ B6F34BE914F7CF7D8B7203AB6241AC8B, D720087968D7EA878C78232ACBB3DF1C06F9FC357F799B149FFF306455BB1C26 ] Avgwfpa         C:\WINDOWS\system32\DRIVERS\avgwfpa.sys
07:40:26.0464 0x0c5c  Avgwfpa - ok
07:40:26.0508 0x0c5c  [ 7062CE507814D5306DCA5D6A15B7B6B6, 9D60506003A66C2E516B1FCB70CC5B26FB3A9948B95D97C828DD0328E76F2C91 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
07:40:26.0529 0x0c5c  AxInstSV - ok
07:40:26.0582 0x0c5c  [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
07:40:26.0614 0x0c5c  b06bdrv - ok
07:40:26.0633 0x0c5c  [ B4AC08B1D04D0CE085435E5CD0E663C5, 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
07:40:26.0712 0x0c5c  BasicDisplay - ok
07:40:26.0717 0x0c5c  [ 25B5BB369DEE2BAE4BF459C978FF9035, DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
07:40:26.0731 0x0c5c  BasicRender - ok
07:40:26.0749 0x0c5c  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
07:40:26.0772 0x0c5c  bcmfn - ok
07:40:26.0776 0x0c5c  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
07:40:26.0791 0x0c5c  bcmfn2 - ok
07:40:26.0843 0x0c5c  [ F374C27099807E99A156953F8416D34A, D267B8CD837290F9FC6B4FFD2DB8F54867D808FB155698FC7713BCAB3AE475B5 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
07:40:26.0903 0x0c5c  BDESVC - ok
07:40:26.0948 0x0c5c  [ 5A88834AEE15D97695FAE0837B73B3E4, 03035FB51DE218B8EDB15129A0376DDED0C7E7B6DA58DD95B12E4E5C8D852ED8 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
07:40:27.0018 0x0c5c  Beep - ok
07:40:27.0080 0x0c5c  [ 37F5E2385CB4D10AB42186974B9C241A, D38FA2B8CE19AC32056060F04B04D031F1621C07528DEDCCD5A8C01AB0A35995 ] BFE             C:\WINDOWS\System32\bfe.dll
07:40:27.0159 0x0c5c  BFE - ok
07:40:27.0235 0x0c5c  [ 64582C924C48175D52AED0D0E64AB413, 75DC6BC01D26A4BABEDB8013F0C106780F0991CA63075798C7C24B66022F58E3 ] BITS            C:\WINDOWS\System32\qmgr.dll
07:40:27.0373 0x0c5c  BITS - ok
07:40:27.0426 0x0c5c  [ DA2C6F7ACE392193C424FEA975C5BFFB, 668F91F3E5F8EA170C10823D6959E0EDB32434C51FAA68BEA782EDDF5618690E ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
07:40:27.0457 0x0c5c  bowser - ok
07:40:27.0514 0x0c5c  [ 453207816AB95A0376887BE01FAE30E1, 102CA59ED06C6A7D69AA3094DDC550400C50CDF5B7F066522BF0031B8EC7B708 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
07:40:27.0591 0x0c5c  BrokerInfrastructure - ok
07:40:27.0637 0x0c5c  [ A617BE5E429A035A1CA8217C1B16F0BB, 197EE6C6EB22FF8A626540886F5A2163CC4CB177504C5423856F54BF01EB0FF1 ] Browser         C:\WINDOWS\System32\browser.dll
07:40:27.0673 0x0c5c  Browser - ok
07:40:27.0717 0x0c5c  [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
07:40:27.0775 0x0c5c  BthAvrcpTg - ok
07:40:27.0794 0x0c5c  [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
07:40:27.0811 0x0c5c  BthHFEnum - ok
07:40:27.0817 0x0c5c  [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
07:40:27.0840 0x0c5c  bthhfhid - ok
07:40:27.0890 0x0c5c  [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
07:40:27.0928 0x0c5c  BthHFSrv - ok
07:40:27.0942 0x0c5c  [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
07:40:27.0970 0x0c5c  BTHMODEM - ok
07:40:27.0994 0x0c5c  [ CEEC73833A4C6B31E2F376A3FD4DA73E, F09FC6EAB8D9769DBAD0931CC7C7F5DFE1562D3EE09CE0EF086AA73D4B62E076 ] bthserv         C:\WINDOWS\system32\bthserv.dll
07:40:28.0034 0x0c5c  bthserv - ok
07:40:28.0044 0x0c5c  [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
07:40:28.0117 0x0c5c  buttonconverter - ok
07:40:28.0135 0x0c5c  [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
07:40:28.0228 0x0c5c  CapImg - ok
07:40:28.0244 0x0c5c  [ 7F9C7226D743B232907ED2537B8A574F, 2211AFC30E8F8FA03020DB48EE14914CD31E50BB6A63FF20AC7C6FA481E72C18 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
07:40:28.0262 0x0c5c  cdfs - ok
07:40:28.0308 0x0c5c  [ 88E3BA684A7B1247762E1D401076D4C2, 88375BD1970848A71B9CF8C7C73ECA2E4A65E57D80D0C36F41547D381441A552 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
07:40:28.0365 0x0c5c  CDPSvc - ok
07:40:28.0419 0x0c5c  [ 82D97776BF982AA143BDC7DFB5054EA8, 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
07:40:28.0444 0x0c5c  cdrom - ok
07:40:28.0490 0x0c5c  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
07:40:28.0514 0x0c5c  CertPropSvc - ok
07:40:28.0553 0x0c5c  [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
07:40:28.0577 0x0c5c  circlass - ok
07:40:28.0595 0x0c5c  [ 8B4B39C507ABA09AAFE8E3932D1B392C, 734700155A658BC08FC96E8F99A01DE7F7251D7DDEFA79D258B2EEB370BA7AA8 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
07:40:28.0617 0x0c5c  CLFS - ok
07:40:28.0674 0x0c5c  [ E72BB94A4010EBA7074DFEB25D67BDC3, 437F13A1F709B4CC047C9918625C2B5F673218A5141DBC99CD14B008FAB2AA88 ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
07:40:28.0700 0x0c5c  ClipSVC - ok
07:40:28.0751 0x0c5c  [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
07:40:28.0786 0x0c5c  CmBatt - ok
07:40:28.0819 0x0c5c  [ 570BA8E8E1E3064A7D92F862B7F59B60, 849CE59A0390EB34977471391EF7500506B0B019E5E31CBF264A4926A84C4BEE ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
07:40:28.0854 0x0c5c  CNG - ok
07:40:28.0895 0x0c5c  [ 58D640BC2294C71BDE0953F12D4B432F, 0B3B7659FCB97791A2A1F895C8E6F9078F855C94C13EB47464492588C4B02B85 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
07:40:28.0909 0x0c5c  cnghwassist - ok
07:40:29.0026 0x0c5c  [ 14F9883588398A1BDE49C75098C75DE6, D9D82DE89FAFE60BC902683BC44C7555533A030150FD5E5A35A24542FACC5CAD ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
07:40:29.0050 0x0c5c  CompositeBus - ok
07:40:29.0053 0x0c5c  COMSysApp - ok
07:40:29.0095 0x0c5c  [ 02B8E49148DE5E0A2F6FDF28CE94A6AC, EEA405823F441CA604BEAA44EB71A1D20BC80E124FF7B27380D0201AAF2E0849 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
07:40:29.0109 0x0c5c  condrv - ok
07:40:29.0162 0x0c5c  [ 86BE19C6A177AEB93302EA5C4FBE2D11, 5404AB84D270549B1A46574EBDC857525F71B117BE3BA0098FA0A696E56D5C39 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
07:40:29.0205 0x0c5c  CoreMessagingRegistrar - ok
07:40:29.0248 0x0c5c  [ 9E79A2208A9ED205A7383CBC92C28053, 2E6599DF30DF19BD7BE6FEF1B21FED7F349A3F2306CC5CFDB767ABA7283E8A55 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
07:40:29.0314 0x0c5c  CryptSvc - ok
07:40:29.0345 0x0c5c  [ 5D578EAAFB6FD4F59523E5878B541296, 73573124787B79179880AFAF9CB8427237A1605A9F13D7783228DE24D18963C0 ] CSC             C:\WINDOWS\system32\drivers\csc.sys
07:40:29.0432 0x0c5c  CSC - ok
07:40:29.0494 0x0c5c  [ 5F07CCEE514894C9474AEDCA50B6C2C7, 38F54897C91A2E7D80D00852CEB173B26E822D7C68F35D31228245F811E028A8 ] CscService      C:\WINDOWS\System32\cscsvc.dll
07:40:29.0549 0x0c5c  CscService - ok
07:40:29.0559 0x0c5c  [ 2619DC483579DB9FE804044C1ADFFD1A, 23A5420288735A980917091532BE7BB36EB51660AA4555C615AF736357EB02EC ] dam             C:\WINDOWS\system32\drivers\dam.sys
07:40:29.0573 0x0c5c  dam - ok
07:40:29.0637 0x0c5c  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
07:40:29.0743 0x0c5c  DcomLaunch - ok
07:40:29.0790 0x0c5c  [ 620921E77351FB651632322AD2C195C4, 5A98971995D7A2B5AE6BEA69344FCC6687B582FEF74BDA206D32FB2E6CEB0478 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
07:40:29.0873 0x0c5c  DcpSvc - ok
07:40:29.0926 0x0c5c  [ 6129EA4294C5C69E4665801E95B16AB2, CE419186CF0F57434426FF925A09F13BE87639679CBB5F2074B0E1A243349D27 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
07:40:29.0968 0x0c5c  defragsvc - ok
07:40:30.0016 0x0c5c  [ D12B9B6A6C4885824876422AACC89954, 5853ED5CAF84B7AAFF3EDC5C71FE23EB121DB681D81267D77118424BA9AB6F88 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
07:40:30.0092 0x0c5c  DeviceAssociationService - ok
07:40:30.0143 0x0c5c  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
07:40:30.0179 0x0c5c  DeviceInstall - ok
07:40:30.0224 0x0c5c  [ 5BF8BD9B19D665452494C8D56DF4B28D, E5FC649207EF42C04B6737D442FECD3383E82F8998B140319FF400773F1D0978 ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
07:40:30.0303 0x0c5c  DevQueryBroker - ok
07:40:30.0354 0x0c5c  [ 935823F79CBEDB91637B63D37E3A5A36, BE9A46F1CA631B9252C71758901D55456DC3C143053003D9FA7D67811A1E5026 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
07:40:30.0394 0x0c5c  Dfsc - ok
07:40:30.0444 0x0c5c  [ D461D2BECEFA661291EB1B748A8D2CCB, 7275859FCDE58DE6C0C683AFDAD910EB4602336CC724EEE42495A8839213469D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
07:40:30.0498 0x0c5c  Dhcp - ok
07:40:30.0588 0x0c5c  [ 9F5AC03F5A0000DD96FA29CD68A6605B, 6964E077635E65DA902CA6C69E704A9DCD5856D22BA75E1CF823E63E62266AF7 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
07:40:30.0641 0x0c5c  diagnosticshub.standardcollector.service - ok
07:40:30.0722 0x0c5c  [ 5F1CAF0E823BADD5576555CC876F1067, 53AED2137D1BACA5AA24C265E2591F12D91C4652AF35D52843F045CAE4CDDB2E ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
07:40:30.0790 0x0c5c  DiagTrack - ok
07:40:30.0837 0x0c5c  [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk            C:\WINDOWS\system32\drivers\disk.sys
07:40:30.0852 0x0c5c  disk - ok
07:40:30.0901 0x0c5c  [ E32F15E26724F3BB6423FB29FF3E2A8F, E8CF9829D2A74F4423424F8D169E726B88F50734F0B1ADC735691C37C9F32DAA ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
07:40:30.0961 0x0c5c  DmEnrollmentSvc - ok
07:40:30.0998 0x0c5c  [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
07:40:31.0080 0x0c5c  dmvsc - ok
07:40:31.0127 0x0c5c  [ 5EF8EC71A7A91F3DF7798BEFE6786B0E, A3A56B43C72926881C66B7A17C9EAA35C2D9603C8D3849438838536BCD3F4633 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
07:40:31.0160 0x0c5c  dmwappushservice - ok
07:40:31.0210 0x0c5c  [ 5839A317C25F70979433E0905DFABB1B, 7F1CD50C77A33A10259D8A208A355BE7ECAFEA69F810AD908EF8878A792741AF ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
07:40:31.0247 0x0c5c  Dnscache - ok
07:40:31.0265 0x0c5c  [ 1B15297A3A2CAB6BD586676154F389D8, 623D5F5FC8622B7D9AEEEB1787E6846C1570F0EEF94341239440B616D09D672A ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
07:40:31.0299 0x0c5c  dot3svc - ok
07:40:31.0318 0x0c5c  [ 316C2D8B8E3C0727969F1C3790EF7193, 631F8578FDB26578C8436E4B9C4DF21E1F58FCFE6DA66E5769AAC3739005D465 ] DPS             C:\WINDOWS\system32\dps.dll
07:40:31.0396 0x0c5c  DPS - ok
07:40:31.0408 0x0c5c  [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud         C:\WINDOWS\system32\DRIVERS\drmkaud.sys
07:40:31.0420 0x0c5c  drmkaud - ok
07:40:31.0470 0x0c5c  [ 16EE6701115BECF8C657D9D6E123F6A1, 16E115B5245C3C988F8B58B90D30F183021C7C7792D3D1C74BEC606E49672B2A ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
07:40:31.0539 0x0c5c  DsmSvc - ok
07:40:31.0593 0x0c5c  [ FBC8C56814642A7CA88ACBCA8DD1121F, 108690704A359991C3D6577477E232F5F2F46B36DF6B4B0738A893EF05D7D4EB ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
07:40:31.0678 0x0c5c  DsSvc - ok
07:40:31.0743 0x0c5c  [ E5EF652F8C880EC48A4E827698416338, 49F7BD33A1EA1BE996698C0476C92E7C7F7FEC2940ED6018614E3AB18E8FACAC ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
07:40:31.0822 0x0c5c  DXGKrnl - ok
07:40:31.0884 0x0c5c  [ B6E9825DE4171B2CDCCC03951A2DCD3F, 903DB42908D7F9C19604CAA674A8F5AC9E14431A8FCD5874BBDDFD129521035C ] e1kexpress      C:\WINDOWS\system32\DRIVERS\e1k63x64.sys
07:40:31.0904 0x0c5c  e1kexpress - ok
07:40:31.0946 0x0c5c  [ 0CDF6B61D7F7FFCD195AF0113B9B2C16, 828D3FA31742B54075EAED2E67BBB5166D2EF4F84B791077E96DC0BD5557F11E ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
07:40:31.0976 0x0c5c  Eaphost - ok
07:40:32.0098 0x0c5c  [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
07:40:32.0224 0x0c5c  ebdrv - ok
07:40:32.0269 0x0c5c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] EFS             C:\WINDOWS\System32\lsass.exe
07:40:32.0285 0x0c5c  EFS - ok
07:40:32.0338 0x0c5c  [ CEF108FCE06892CFA5F1B49527D4BF49, FA337584024B6E6EE4AF519F57FFA4C0FCA19EDC148FF309336C4CCA8F9C9CE8 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
07:40:32.0352 0x0c5c  EhStorClass - ok
07:40:32.0369 0x0c5c  [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
07:40:32.0384 0x0c5c  EhStorTcgDrv - ok
07:40:32.0427 0x0c5c  [ E34DEFC09F2843C2C24C2248F1ABE6D8, 1FD67EB5820A1D2F4402DE9D95DE288DB69D421A8473074FF23491D7CA8B5ACE ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
07:40:32.0513 0x0c5c  embeddedmode - ok
07:40:32.0565 0x0c5c  [ 3182FCAF6AAF478791DE5B430C912D4D, 6044BB8A895F0E5BEAA5390457730AE9DB26A5611DC1CD55CE91F2331D2C3086 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
07:40:32.0625 0x0c5c  EntAppSvc - ok
07:40:32.0634 0x0c5c  [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
07:40:32.0659 0x0c5c  ErrDev - ok
07:40:32.0715 0x0c5c  [ 17BE4A35829B37C742084DC02D48E5F0, 7FDA62B56DF585C3F2C6FFB10AC7C0D8F70FA921C4DEA47B2789745CFE2618CE ] EventSystem     C:\WINDOWS\system32\es.dll
07:40:32.0764 0x0c5c  EventSystem - ok
07:40:32.0791 0x0c5c  [ DFE8A33FBCF6F38182631A4D6097B92D, F9D06780830E74FD5309E6DC5C3EEDB9334A8AE284F381FA91EF2729297F8632 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
07:40:32.0837 0x0c5c  exfat - ok
07:40:32.0882 0x0c5c  [ C330883C06E2D4CE4F6982F048265D37, 26044DE176056B7F5BF2A50A659243CFD7F25CFEE035B3A3C3165B3699872926 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
07:40:32.0903 0x0c5c  fastfat - ok
07:40:32.0956 0x0c5c  [ 952F10D2116B91BA433842D07879AE7A, 9E1EC0C719877EF198AA4DDBE896E9DDEAD360AAC1FC6DF305E7C5C73C7A761D ] Fax             C:\WINDOWS\system32\fxssvc.exe
07:40:33.0068 0x0c5c  Fax - ok
07:40:33.0113 0x0c5c  [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
07:40:33.0141 0x0c5c  fdc - ok
07:40:33.0184 0x0c5c  [ 47D09B8C312658ACE433E46DDF51C3A5, E76948DA0F51C7DC6D69B7E36D63CE6E98FDE619FA30E91637F75B5084107D22 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
07:40:33.0209 0x0c5c  fdPHost - ok
07:40:33.0221 0x0c5c  [ 177AC945B20C81400A1525ED7B49A425, FD215A2E718EA38A95D985F53AB3DD44B50C2549AA67F44BA98C4709E492051F ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
07:40:33.0249 0x0c5c  FDResPub - ok
07:40:33.0266 0x0c5c  [ 3E78BEC276DA5A062E4D55F3291B3463, 62983457F506C70D1F89F527AB61C1C0F4D1B002631256A2708F9AF092A8C95E ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
07:40:33.0318 0x0c5c  fhsvc - ok
07:40:33.0331 0x0c5c  [ 8F2523C9D8F1448FF2156452AF60FA00, 1D39CA54F5F1E62385D9EC041F9445BDDCB63740859B9418AE904FDF3D8388ED ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
07:40:33.0370 0x0c5c  FileCrypt - ok
07:40:33.0388 0x0c5c  [ 92ECCFA58C8195B8EA33ED942469D4E6, 8DB12E8CF80ECA22182F9A1F4CA922336A430297F1F596F204ECF4D9D19F30D9 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
07:40:33.0403 0x0c5c  FileInfo - ok
07:40:33.0445 0x0c5c  [ 87C51FDD50C17882BA93E28BBABB9847, 8987D80FB77D1D3F9E89B491B1287B027DA26FFC4E4BA7B01E07D4D4FC69E236 ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
07:40:33.0465 0x0c5c  Filetrace - ok
07:40:33.0476 0x0c5c  [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
07:40:33.0501 0x0c5c  flpydisk - ok
07:40:33.0520 0x0c5c  [ 25D7A58625E1453E40D36825DE74E4F1, 74119803D35E3C3CC349B44C6CD9EDF6B797F88584B847F0BF9EED542719B86B ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
07:40:33.0551 0x0c5c  FltMgr - ok
07:40:33.0634 0x0c5c  [ F1BA85CF2AEE08860C8D5BF82C342F44, 109D5E1AA11ECCFB598BBD09E98991F1E4915B2282B72C727F3E2C73678E2593 ] FontCache       C:\WINDOWS\system32\FntCache.dll
07:40:33.0791 0x0c5c  FontCache - ok
07:40:33.0873 0x0c5c  [ E79DAC43A5E191FC4DDB04197A704BFA, 2FA6C8B5B2DFE66C05828E3F55DFD6268A8210E9BD083F2D09367AD59AF1C6C1 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:40:33.0884 0x0c5c  FontCache3.0.0.0 - ok
07:40:33.0927 0x0c5c  [ B4175E8BE60B099686FF55CA7D692316, 3158FC5B4D1A2F1FC1346754392AE24AE58999B9061B1CE78A65E785BFFADD52 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
07:40:33.0941 0x0c5c  FsDepends - ok
07:40:33.0959 0x0c5c  [ CC71372CEB811A72F1DC99089C5CBF53, BB9DDE74D60E534A6F8A51B63DDBB441245F06A00A0AFD37DBBE86255690946D ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:40:33.0973 0x0c5c  Fs_Rec - ok
07:40:34.0035 0x0c5c  [ 50DFE05C698E9B0A63D95E3D669A105C, 3A7D5AE4A01B90C2ECF22AD2783A84C2329EAB9BACFA5237A7DCC3DC5995A864 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
07:40:34.0068 0x0c5c  fvevol - ok
07:40:34.0074 0x0c5c  [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
07:40:34.0088 0x0c5c  gagp30kx - ok
07:40:34.0132 0x0c5c  [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
07:40:34.0160 0x0c5c  gencounter - ok
07:40:34.0207 0x0c5c  [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
07:40:34.0290 0x0c5c  genericusbfn - ok
07:40:34.0312 0x0c5c  [ F802FBABF0C4DF1BAA733187B2E476F5, E2533284CEBBB872196B013DD1FBBCA794DB1CAAA37D64849BD9264ECDD2CEE6 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
07:40:34.0328 0x0c5c  GPIOClx0101 - ok
07:40:34.0405 0x0c5c  [ B89C353AFC8F56D961D07FF1FE7B4BCD, C4491A1E33E0151AF3D7589769D4DCFABC68518A22393A7584FB573B47643B2F ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
07:40:34.0510 0x0c5c  gpsvc - ok
07:40:34.0561 0x0c5c  [ D011B0ADB15F4815310CE1BF4780B33E, 3860630917F83A89FE7A6407CC544505FA4BD754619CF273DD630ABFBAAE42EE ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
07:40:34.0586 0x0c5c  GpuEnergyDrv - ok
07:40:34.0621 0x0c5c  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:40:34.0631 0x0c5c  gupdate - ok
07:40:34.0636 0x0c5c  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:40:34.0645 0x0c5c  gupdatem - ok
07:40:34.0667 0x0c5c  [ 0F93EBE9071A6BB1548BF0F816EEA24B, 79A99544C00F59996980D299BFACA0463D86158BFA51C8045CE4FF4951779A44 ] HdAudAddService C:\WINDOWS\system32\DRIVERS\HdAudio.sys
07:40:34.0702 0x0c5c  HdAudAddService - ok
07:40:34.0718 0x0c5c  [ 84BC034B6BB763733C1949B7B9BAF976, 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
07:40:34.0734 0x0c5c  HDAudBus - ok
07:40:34.0781 0x0c5c  [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
07:40:34.0808 0x0c5c  HidBatt - ok
07:40:34.0821 0x0c5c  [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
07:40:34.0853 0x0c5c  HidBth - ok
07:40:34.0867 0x0c5c  [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
07:40:34.0892 0x0c5c  hidi2c - ok
07:40:34.0907 0x0c5c  [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
07:40:34.0921 0x0c5c  hidinterrupt - ok
07:40:34.0982 0x0c5c  [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
07:40:34.0999 0x0c5c  HidIr - ok
07:40:35.0042 0x0c5c  [ 46DE2EF6382DD9613CB506760648F262, 419555220794380134A64E1956B83B2FD1D1B6E403C5FC729A9107E14A12E968 ] hidserv         C:\WINDOWS\system32\hidserv.dll
07:40:35.0072 0x0c5c  hidserv - ok
07:40:35.0135 0x0c5c  [ 128DEDDD61915DBA4D451D91D21F0513, 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
07:40:35.0219 0x0c5c  HidUsb - ok
07:40:35.0264 0x0c5c  [ EDE31817FC0A574E7CC3AF7E544C8951, DC8D07A15525E1CA52C5F6DFAEB2585807D45FC3400EAC9E27DC27E46B5B480F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
07:40:35.0333 0x0c5c  HomeGroupListener - ok
07:40:35.0387 0x0c5c  [ E2145534FB853921788F52701BED0CAB, DF71F842772FAC21DD8994C97F578A78AC43D06C5F26F752FB69B47DFE3BB112 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
07:40:35.0438 0x0c5c  HomeGroupProvider - ok
07:40:35.0532 0x0c5c  [ 86724A200BF1F08A03FB563660FCD928, E2BDD30D7AFECB0F517BB02C788C93D506FB2B180DCA239BC4A1FEDB1E986EAD ] HP DS Service   C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
07:40:35.0568 0x0c5c  HP DS Service - detected UnsignedFile.Multi.Generic ( 1 )
07:40:36.0591 0x0c5c  Detect skipped due to KSN trusted
07:40:36.0591 0x0c5c  HP DS Service - ok
07:40:36.0641 0x0c5c  [ 9C42E435F629CD8512BECFA082762425, BC817D05E5B8BE05CAB05F075A2C0B3CCF39E6BBD924BD0040C698F4D4580677 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
07:40:36.0666 0x0c5c  HP LaserJet Service - detected UnsignedFile.Multi.Generic ( 1 )
07:40:37.0032 0x0c5c  Detect skipped due to KSN trusted
07:40:37.0032 0x0c5c  HP LaserJet Service - ok
07:40:37.0068 0x0c5c  [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
07:40:37.0081 0x0c5c  HpSAMD - ok
07:40:37.0152 0x0c5c  [ 63C3F74DC398A1C1A77E39DFB9C312CA, 283A13899838B4313BFBC406E832042696C549640A1AB11E23C0B9E499289836 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
07:40:37.0205 0x0c5c  HTTP - ok
07:40:37.0246 0x0c5c  [ CBA5E88A0F0475B7F49653BB72150BEF, 0F03560D9C30E069D117A555AEE729C81E6BCAE443FA25172D0E9E6903695C67 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
07:40:37.0258 0x0c5c  hwpolicy - ok
07:40:37.0279 0x0c5c  [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
07:40:37.0307 0x0c5c  hyperkbd - ok
07:40:37.0320 0x0c5c  [ 40115A0F8E7FF9E786EBBD1D33D39AD7, 5190D3970950251CD0946521C428BF26BF7D68C2984B990B8EFDD406EC9CDFE1 ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
07:40:37.0347 0x0c5c  HyperVideo - ok
07:40:37.0361 0x0c5c  [ 53FDD9E69189E546DE4740F8C4D8AB2F, 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
07:40:37.0436 0x0c5c  i8042prt - ok
07:40:37.0455 0x0c5c  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
07:40:37.0472 0x0c5c  iai2c - ok
07:40:37.0519 0x0c5c  [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
07:40:37.0539 0x0c5c  iaLPSS2i_I2C - ok
07:40:37.0553 0x0c5c  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
07:40:37.0563 0x0c5c  iaLPSSi_GPIO - ok
07:40:37.0569 0x0c5c  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
07:40:37.0601 0x0c5c  iaLPSSi_I2C - ok
07:40:37.0627 0x0c5c  [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
07:40:37.0661 0x0c5c  iaStorAV - ok
07:40:37.0714 0x0c5c  [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
07:40:37.0737 0x0c5c  iaStorV - ok
07:40:37.0753 0x0c5c  [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
07:40:37.0777 0x0c5c  ibbus - ok
07:40:37.0823 0x0c5c  [ 57C88C15CEC97318F580D7F4327AAA46, FD3AD83576804DA819F48E3E198FE470420E730F6118AD0E719A91E67C80D3FE ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
07:40:37.0879 0x0c5c  icssvc - ok
07:40:37.0884 0x0c5c  IEEtwCollectorService - ok
07:40:38.0180 0x0c5c  [ 83915E05E168AB63B48302F7DC5D8E00, CD7300A5FFD5A8CE47690CDC1223F4693C536D5667F842CA457CC8716AA3F618 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
07:40:38.0692 0x0c5c  igfx - ok
07:40:38.0781 0x0c5c  [ 5E5BEC886CC2503C4F18AF2153B169AF, BCC241AEFFFEF0B56909F9141F7EA424D945532B8610E6A3BEF590FEB00FA26D ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
07:40:38.0864 0x0c5c  IKEEXT - ok
07:40:38.0885 0x0c5c  [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
07:40:38.0898 0x0c5c  intelide - ok
07:40:38.0911 0x0c5c  [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
07:40:38.0925 0x0c5c  intelpep - ok
07:40:38.0941 0x0c5c  [ B61B60F36E1C8022FA8166ABF0F66B07, 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
07:40:38.0970 0x0c5c  intelppm - ok
07:40:39.0014 0x0c5c  [ CA0D42029AFFC4514D295E1EF823D02D, F2A05CB2B2E8C843FD02DC37E86F23CF928A4B2F9044424A60DE4E82B87DF5C3 ] IoQos           C:\WINDOWS\system32\drivers\ioqos.sys
07:40:39.0054 0x0c5c  IoQos - ok
07:40:39.0099 0x0c5c  [ 6E3F9D95235DFC9417384080A216F310, 6F13D72661038A91CFABB360621F4B169D78955C3EAD64956A7C825ABAEC5121 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:40:39.0126 0x0c5c  IpFilterDriver - ok
07:40:39.0193 0x0c5c  [ 5AAB28A6AC2AAC9F66D4EAB6695D0474, BDAB1D04989788EA945C7FE0DE962F0FEC672D9703C271F8469822A91D7462B9 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
07:40:39.0284 0x0c5c  iphlpsvc - ok
07:40:39.0304 0x0c5c  [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
07:40:39.0335 0x0c5c  IPMIDRV - ok
07:40:39.0357 0x0c5c  [ 9E5E8F2A1996F23B7E9687846AA81B01, 29E59384A4F92B3B4F2974942C91A12380113C13D3800900B5F44E2355D05455 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
07:40:39.0388 0x0c5c  IPNAT - ok
07:40:39.0405 0x0c5c  [ C317EB660138BC9CBFE37CCDE56351AE, F3AF6C573419D7F65C96A4841D4F056CA281CD5AFACDC7A5F586A390DC6E615B ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
07:40:39.0435 0x0c5c  IRENUM - ok
07:40:39.0451 0x0c5c  [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
07:40:39.0464 0x0c5c  isapnp - ok
07:40:39.0483 0x0c5c  [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
07:40:39.0503 0x0c5c  iScsiPrt - ok
07:40:39.0551 0x0c5c  [ 701D7DB13B0815E7076EF4CB4CE981F8, 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
07:40:39.0565 0x0c5c  kbdclass - ok
07:40:39.0578 0x0c5c  [ 884EBBDDBF5968003B40185BD96FF0E6, E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
07:40:39.0609 0x0c5c  kbdhid - ok
07:40:39.0614 0x0c5c  [ 6B3A0C7902811E6372643447E41F7048, 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
07:40:39.0694 0x0c5c  kdnic - ok
07:40:39.0704 0x0c5c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] KeyIso          C:\WINDOWS\system32\lsass.exe
07:40:39.0719 0x0c5c  KeyIso - ok
07:40:39.0764 0x0c5c  [ 982C795DE20CED7AEDD2E7899B5D9BC1, 9F4E7536DB253CD83AA2AB89E9F3311714CD70F13AFD16F9B4D4CD86A70FC164 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
07:40:39.0781 0x0c5c  KSecDD - ok
07:40:39.0812 0x0c5c  [ C2138FE291C8235C3A26CD04EE629163, 33A840893B104BFCF111C99F8C23B283EF26D8E1BB523BDA0259F6B56B60874D ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
07:40:39.0829 0x0c5c  KSecPkg - ok
07:40:39.0834 0x0c5c  [ E9BB0023D730701BB5D9839B44F5E6B5, 19D4BAC09424D331922472CFD2D0E32BEFA9188A6AF194C8D1F93FD77CE36691 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
07:40:39.0855 0x0c5c  ksthunk - ok
07:40:39.0911 0x0c5c  [ 71DE1AD9B23661EEC4F2A6EAA5A7D33D, 3219AEF3D6AE5933AE669FD2ED9ED95A8780612E39F31DB3DB9ED6B6244C5F7B ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
07:40:40.0010 0x0c5c  KtmRm - ok
07:40:40.0059 0x0c5c  [ 8BBB2B4429AF340481520C20C17FC5B6, 9E32815349195FC4B1BE213600FD407F2EAEEC8368289EB3E6B769125A739C08 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
07:40:40.0105 0x0c5c  LanmanServer - ok
07:40:40.0120 0x0c5c  [ 1F5D48B1DA1B812BD2411CA44D75DD32, D1BDB8142CB13E8C6DD6F42E07C9D19BBBF6410D5122A04C01B34B95B442DD95 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
07:40:40.0155 0x0c5c  LanmanWorkstation - ok
07:40:40.0199 0x0c5c  [ 02C54C5C7EBE371EC0C59795ED22213F, 712AFE0EDF40436124F3FD55ED9B5A3A33A8761A58F4D482BB65229741B1C270 ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
07:40:40.0286 0x0c5c  lfsvc - ok
07:40:40.0302 0x0c5c  [ 01BF128CC327A2E53898F732AF52B3DB, D62ACDA69D9942F9CEF400874DBB6EAF9811D9657CBFEF89174F88D76BB8D8EA ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
07:40:40.0397 0x0c5c  LicenseManager - ok
07:40:40.0439 0x0c5c  [ EC34EED89C34B27C292166B725AC7A7B, 58F1BA0CB7743314AC012A82F8CE4072CBDD05D9570C52BC18DC551882F5B1BA ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
07:40:40.0466 0x0c5c  lltdio - ok
07:40:40.0512 0x0c5c  [ 2C23283A0815B048C06D8C0ED76AAD95, 4335546939C1A98CFE9A4403CC82D79CC713439E4DFD1F4760FDD867305151E0 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
07:40:40.0539 0x0c5c  lltdsvc - ok
07:40:40.0587 0x0c5c  [ CB6365E995F4DB856866500EDD8F61C1, 717ED387F245CAC68217B0F393D7B8AB3805721AB2C4D2D43430FE6E740F0856 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
07:40:40.0638 0x0c5c  lmhosts - ok
07:40:40.0688 0x0c5c  [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
07:40:40.0702 0x0c5c  LSI_SAS - ok
07:40:40.0708 0x0c5c  [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
07:40:40.0723 0x0c5c  LSI_SAS2i - ok
07:40:40.0729 0x0c5c  [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
07:40:40.0744 0x0c5c  LSI_SAS3i - ok
07:40:40.0751 0x0c5c  [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
07:40:40.0765 0x0c5c  LSI_SSS - ok
07:40:40.0792 0x0c5c  [ FFAA37FBBDD161E8C200C83B40F7872E, 0637B3119FC220CB8E23EE6694A9F1F25CF8D61008B14F6E30FDC17DCF9E077E ] LSM             C:\WINDOWS\System32\lsm.dll
07:40:40.0897 0x0c5c  LSM - ok
07:40:40.0950 0x0c5c  [ 2FCF837196082864F66CFD9CAB256275, 8BE01C3BCBC1E6E5D1FD7F49E936482E61ACB805F397AB81B8D39C2F0F1083BD ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
07:40:40.0982 0x0c5c  luafv - ok
07:40:41.0031 0x0c5c  [ 98E3D2BB421424B0457F8B7C46113110, 479187820318E9193765ADAA1D2E83E5752D9A2B22941DF3660C413DA029E618 ] MapsBroker      C:\WINDOWS\System32\moshost.dll
07:40:41.0081 0x0c5c  MapsBroker - ok
07:40:41.0115 0x0c5c  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
07:40:41.0126 0x0c5c  MBAMProtector - ok
07:40:41.0192 0x0c5c  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
07:40:41.0250 0x0c5c  MBAMScheduler - ok
07:40:41.0288 0x0c5c  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
07:40:41.0334 0x0c5c  MBAMService - ok
07:40:41.0358 0x0c5c  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
07:40:41.0369 0x0c5c  MBAMSwissArmy - ok
07:40:41.0390 0x0c5c  [ 898415AC0B5F1D2A9A48ABCB68A6DC4B, E1FD9AE5E22E3E5A18288E66A6184E92A4B63A1274DCE147A7728BB09C6A225E ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
07:40:41.0399 0x0c5c  MBAMWebAccessControl - ok
07:40:41.0446 0x0c5c  [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
07:40:41.0460 0x0c5c  megasas - ok
07:40:41.0486 0x0c5c  [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
07:40:41.0519 0x0c5c  megasr - ok
07:40:41.0563 0x0c5c  [ F2C23E25636BCA3543E6AD7858E861B7, 0CAB0A037471B4858CE9477E49BF50A5E3E6685E05F8A4BD2D9238551D5073A6 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
07:40:41.0600 0x0c5c  MessagingService - ok
07:40:41.0700 0x0c5c  [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
07:40:41.0735 0x0c5c  mlx4_bus - ok
07:40:41.0749 0x0c5c  [ 64BD0C87064EA20C2D3DC4199F9C239C, ED69706277A58ED2C5F2B1B4E9A4A9C7C20173D46EB57FB31D8B63340BA23193 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
07:40:41.0831 0x0c5c  MMCSS - ok
07:40:41.0877 0x0c5c  [ 8D4B46FA84A3A3702EDADD37FAC6EDBA, E3B9E12BD324FE637C365FDC5E490C41889047004D4FC8F7D78339484F2F717B ] Modem           C:\WINDOWS\system32\drivers\modem.sys
07:40:41.0906 0x0c5c  Modem - ok
07:40:41.0938 0x0c5c  [ 78FEC1BDB168370F131BFBFEA0A04E9D, E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
07:40:42.0021 0x0c5c  monitor - ok
07:40:42.0066 0x0c5c  [ D1CC0833CFBC4222A95CAA5D0C8C78FF, 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
07:40:42.0080 0x0c5c  mouclass - ok
07:40:42.0084 0x0c5c  [ C2E05EC6B80BCF5AE362DA873E1BCE64, 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
07:40:42.0153 0x0c5c  mouhid - ok
07:40:42.0176 0x0c5c  [ D5B7668A8F6C67C51FA5C6C513396D6C, 35985AD89344A8464BD78B8DA6A772E4E60A2EB93072AC23673A86EFD0B2270A ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
07:40:42.0191 0x0c5c  mountmgr - ok
07:40:42.0234 0x0c5c  [ 0DE2474F316C515482ABAD3B697F8714, 62862AE7432F5350068E96AD466093359C6CF444EB517AE6D09134FAF78C49F5 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:40:42.0246 0x0c5c  MozillaMaintenance - ok
07:40:42.0252 0x0c5c  [ 5FBCB85D127BE21E3A9DAF11A13C00EA, D00AB99CC813E26B0BD2D39161D4138AB89A06B3E3A28712F2D5BCA60905BEC4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
07:40:42.0330 0x0c5c  mpsdrv - ok
07:40:42.0412 0x0c5c  [ 0B28F2ACE5103586D322AD98FAA01309, CE3053DEB6E452C6DCDFD371CF113EB0D740DED6C1C537CB749D1BE5E97FAB09 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
07:40:42.0502 0x0c5c  MpsSvc - ok
07:40:42.0553 0x0c5c  [ 2B9A1FF2450BAF7A795941BE471F16EF, DD213BACDAE4E3C4F89BFE54BCE77B2F66D12AA85949147AE8A31049876CAA3E ] MQAC            C:\WINDOWS\system32\drivers\mqac.sys
07:40:42.0637 0x0c5c  MQAC - ok
07:40:42.0686 0x0c5c  [ BF6CA7EA5ECD6CF72D3D76652A9B8280, 8EC031D0D8E75CB583B129CBA518701097697498621307108388FA05FBF604BB ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
07:40:42.0771 0x0c5c  MRxDAV - ok
07:40:42.0826 0x0c5c  [ 0B3B0C1D86050355676640488FA897D3, DBED9D6F7AAFB11F4C00C1F69DB7A887A3058E5FA66615A1640242439822B60C ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:40:42.0849 0x0c5c  mrxsmb - ok
07:40:42.0858 0x0c5c  [ 1A490555FD330CA2764D89191177C867, 1004AE2F80BEA9A6DBA3E6B5D2DDFA44FBA253F7137D60B000B094699DE1CB12 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
07:40:42.0941 0x0c5c  mrxsmb10 - ok
07:40:42.0949 0x0c5c  [ 0F47A6C09F0A7FB5513D322A2B9BE4EC, 00A17CB55D232E11F3D24D0B43FE4FA9E55F7EF5E5607B26ED84C13108AAC4FA ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
07:40:42.0967 0x0c5c  mrxsmb20 - ok
07:40:42.0990 0x0c5c  [ A4411C522D41707D5BCA817A5BB9E30B, EF7505BE475ECAB2B5E66A7419EDAF42A7E7A65BAD3BBE346A8CEE5DD69782CC ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
07:40:43.0080 0x0c5c  MsBridge - ok
07:40:43.0128 0x0c5c  [ 807A6636828E5F43C10A01474B8907EE, F275645F4F0D0A796C33C03EA7FA563A0B890AB3A93E5F99C5EA166F91D249B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
07:40:43.0165 0x0c5c  MSDTC - ok
07:40:43.0182 0x0c5c  [ D123343DDB02E372B02BF2C4293F835F, 8E02D9F7E5DA717B64538444B3FE1C55AA4B0F26F51DA20947E971D27EA09D12 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
07:40:43.0222 0x0c5c  Msfs - ok
07:40:43.0267 0x0c5c  [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
07:40:43.0281 0x0c5c  msgpiowin32 - ok
07:40:43.0295 0x0c5c  [ B2044D5D125F249680508EC0B2AAEFAC, 9631FF42DA5A7CEE1F2607AA8972EF0A67616F0EEEBC95F97B1C8F5A577ED5C4 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
07:40:43.0318 0x0c5c  mshidkmdf - ok
07:40:43.0329 0x0c5c  [ 36ABE7FC80BED4FE44754AE5CFB51432, FB89DF3A50C52B69D4E831A370157D1901810093A0D7D7120A120FC5C6E14BF5 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
07:40:43.0352 0x0c5c  mshidumdf - ok
07:40:43.0367 0x0c5c  [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
07:40:43.0380 0x0c5c  msisadrv - ok
07:40:43.0433 0x0c5c  [ 236A38F5CB0A23BF0ACCD70ED0BD7F70, 8106B528458E6C8E4437D9064D58F10FF195E67CD308AEBBD5F860AD2D59DCC4 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
07:40:43.0463 0x0c5c  MSiSCSI - ok
07:40:43.0467 0x0c5c  msiserver - ok
07:40:43.0511 0x0c5c  [ E9457EDFEBC774199F907395C6D09CA2, C3655CE83F4AD1258382722E9A99C33FDD3AA40B62CFEB8DFDD141E254E6DCE2 ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
07:40:43.0535 0x0c5c  MSKSSRV - ok
07:40:43.0587 0x0c5c  [ C85D79735641D27C5821C35ECDDC2334, C1BAFD98122B04665870171C143EC119181351D10777A83680A63BF305703FF3 ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
07:40:43.0612 0x0c5c  MsLldp - ok
07:40:43.0658 0x0c5c  [ 30130E99810283026C5FA2F57A4BB488, 3CF97CC2F63A7CDEA19C8B2DD73EED161309A7C334FF80567C18423F2DA34249 ] MSMQ            C:\WINDOWS\system32\mqsvc.exe
07:40:43.0692 0x0c5c  MSMQ - ok
07:40:43.0696 0x0c5c  [ EF75184B64356850D0F04D049C253526, 325476F53372BD70201347F044C8EFEC0DB939E1926454B6DCC0CF7864969650 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
07:40:43.0710 0x0c5c  MSPCLOCK - ok
07:40:43.0716 0x0c5c  [ 543933D166C618E7588EA77707EC1683, 84A65D277E28FDD7CE2345188891093AC88B577E4C528AD39AB629E341199688 ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
07:40:43.0730 0x0c5c  MSPQM - ok
07:40:43.0754 0x0c5c  [ 182711E9DDF70121A20EBB61B2DFB9E8, 70606503F6280EA3175B9AEC8370A8F461575755DA86EF6E9C9D04EAD61481FA ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
07:40:43.0775 0x0c5c  MsRPC - ok
07:40:43.0804 0x0c5c  [ E887FFDD6734C496407E9219225CB6FF, 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
07:40:43.0817 0x0c5c  mssmbios - ok
07:40:43.0821 0x0c5c  [ 83A2AB75951000D681FABDB80C07AEFC, 3B2F582F097E3F934C4587B27CB05525350F36924B74CA6BCD364878FA8EC273 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
07:40:43.0855 0x0c5c  MSTEE - ok
07:40:43.0859 0x0c5c  [ 4FA0483896FC16583851EFB733FCB083, BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
07:40:43.0881 0x0c5c  MTConfig - ok
07:40:43.0887 0x0c5c  [ 60F88248608315E13391C2F1C3B4473F, 99E8B74118A01FC281A1C6B323EFD1A8EA1997B81A013442205066F55327D555 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
07:40:43.0902 0x0c5c  Mup - ok
07:40:43.0919 0x0c5c  [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
07:40:43.0933 0x0c5c  mvumis - ok
07:40:43.0991 0x0c5c  [ 549DFD8240CF20BFBD88AD9D89325DBF, D2553AEA91524E7EBCE902D175BCE3A14C594FB0B5E1310E2D9171AF903CF51C ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
07:40:44.0073 0x0c5c  NativeWifiP - ok
07:40:44.0120 0x0c5c  [ A340A4B27CC7DEDDF953B7E2C9699747, 4C5AB23BD0C69B17E9BD29CAFEDC100A6EFC78BAB645B007FCAE4318C459D345 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
07:40:44.0202 0x0c5c  NcaSvc - ok
07:40:44.0251 0x0c5c  [ 24146738C422814EEB2A98FF1FC5C6E1, 3C70C6768681CE63DED339822EFB36194037B987D92456B9E955061A3A3C63BC ] NcbService      C:\WINDOWS\System32\ncbservice.dll
07:40:44.0310 0x0c5c  NcbService - ok
07:40:44.0356 0x0c5c  [ 476466DC3AB2327E2DBFAEC11798E2EE, 9ACD74720664CF3F239601DF0BE80AC443AF0FBF666CBB8509169364FB22B95D ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
07:40:44.0433 0x0c5c  NcdAutoSetup - ok
07:40:44.0494 0x0c5c  [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
07:40:44.0507 0x0c5c  ndfltr - ok
07:40:44.0582 0x0c5c  [ E582DA849A58524E645545FB68B6625D, B74E2CF078F6C575EFC4A2E4293D03FE6BA933307D656E0E57FFA17EF324948D ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
07:40:44.0620 0x0c5c  NDIS - ok
07:40:44.0637 0x0c5c  [ 202260E7CDD731A32AF62ABD1ABEE008, 0E019FAE09B2659CC3267756DB962CCD69172BA67E3288B491F7B455287A5392 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
07:40:44.0704 0x0c5c  NdisCap - ok
07:40:44.0718 0x0c5c  [ A1D473D0CF10561F29B58EA7C5412A92, 3DBFC1D769E03E30C87FF4F30A9B523A69A7E0CD4EB87F8A9ECE190FEB84C569 ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
07:40:44.0748 0x0c5c  NdisImPlatform - ok
07:40:44.0761 0x0c5c  [ 1A0AE283B8DE6BB76412A0F8213D45AC, 91AFFDC7A9277EB59CD54021049BEA715078F90470B8A12F3E9F1386DF068D2D ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:40:44.0779 0x0c5c  NdisTapi - ok
07:40:44.0792 0x0c5c  [ A74EE2D2C0BFF5EC3A6185791868C4CA, A346320DEBEAE890575B4C6594FB3A3A9890A0E86881ADD8376E442282C88D38 ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
07:40:44.0821 0x0c5c  Ndisuio - ok
07:40:44.0865 0x0c5c  [ 32A9BD1342640D48AD85C8B3E812B984, B702B05A0180472139B35B105DD3B6B6F75AEDC9DD1EE342FB576259076455AE ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
07:40:44.0886 0x0c5c  NdisVirtualBus - ok
07:40:44.0903 0x0c5c  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
07:40:44.0925 0x0c5c  NdisWan - ok
07:40:44.0933 0x0c5c  [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:40:44.0954 0x0c5c  ndiswanlegacy - ok
07:40:44.0967 0x0c5c  [ 50AEF8EF0064A91ABB08D858D039C9DE, 16F1CBE1EC3778D157CC054261068C8D7F8A72D85853CB70178F8DF81D238C8F ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
07:40:44.0994 0x0c5c  ndproxy - ok
07:40:45.0044 0x0c5c  [ 883A36E2FF7FA3E1281CB575579FE3AF, F1BE02B13C090E2E36BD211055FC980E79BD14F72042773A3619A5143AAEE485 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
07:40:45.0103 0x0c5c  Ndu - ok
07:40:45.0140 0x0c5c  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\System32\HPZinw12.dll
07:40:45.0161 0x0c5c  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
07:40:46.0401 0x0c5c  Detect skipped due to KSN trusted
07:40:46.0401 0x0c5c  Net Driver HPZ12 - ok
07:40:46.0434 0x0c5c  [ 026618ECF6C4BEBDCB7885D42EC0DBE4, 8E7E13361DCF8748FA3AD518B3DE0A3DCE932316EE32E5529E75785BC5395AD1 ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
07:40:46.0447 0x0c5c  NetBIOS - ok
07:40:46.0497 0x0c5c  [ C03E926B0E7D66D68994067231DC3246, 1895BE28921431AA78BEF9AFE01411FE8CDA570867E527E4D925E6FAA35D8BC0 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
07:40:46.0559 0x0c5c  NetBT - ok
07:40:46.0573 0x0c5c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] Netlogon        C:\WINDOWS\system32\lsass.exe
07:40:46.0587 0x0c5c  Netlogon - ok
07:40:46.0632 0x0c5c  [ 7FD4C3D32DAE890608F44074A3437CD8, 5B7D9E9AEE26896B818F3C5DBE4C96A33D43CE2CF7716B95AAB7203611C03BFE ] Netman          C:\WINDOWS\System32\netman.dll
07:40:46.0666 0x0c5c  Netman - ok
07:40:46.0733 0x0c5c  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetMsmqActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:40:46.0779 0x0c5c  NetMsmqActivator - ok
07:40:46.0785 0x0c5c  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetPipeActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:40:46.0798 0x0c5c  NetPipeActivator - ok
07:40:46.0845 0x0c5c  [ A059F75402710535A90A8D043674A514, E98536DF74A2B75FDBA6B866DC1909544292DFE5E14F984941470FBA6E8D810C ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
07:40:46.0897 0x0c5c  netprofm - ok
07:40:46.0916 0x0c5c  [ D8CAB1807EA429C2C647FBC33C30CC88, 8D7CD300A5345444ED39F7BD81B64DEDC4457AF66B5993E9F6A250AE6AD02130 ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
07:40:46.0956 0x0c5c  NetSetupSvc - ok
07:40:46.0973 0x0c5c  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpActivator C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:40:46.0986 0x0c5c  NetTcpActivator - ok
07:40:46.0992 0x0c5c  [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:40:47.0005 0x0c5c  NetTcpPortSharing - ok
07:40:47.0051 0x0c5c  [ 2BB62723C835F75F0C7C9E6A736881FB, CBA690F5205BE8AE1E8ED8A47BC1594E05391DAC30AAEE0A055366F24602346C ] netvsc          C:\WINDOWS\System32\drivers\netvsc.sys
07:40:47.0090 0x0c5c  netvsc - ok
07:40:47.0147 0x0c5c  [ 0FB83658FBB2C5A18AB98C5C94DB9FAF, 2D15A49F47D8185D7914D26916D1237FCBE2F8351A64877CDDDDE26E766C3D2F ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
07:40:47.0204 0x0c5c  NgcCtnrSvc - ok
07:40:47.0229 0x0c5c  [ 7AAA9916AA10F4B0E9743798A5BA6549, 2E38EEF3F487A7DD0B719A048FFA0EB36B2487A1068BB322553E9DD2FCE46711 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
07:40:47.0270 0x0c5c  NgcSvc - ok
07:40:47.0319 0x0c5c  [ 1B8F07B59F7DAE02264FB8A16088C467, 1795DA9F72C34A9F47D9AAF5E95D40C3296948EB89D9600679AB4660671A5C65 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
07:40:47.0355 0x0c5c  NlaSvc - ok
07:40:47.0400 0x0c5c  [ 465DC580170CD844206D7E3EF1DBF2A1, 5A14001029BE154C708CCA34449B280905DB79978FC7F0BE0CF20B20E47752CF ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
07:40:47.0428 0x0c5c  Npfs - ok
07:40:47.0472 0x0c5c  [ 29395C214D2CD4C81F73166AB988A797, 3631EB2EA17E455ECD151C0BC9A3DF6EC87C75B15DC9B607CFB68D7C463E04B7 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
07:40:47.0545 0x0c5c  npsvctrig - ok
07:40:47.0589 0x0c5c  [ AF8B7848E102A83AAECCD24B181CEBE5, B2AAE3567EE3A7975CDFCB3FE41D33C74D4486BFF35FF56E0516A01C744BA52B ] nsi             C:\WINDOWS\system32\nsisvc.dll
07:40:47.0620 0x0c5c  nsi - ok
07:40:47.0633 0x0c5c  [ 2871225495F832A8C8A7DD1A17EDB3DC, 2F6664C7F5FB2341B2AAF3C5A258FA0D7AEEE447562D7F39FD5A4EE905C18C6D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
07:40:47.0660 0x0c5c  nsiproxy - ok
07:40:47.0751 0x0c5c  [ 19BD8A88AAC580592668B070AC0727D9, 60DB84895C40E6412BEB2D0E4D7F05891446B9DE992D70579CC90BA3FB27FC01 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
07:40:47.0832 0x0c5c  NTFS - ok
07:40:47.0882 0x0c5c  [ 6DBD703320484C37CEA9E4E2D266A8CE, 85D6F73C0E3FDE16829C9BC0D13DD89E64183EAE02F84607F6B8440CB7F366E6 ] Null            C:\WINDOWS\system32\drivers\Null.sys
07:40:47.0904 0x0c5c  Null - ok
07:40:47.0924 0x0c5c  [ 604D27CC38CC23493F218D0BB834B3FF, EF5E5759CCF16DD97271C82DAF47FB2086EBCA5DE7D05177B70CA1197B95F41E ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
07:40:47.0940 0x0c5c  nvraid - ok
07:40:47.0950 0x0c5c  [ 8B50D897657AB4A15FD9E251BBF7D107, 36036130DD46D9BF105AC7176E219F3BE7D1168A660A0F8DFF76F61FBFA4B417 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
07:40:47.0967 0x0c5c  nvstor - ok
07:40:47.0983 0x0c5c  [ 31F990B2B6B91E9D7A667405CE12FCB1, 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
07:40:47.0999 0x0c5c  nv_agp - ok
07:40:48.0045 0x0c5c  [ FDDC75FDB8F9B581E3D6513FB85256E8, 8CC4924E69E6008D30219BCE4C0FCCABB5F63ECF82C1A6C8BA374805D34B4FF1 ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
07:40:48.0083 0x0c5c  OneSyncSvc - ok
07:40:48.0131 0x0c5c  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
07:40:48.0214 0x0c5c  p2pimsvc - ok
07:40:48.0268 0x0c5c  [ 4A5634915AF62C983E08425905D0C04C, 09BC3F7AD9F79C5FF59520933D06FE155AC21CD0ABAFE66B81C9F87D83A2339F ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
07:40:48.0305 0x0c5c  p2psvc - ok
07:40:48.0353 0x0c5c  [ 7D0FC96264C0F8F2C1321E33E8EB646C, 82A06437B9B096BCCF5CE31BDF3539696E2E41DFA9870C358566EEE2F7D3B447 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
07:40:48.0391 0x0c5c  Parport - ok
07:40:48.0433 0x0c5c  [ D330D74B5F99309B5CCA30AE41C57CDE, AE5186CB4B639A5241BF0D17FE8A73D6DAFA505C31E250EA225CD498C8A4A07E ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
07:40:48.0448 0x0c5c  partmgr - ok
07:40:48.0501 0x0c5c  [ 0ECA2ADD5FBCE73183A68935C71B40B7, 08CC5F2F10D1DD1A1396CC29196314003491D3AF3DE59CADB281F252577F1860 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
07:40:48.0534 0x0c5c  PcaSvc - ok
07:40:48.0563 0x0c5c  [ 3F89E96BDA0A24A3D2DBB7CE1E625589, 63AAF83128B8AE279BC37331D2B27133EB9DE9C61392ADF18278A301697D0307 ] pci             C:\WINDOWS\system32\drivers\pci.sys
07:40:48.0601 0x0c5c  pci - ok
07:40:48.0616 0x0c5c  [ 2B4D98DF0CA57FB9536DBC80D2449D1F, AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
07:40:48.0630 0x0c5c  pciide - ok
07:40:48.0677 0x0c5c  [ F4D5793BF2E58AF15C6CF2FEEF9E73EB, 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
07:40:48.0692 0x0c5c  pcmcia - ok
07:40:48.0712 0x0c5c  [ 22A53744CEEADFFFD33BA010FAD95229, 30B775EC9795105B8BF785BD63115C160955E7EFF74B995D3EC288138D1825A3 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
07:40:48.0726 0x0c5c  pcw - ok
07:40:48.0738 0x0c5c  [ 34DDBE73E42A4EDED7BEFF66F270C1A4, 420D6EC5B514423C4583839D4E185F7D71989C7BC8A854B0FCC54EE03A972381 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
07:40:48.0753 0x0c5c  pdc - ok
07:40:48.0816 0x0c5c  [ E2F8376F9731D12A009C522036C6073A, 5B8B68D3C013AAA8ED368C97042984C35E8D023542DBA404E7A03E89F2357E66 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
07:40:48.0879 0x0c5c  PEAUTH - ok
07:40:48.0986 0x0c5c  [ C7D210982B6C8454E52191D0DCF6DC52, D53D575CD9A0AB7EA94E7D1B9730ABE0A582CA3460AEAC4680D01034D69D3949 ] PeerDistSvc     C:\WINDOWS\system32\peerdistsvc.dll
07:40:49.0171 0x0c5c  PeerDistSvc - ok
07:40:49.0226 0x0c5c  [ 1398A85E59698067CBBE1D66A9C13ADF, E3609F183068BFAED756B2F9237181D60A6F6D78691248B8BF5B0AEB6A367E3D ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
07:40:49.0240 0x0c5c  percsas2i - ok
07:40:49.0245 0x0c5c  [ 35F7C7AD709D909D618D9EDF987FC3ED, EE713E33688E74C5A2546CC58EBD8EA8F8116F25E42DCF8DA21DCBC7C7590E0E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
07:40:49.0259 0x0c5c  percsas3i - ok
07:40:49.0367 0x0c5c  [ 0DAF7B7D85F7AF38E29161460899C63F, F2609F2BD02C714857F5D5E6EF580643429C54E175AA72D38467F8F3A4E7F59F ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
07:40:49.0436 0x0c5c  PerfHost - ok
07:40:49.0502 0x0c5c  [ 57606281E23B0F53347527691E947B2B, 7030182E706CEBE6BD52BDC71CA8F2230AD445AE6554188E76F09A5E2612BD2E ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
07:40:49.0566 0x0c5c  PhoneSvc - ok
07:40:49.0587 0x0c5c  [ 04F7878E7017105AB782353231561749, FB2811D98216720D4FDF0AC0EDF16C6CD33D7224B4CAFA752B4D2A839E6DD88A ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
07:40:49.0679 0x0c5c  PimIndexMaintenanceSvc - ok
07:40:49.0769 0x0c5c  [ A546F72EFFE5CBBC98003A0CA19DA0F8, 89AE396676A37D851F46427E421E8E8ED5B4BADC33023F1E215CC352A4110F44 ] pla             C:\WINDOWS\system32\pla.dll
07:40:49.0865 0x0c5c  pla - ok
07:40:49.0916 0x0c5c  [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
07:40:49.0939 0x0c5c  PlugPlay - ok
07:40:49.0985 0x0c5c  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\System32\HPZipm12.dll
07:40:50.0004 0x0c5c  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
07:40:50.0369 0x0c5c  Detect skipped due to KSN trusted
07:40:50.0369 0x0c5c  Pml Driver HPZ12 - ok
07:40:50.0415 0x0c5c  [ 6BF7093B27EA90FD9222845D19C1BE5F, CF8A6764BB6B369258F21FD303E4CAE08632195620A0BD66B62F62F5D7B762B8 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
07:40:50.0431 0x0c5c  PNRPAutoReg - ok
07:40:50.0453 0x0c5c  [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
07:40:50.0481 0x0c5c  PNRPsvc - ok
07:40:50.0530 0x0c5c  [ D67052BD0DA9C17BCBBF8AB5B6D354EE, 7FE9B414C74CF69E531B27C506216F7F5CBE00B67E90305A4A4A2ECADAA4F349 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
07:40:50.0566 0x0c5c  PolicyAgent - ok
07:40:50.0616 0x0c5c  [ AE3B1056FC1795F18D990C4908A6ECBF, 1C41F7714EBF54DF358D9B19D6AFE7281D3EABE20038B568A12031B76E1D50D9 ] Power           C:\WINDOWS\system32\umpo.dll
07:40:50.0646 0x0c5c  Power - ok
07:40:50.0697 0x0c5c  [ 5BA6B9AD03B81546BA64E488C4EF9D17, C43442577685FA1A7C32094B2F14FC92BA6B511FD9FDBA6FD82473A1B165FC61 ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
07:40:50.0723 0x0c5c  PptpMiniport - ok
07:40:50.0881 0x0c5c  [ C9908063F90F5541098BF19EA63E1327, AA6B5E4D01CD8061D5953FDE3025FE4AF01B265C182B8818107A035E4FFAD0DF ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
07:40:51.0069 0x0c5c  PrintNotify - ok
07:40:51.0115 0x0c5c  [ 21AECFF3EB5748CBE12538A2500EFDE5, A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B ] Processor       C:\WINDOWS\System32\drivers\processr.sys
07:40:51.0146 0x0c5c  Processor - ok
07:40:51.0211 0x0c5c  [ 7E0078F1EFEB6F8F47CF85C1D73C7EBC, 831BC3CE72F29AD259DEE7121D6F785CE0A8462CFB69DD7FB1F3BDAF16CDBF3E ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
07:40:51.0248 0x0c5c  ProfSvc - ok
07:40:51.0296 0x0c5c  [ 596FB6C5A72F34B7566930985E543806, 870B43783DB4CF845FA72BC5E40CE76BE6DFC66FE9E9B4B0A52D6B7FE7EA65FC ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
07:40:51.0312 0x0c5c  Psched - ok
07:40:51.0364 0x0c5c  [ E84F66BA185934C166F8DF0FA8F88455, 2E0380E98DA29B3F43FB3FE0E1ECA52B3C9AEF54CE982D5514F70FAE81758449 ] QWAVE           C:\WINDOWS\system32\qwave.dll
07:40:51.0441 0x0c5c  QWAVE - ok
07:40:51.0460 0x0c5c  [ CFBA9C976CBF6796E5DC39EF59984021, A1C956AD828FC70ED92D702516E0F88A4BDAF8C93C571D7CA20F1695FD8E70C2 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
07:40:51.0484 0x0c5c  QWAVEdrv - ok
07:40:51.0525 0x0c5c  [ 7B2AD8C55217B514C14281AB97B4E21D, A1E295897B864B9C0177FF1C502EB060084A1783C0E7E53636291F901C2E2AA8 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:40:51.0592 0x0c5c  RasAcd - ok
07:40:51.0642 0x0c5c  [ E15A9CE1E2E7D1C8DF97A4FC1FFE6289, 44B53418D6BC51ACC567CF6917A0981889B44AE420489C9C03F5A30418B37267 ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
07:40:51.0686 0x0c5c  RasAgileVpn - ok
07:40:51.0733 0x0c5c  [ D60BA4C76D194472D6602FF3D2D51ADE, 01272663897685C75FFBC3F1C0CFDB8D0E1A58182049E0B607D634536A8F6400 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
07:40:51.0762 0x0c5c  RasAuto - ok
07:40:51.0778 0x0c5c  [ E3C82823B22463BC38AA4F8ADA852624, FF601B117F4003E2CC65B6143C2A270331EB257EE82B3BC020247D1AB1CD625F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
07:40:51.0813 0x0c5c  Rasl2tp - ok
07:40:51.0845 0x0c5c  [ 3655D86C5E2982B131FC0935DE24F98F, 0386B31FECDDED77450609A807097B2307361CB59B236DEC41037BDC95897463 ] RasMan          C:\WINDOWS\System32\rasmans.dll
07:40:51.0910 0x0c5c  RasMan - ok
07:40:51.0930 0x0c5c  [ 3369023EB5790A75BA7DABA14B75D922, 36B63D5B74FDC932AAF1A876514024602D2F3EAF2CA33D1247CBA1E52FDB0418 ] RasPppoe        C:\WINDOWS\System32\drivers\raspppoe.sys
07:40:51.0956 0x0c5c  RasPppoe - ok
07:40:51.0962 0x0c5c  [ 1E32A8CD65C4AD0A827CFEB13034DA29, 5D9A92E13020D994CCD39F701BACAFE2177A40A9CC89649441B91E3F3DECD911 ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
07:40:51.0987 0x0c5c  RasSstp - ok
07:40:52.0018 0x0c5c  [ 1BB74617AE07539EC7C31C93F98644C7, 527F4F7ADA499814A97F68EE449F39D8A897A68B03AA24E2EE39A378D8D1DD27 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:40:52.0040 0x0c5c  rdbss - ok
07:40:52.0052 0x0c5c  [ D0221C13960E274CC539D72D5A842ED0, A5A961506B9D7429D97D0635FD69E74736C0E8405487E1D22BB5CD978A60044C ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
07:40:52.0119 0x0c5c  rdpbus - ok
07:40:52.0162 0x0c5c  [ 1DC2CC74B51E4DC4CD5A20C1021E4010, 46B7D17EE27439F2191504D1C6F6C70B2540BD4F2261DBB1F4BE783BEA99B04C ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
07:40:52.0196 0x0c5c  RDPDR - ok
07:40:52.0213 0x0c5c  [ 177DF954D0DEC0465A380C75F6E7F65F, 6B30C78223029BD5DBA586BF961968F85762209BA55CD031460A215B20F93AB2 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
07:40:52.0227 0x0c5c  RdpVideoMiniport - ok
07:40:52.0240 0x0c5c  [ 5D1680871054D2B0B8A971BC8AB3B837, 9CAB0B2E3857829D34A82A78B120D07E292D4D5060168D964295EB23339B7DE7 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
07:40:52.0258 0x0c5c  rdyboost - ok
07:40:52.0319 0x0c5c  [ 341E6830DA70F65730300DAB4CB0B490, 341EC8DB5E39963EF89E726F08730AFB2356C3BAD71CCE9EECCAB4D9B31C4863 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
07:40:52.0364 0x0c5c  ReFSv1 - ok
07:40:52.0420 0x0c5c  [ 8355BCA85B0928382DFCDD02FCD1681A, F306F038DA09C8D2095C311818E2F991B55BCD96B40B95D2A53A60EA6AC37014 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
07:40:52.0455 0x0c5c  RemoteAccess - ok
07:40:52.0499 0x0c5c  [ 2C82F4DCABAB389CEBB1C9E86C715C9C, 70354621D3D467616A419A818C54D2C89EA013C5050BA9944E3A7A4F25CAD6BA ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
07:40:52.0538 0x0c5c  RemoteRegistry - ok
07:40:52.0618 0x0c5c  [ C439E5B6E3EB38C9C7611C393348503B, C9E3E3EDB134C2C5A3212CAD372A542DB1658A0263112E66EDF812FAE3F377BF ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
07:40:52.0735 0x0c5c  RetailDemo - ok
07:40:52.0781 0x0c5c  [ 176D8470B15CD9080861594F9A33FA01, CFB66D7FEB9465985C2866D64EA03B7E7BE830DCF6C02B3FE2244D7F7E5343E2 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
07:40:52.0799 0x0c5c  RpcEptMapper - ok
07:40:52.0845 0x0c5c  [ 1A563653DAEDFE4CA81936E0D2FD8B56, 308B0DFEBA63333D407093C449A08ABFECE118C9274100809356BDAF7FA32EB6 ] RpcLocator      C:\WINDOWS\system32\locator.exe
07:40:52.0873 0x0c5c  RpcLocator - ok
07:40:52.0908 0x0c5c  [ DC908AB53016010462F371BBFD3173F5, EBA817F382F49FC698AB98415E7552C2ED031FAEEAB55D34EC77E5EF59860649 ] rpcnet          C:\Windows\SysWOW64\rpcnet.exe
07:40:52.0918 0x0c5c  rpcnet - ok
07:40:52.0949 0x0c5c  [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
07:40:52.0992 0x0c5c  RpcSs - ok
07:40:53.0034 0x0c5c  [ 0AC5FCDC29ED97ECDEF1276425EE2059, 8A12D1732D4AA18A9ED8416F4D4A49B81CE7C4C86ABCEE8FF28A16EA61993CFE ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
07:40:53.0052 0x0c5c  rspndr - ok
07:40:53.0086 0x0c5c  [ 100817619F5AE04074D10427B3A7456A, 90F50DD33D40091D3D0D6336E1BB15E40BDD8083D392DB5C39ED15C1D23E978C ] RtlService      C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe
07:40:53.0105 0x0c5c  RtlService - detected UnsignedFile.Multi.Generic ( 1 )
07:40:53.0677 0x0c5c  Detect skipped due to KSN trusted
07:40:53.0677 0x0c5c  RtlService - ok
07:40:53.0695 0x0c5c  [ 044890BB0D6CF1E23C1087234D320509, FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
07:40:53.0719 0x0c5c  s3cap - ok
07:40:53.0733 0x0c5c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] SamSs           C:\WINDOWS\system32\lsass.exe
07:40:53.0747 0x0c5c  SamSs - ok
07:40:53.0788 0x0c5c  [ 530F797129776AA7E81994783A97E2AD, F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
07:40:53.0803 0x0c5c  sbp2port - ok
07:40:53.0849 0x0c5c  [ 0C12493B333B96797AFC5F3C7831C051, BEE786D7ED14221B1A9450060597393AC44116D776B913E045B5F6066D720F74 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
07:40:53.0885 0x0c5c  SCardSvr - ok
07:40:53.0903 0x0c5c  [ 40110802D217FE1CB581D9A70B1FD16F, CCB920593CCC6663676039F3F731536DFEF535C3F715F6DB6F34D0D733BEF89B ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
07:40:53.0940 0x0c5c  ScDeviceEnum - ok
07:40:53.0980 0x0c5c  [ 9B6B1D4DB35A3D9BEAF023BC95E1F49D, CA44124CA3E9958FB77A891CD234A993B63E8AC6632AE801CDEC6666267E7C7E ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
07:40:54.0007 0x0c5c  scfilter - ok
07:40:54.0072 0x0c5c  [ 4D82582733D9F437F544D3F8F98CE159, 32603C9AFC4D56D505D2EA5B63EF33A484A20A3C82E28F6C30A7597BBF34F785 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
07:40:54.0154 0x0c5c  Schedule - ok
07:40:54.0216 0x0c5c  [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
07:40:54.0240 0x0c5c  SCPolicySvc - ok
07:40:54.0294 0x0c5c  [ 1CDA6D0A2345AA589949AE9C83853913, 13E9164485BA7F7DB86CBA905C7F0E009488B03CC4F3F044EA37D04D0FB661C6 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
07:40:54.0314 0x0c5c  sdbus - ok
07:40:54.0332 0x0c5c  [ 723C6C3DE056D3EB76F7520BEF5947B4, 49FFDAD56BBD652404A587F282867161BAE6D9E61BC2C819DDC75CE10A8E3C63 ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
07:40:54.0364 0x0c5c  SDRSVC - ok
07:40:54.0406 0x0c5c  [ DE6D7DC78D956928F59F7415A0F41E13, C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
07:40:54.0421 0x0c5c  sdstor - ok
07:40:54.0461 0x0c5c  [ EBD07BD20B5E0E92A398566EF8720F79, 8A88C861D4113B9938C32CBD28FD3D7F1C3133E700E23E17F5DFD7B26CCDA04A ] seclogon        C:\WINDOWS\system32\seclogon.dll
07:40:54.0492 0x0c5c  seclogon - ok
07:40:54.0505 0x0c5c  [ B7B9EEBCB7466338403A75D15AC120D7, B8F79DA71F8CD0F30983F7D92B625A431C212DD543DE2B3DC03EC5A68C41B00D ] SENS            C:\WINDOWS\System32\sens.dll
07:40:54.0534 0x0c5c  SENS - ok
07:40:54.0601 0x0c5c  [ D14DD7D766664F880FECF44CE6017966, ECF966E3ACF4EBD5A3259468A076619A539E35F1B97AB6A98FBD7882F1FBBBAB ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
07:40:54.0731 0x0c5c  SensorDataService - ok
07:40:54.0767 0x0c5c  [ 3A96F324681545F135320A9E91793972, CD588AAF764705CAA8838776D20C88B60B9AC73EC3F4608FFCE63831AA80D3C4 ] SensorService   C:\WINDOWS\system32\SensorService.dll
07:40:54.0804 0x0c5c  SensorService - ok
07:40:54.0852 0x0c5c  [ 7363A65C738F5A5292D7BDBE55D8C3C2, C53C10A0AE58613DFCC91E62E004D9B188E4793C2A19B4BE871A705EEE77048E ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
07:40:54.0917 0x0c5c  SensrSvc - ok
07:40:54.0965 0x0c5c  [ 67585C295FF2D221679E376B68893B35, 4B5E9A8DA8C6F7B1F7129F80A0603503D467E5650306FB4C309977D74037E46B ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
07:40:54.0979 0x0c5c  SerCx - ok
07:40:55.0025 0x0c5c  [ B8C4852CBCAAC1374C08EC7445443824, DDE577A81B3E11B5B56096317BC47AA6E286573042407B96A9D29BE981F3FA4D ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
07:40:55.0040 0x0c5c  SerCx2 - ok
07:40:55.0059 0x0c5c  [ D3A103944A8FCD78FD48B2B19092790C, 252DB8395DA8639E748658D3BE7863C1700E27AA5C41BB700CFCE193FE3F04E9 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
07:40:55.0084 0x0c5c  Serenum - ok
07:40:55.0126 0x0c5c  [ 249A563C48DFD9E42A37587653E003BB, D022FAE2B7AC9D99B9F230A4DF0B045891588162587E1F468B5E05C8DA98AA9A ] Serial          C:\WINDOWS\System32\drivers\serial.sys
07:40:55.0153 0x0c5c  Serial - ok
07:40:55.0196 0x0c5c  [ 0F5B43074AE731D2C6F061241C9D84A6, 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
07:40:55.0232 0x0c5c  sermouse - ok
07:40:55.0290 0x0c5c  [ CD90E445F6458512A5BA884D561EFCF1, E792FAB8AFF4126C1977024060842D788A06475139782896AFD7B39C85FCDF3F ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
07:40:55.0330 0x0c5c  SessionEnv - ok
07:40:55.0337 0x0c5c  [ D9FE59276BD56A9643C32D5FACE2F251, 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
07:40:55.0362 0x0c5c  sfloppy - ok
07:40:55.0412 0x0c5c  [ F8083C536BEDE61AFB4069D8A8C16DA7, 13AADAD7B5582911B8ABBE0CF7132CC517F7413A361CCF8ED502F803D061FFA3 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
07:40:55.0500 0x0c5c  SharedAccess - ok
07:40:55.0554 0x0c5c  [ AE6E4D3172FBF45B944668CB3998B8A8, E7D7F98CB464C236A17069987F7B678D7688D9D577334151EF09DF5C6F22AFFC ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:40:55.0607 0x0c5c  ShellHWDetection - ok
07:40:55.0659 0x0c5c  [ ABBE803FE0BDAE0E5BE74DDEFBE62F23, 5009F489F7A6D66628C23A0FA3D7632399D0AD72BD11A1B70D7E768ED507377D ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
07:40:55.0673 0x0c5c  SiSRaid2 - ok
07:40:55.0685 0x0c5c  [ 6043DF55CFE3C7ACF477645FA64DEA98, 0E18EF8EC589841BC319C17FBABA7383FD247C9441ABF64A0D830976F3E611AE ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
07:40:55.0699 0x0c5c  SiSRaid4 - ok
07:40:55.0740 0x0c5c  [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
07:40:55.0759 0x0c5c  SkypeUpdate - ok
07:40:55.0807 0x0c5c  [ B922D32039A3B5991E64429EC4EE52A9, 5EB7EB1F6D2C25F06044D8CA9F3BA0471FB40C8C96432BDC2C80CC36DC49BA0B ] smphost         C:\WINDOWS\System32\smphost.dll
07:40:55.0832 0x0c5c  smphost - ok
07:40:55.0887 0x0c5c  [ F07301C282AA222C33F8C28B4F545275, 2938943A3A62B33C8296DF3B57897D32293F5395A5E2A01C76B0160A98C12520 ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
07:40:55.0988 0x0c5c  SmsRouter - ok
07:40:56.0048 0x0c5c  [ 0B6BECB2651EF947249CDC3715E8B9CC, EB7281AF3529DE16FE8CD0C0C0C8877641865A5864D58628DBAB865B510B0D0B ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
07:40:56.0075 0x0c5c  SNMPTRAP - ok
07:40:56.0137 0x0c5c  [ 1A6CB30F0EFC1632E6F1B852CA892583, 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
07:40:56.0169 0x0c5c  spaceport - ok
07:40:56.0185 0x0c5c  [ E1C158F6C00359278727A2CEE5D2ED71, 1591F942C6DD99D3BA7FD4D72D957864117B2263F205468A15F1D1417C6F799D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
07:40:56.0199 0x0c5c  SpbCx - ok
07:40:56.0234 0x0c5c  [ D1241DFC397FA8CCFB4BB4B63AAD31AC, F8C57C2F7CA8B6D8FEE1505A143A3FECF502C8DCFFC375F9C8848A87D9714C9E ] Spooler         C:\WINDOWS\System32\spoolsv.exe
07:40:56.0320 0x0c5c  Spooler - ok
07:40:56.0521 0x0c5c  [ 49B666BCCF59226549F64656584318EA, D7751FB921CE526322DF8CD95430EEA5337E894CE76E0FAA47827CA3B2C953C5 ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
07:40:56.0750 0x0c5c  sppsvc - ok
07:40:56.0831 0x0c5c  [ BE88248427A6AA548A904FD867667F70, 37E7BB76881F4E896311721B1FCB7B1908524591D36F7D63B233CA0115FECC2C ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
07:40:56.0885 0x0c5c  srv - ok
07:40:56.0911 0x0c5c  [ 2568B86F6A50D254324CB89022CA9EFC, 001B7A0061227E8E78A35FDC095C71A6974F18B1289FA392FA0B864A88C20672 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
07:40:56.0970 0x0c5c  srv2 - ok
07:40:56.0991 0x0c5c  [ 6E520D6B16EA8AE23D1F81C1194F00C8, 42CAB0772D351023DBF1DAD4BDB1FC214827CEA660284838B41062B8DF89DF10 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
07:40:57.0021 0x0c5c  srvnet - ok
07:40:57.0076 0x0c5c  [ 8C1786C073A496B8C0C8A5450A4FFD5B, 13BF3B42A63CE6C461259D4CE767FB0DE1F10433512A11D2B2C033E36E652542 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
07:40:57.0129 0x0c5c  SSDPSRV - ok
07:40:57.0172 0x0c5c  [ 217A982201052EFC8C3C0C88D229791C, 11509E3446ED7B75C9A05CDC4A7AF18926CB463E0D98BAE1CD5DB43E88F94F90 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
07:40:57.0203 0x0c5c  SstpSvc - ok
07:40:57.0280 0x0c5c  [ 99435AD1BC9E7E7CEA528868E5B1F9B2, 66C490EB12BFF8834842D28B1138E69180B972CCFDD3D33263A94A79DED0C6CB ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
07:40:57.0460 0x0c5c  StateRepository - ok
07:40:57.0506 0x0c5c  [ CCDA497C880AD16D87EDFAEFCFB2EDF5, 622599AA35ACFF0375DA252210BE42E7E90F30EDFEFF2F62FDB14AE6E45B5F88 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
07:40:57.0519 0x0c5c  stexstor - ok
07:40:57.0571 0x0c5c  [ 75476CAA8FA0A4E573948CDE8C7F0304, 68C4405CACA77AEED71761875A9AF60BCFBDD39E356BEA1BA8226E099BAA5FA4 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
07:40:57.0640 0x0c5c  stisvc - ok
07:40:57.0658 0x0c5c  [ BF8EA6FC3358C2F69678E3E94F764F84, D274DAD7B5756DD49CA44277C73497F1EC465C8E365CC730CD194932C3825920 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
07:40:57.0672 0x0c5c  storahci - ok
07:40:57.0714 0x0c5c  [ 32FF460DA8C1F370F5C08B7654899B73, 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
07:40:57.0727 0x0c5c  storflt - ok
07:40:57.0735 0x0c5c  [ CC21DB3EF619B9480FE31A4EFE92CBEB, 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
07:40:57.0749 0x0c5c  stornvme - ok
07:40:57.0793 0x0c5c  [ 390B8A75768E2689586539C224520895, D72F52E6D7AC5DC318FF9C1DF1F4E8A435D65B6BB59D7F1642222EC026BC54DB ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
07:40:57.0870 0x0c5c  storqosflt - ok
07:40:57.0930 0x0c5c  [ FE42F8A07885E518ED1E846C93E4B78C, 264B21A5E07654F159A3E324F3B38A8C11AF619F61B5779A46367DD99EBD00A6 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
07:40:57.0997 0x0c5c  StorSvc - ok
07:40:58.0013 0x0c5c  [ 770A92D9D3A0BF61C97C3AFCB36847D9, 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
07:40:58.0027 0x0c5c  storufs - ok
07:40:58.0031 0x0c5c  [ 736A2418E3E7F3DB3CF6EB0A55D1D581, 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
07:40:58.0044 0x0c5c  storvsc - ok
07:40:58.0082 0x0c5c  [ FA8F6E3AD3F92B35D2673CC9FD20429C, 62F81CBACF7E16FEF9DE3BE95FA5C9BDB51BAE4667AE5AE71399864A390FF6D5 ] svsvc           C:\WINDOWS\system32\svsvc.dll
07:40:58.0101 0x0c5c  svsvc - ok
07:40:58.0142 0x0c5c  [ BD98B0225BCD49E8A62F4F8EE1D1F613, CDAD11969B2DA417079547724BECC3DB4FC4711B3C01590EB0D02774B69B6D90 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
07:40:58.0154 0x0c5c  swenum - ok
07:40:58.0184 0x0c5c  [ 22E539A9B96C66A713583EC017562616, 210DA61DFC7AA9AD23277D9CC0239B781F4EABD322D0803AEC9434D68B81FABD ] swprv           C:\WINDOWS\System32\swprv.dll
07:40:58.0217 0x0c5c  swprv - ok
07:40:58.0267 0x0c5c  [ CAE4B27B469C583131EA5AAE622F5D76, 3979006EB22489D1AAD2EC2E9F32C286EEDCDB83B37B97E58BA831263EC33B84 ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
07:40:58.0304 0x0c5c  Synth3dVsc - ok
07:40:58.0373 0x0c5c  [ 34A3EB84B2A830E6F450B8F885AE4E6E, E61AC6D17B815CB71F26D71CA3CCAFD9E66A170E3ED2E64A4F20D097A0C683B5 ] SysMain         C:\WINDOWS\system32\sysmain.dll
07:40:58.0451 0x0c5c  SysMain - ok
07:40:58.0507 0x0c5c  [ FA8E0A9C648035CA1B47C9DA77EDB7EA, 4097AB89D2DB4741B138F3939AED4C5DB00BA124BF66E5DC2218ACF3A37513A3 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
07:40:58.0560 0x0c5c  SystemEventsBroker - ok
07:40:58.0606 0x0c5c  [ 6979A147C0D5C5CAB621ADC394D32B80, C30B8E3D271A1591D965559EA4A11A1BE63A34D832ED53B26CE91799C888DF77 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
07:40:58.0642 0x0c5c  TabletInputService - ok
07:40:58.0659 0x0c5c  [ 86B62FC8CB89946446F9B24FE49A66FD, 7B095310D1C78B82E5ACAC4713E101DD1323A3CF6FB39218C2E78ABE2B0385B5 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
07:40:58.0699 0x0c5c  TapiSrv - ok
07:40:58.0798 0x0c5c  [ CF63BF6AAEDF721E37F9E216FD321B8E, 73FF268E5DBCEFA9C5322420729E0EAA4F74A7C51E6ED3C988134AC5E875A74C ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
07:40:58.0889 0x0c5c  Tcpip - ok
07:40:58.0974 0x0c5c  [ CF63BF6AAEDF721E37F9E216FD321B8E, 73FF268E5DBCEFA9C5322420729E0EAA4F74A7C51E6ED3C988134AC5E875A74C ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
07:40:59.0040 0x0c5c  Tcpip6 - ok
07:40:59.0090 0x0c5c  [ 17F37EC9042D84561C550620643D9A85, B01620BA319A1383D403E6E50C7724879520F3267654556D975CAFFF91A82C78 ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
07:40:59.0113 0x0c5c  tcpipreg - ok
07:40:59.0161 0x0c5c  [ 91D3F2A6253EF83EFBD7903028F58C4D, C15768CCCF734093B0F8A5E76882B35927B716E4F14D91ACEE897E1C078D43D1 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
07:40:59.0176 0x0c5c  tdx - ok
07:40:59.0195 0x0c5c  [ E730D0EB1B84EBC98423FC8D285EDBC0, 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
07:40:59.0208 0x0c5c  terminpt - ok
07:40:59.0271 0x0c5c  [ 14307D4801C8CEF0A615907C09E886B3, C7F34C294D70DE689F673E0B5E9253B27EFEBBE6FA38B68B3B0B0374A896407E ] TermService     C:\WINDOWS\System32\termsrv.dll
07:40:59.0345 0x0c5c  TermService - ok
07:40:59.0360 0x0c5c  [ D009D1BC14FD5F2AC93D1878735F6C39, D8BCE505B66E05BC00075E46B38359CA4D0FA484EB7981A74221885E8A1FFB87 ] Themes          C:\WINDOWS\system32\themeservice.dll
07:40:59.0393 0x0c5c  Themes - ok
07:40:59.0444 0x0c5c  [ 5F27DE2082E16D4C1D6C627C8ECBD341, 08DA3EB3EF2B2006B6F9F2C8C149DF55DE6738975D556206A814096CAB5C1411 ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
07:40:59.0473 0x0c5c  TieringEngineService - ok
07:40:59.0505 0x0c5c  [ EAB476E252CE866727624B5224A054E4, 1F84A1A99FA07AA1A8F4BF2FFD778562AE59612D549C1CC911CEE74CBE71F831 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
07:40:59.0572 0x0c5c  tiledatamodelsvc - ok
07:40:59.0619 0x0c5c  [ 7E81E3E0D7F83BFE3C3975020B6C7F12, 316F9415646CC7A4E9A5F1E07310D433457E623B3E589543E4A6C73C4F77712C ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
07:40:59.0681 0x0c5c  TimeBroker - ok
07:40:59.0724 0x0c5c  [ 87B9ABB965F7AF987D52791F0DD1663D, 6E42F764D47ACAD644E5F547E503B7AEA8D700C335674D1B0EB5493914F747E7 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
07:40:59.0742 0x0c5c  TPM - ok
07:40:59.0758 0x0c5c  [ AA84AF93CE5AF1F05838B51D20295419, 85B3EE773C691EEDFA080CD9C59D31CB58A5BC577AEE91A929F5DFBE1368AB6D ] TrkWks          C:\WINDOWS\System32\trkwks.dll
07:40:59.0783 0x0c5c  TrkWks - ok
07:40:59.0864 0x0c5c  [ E50DD57F496CED8873FA3E7D38BCCD42, 36B95F6F2CF48078C6B19FB452C87BB07E95C8804A5C6B526D349AC6227CAB26 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
07:40:59.0908 0x0c5c  TrustedInstaller - ok
07:40:59.0950 0x0c5c  [ 48E828C66AB016E48F2CB4DD585315FD, 063809B610F6B177B65D62D12605FB94F108DB26A9FD3067E6D6C51F0D92E774 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
07:41:00.0009 0x0c5c  tsusbflt - ok
07:41:00.0028 0x0c5c  [ 267C76EE60736EA5A1811A53FA02AABE, 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
07:41:00.0055 0x0c5c  TsUsbGD - ok
07:41:00.0075 0x0c5c  [ 8CE72F094B822AD5EE9C3A3AFC0C16B6, 827CCD849544E1DA364B03DBC82A848D2F93AD32BA14ED52709C609BC70CE5CA ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
07:41:00.0106 0x0c5c  tunnel - ok
07:41:00.0155 0x0c5c  [ 127925766866C52F147A2FFC0C0358A5, DCDF38A456E0BAAEE1E54FD67C3DEB4A036F116036FBD28073201B6C27C2C2DD ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
07:41:00.0192 0x0c5c  tzautoupdate - ok
07:41:00.0234 0x0c5c  [ 42C546414F80BD6C0137FC3A106F8A69, 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
07:41:00.0248 0x0c5c  uagp35 - ok
07:41:00.0253 0x0c5c  [ 1686DBC81748B096232B15F16C302985, 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
07:41:00.0267 0x0c5c  UASPStor - ok
07:41:00.0308 0x0c5c  [ 82D3B1F4D80057826AA649D78147DE36, 344A738F6866BFD3095BB802206DDB2F9E9AD89DC39CAA7DE96455F410683829 ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
07:41:00.0363 0x0c5c  UcmCx0101 - ok
07:41:00.0377 0x0c5c  [ 1C95F7CE37D9EFB90EBE987A9712356C, B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
07:41:00.0407 0x0c5c  UcmUcsi - ok
07:41:00.0430 0x0c5c  [ AED081772091C98173905E2DF28C223B, 08541CF3354EBB634BD590E0019128F70A6FCA9075B7E785A9E9BD82EC234DD3 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
07:41:00.0448 0x0c5c  Ucx01000 - ok
07:41:00.0460 0x0c5c  [ DCA34A111C29E4578DF2B8CEA3C7CDBD, 86BCE4C8EC228724D5896067A85A4768B6069D10A482ECC51A8F828DBD3880C9 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
07:41:00.0528 0x0c5c  UdeCx - ok
07:41:00.0546 0x0c5c  [ 718A956AE00CE086F381044AB66CC29C, E4EED1600C72CECE1D4507827C329A93D356BBA027470FCF6C4B5C1651DED643 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
07:41:00.0587 0x0c5c  udfs - ok
07:41:00.0637 0x0c5c  [ BA760F8E66428BA9FF1E8BFBC6248136, BE7DCBB293B12672CB3653E640C46F669BD738D320F34F4FA4A26F6B248561F0 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
07:41:00.0674 0x0c5c  UEFI - ok
07:41:00.0728 0x0c5c  [ 05DD22294A4F3F89E52351C7721E6D2C, 300A7D4BD5F26814CF73400E01DEB810CA3F91BD190B3D37B74ADF080F582829 ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
07:41:00.0747 0x0c5c  Ufx01000 - ok
07:41:00.0768 0x0c5c  [ 2B1DABA97DDF5365FC66EE7DEDD86A13, 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
07:41:00.0783 0x0c5c  UfxChipidea - ok
07:41:00.0837 0x0c5c  [ 2A87EA182EA333D79AA0B03833EA67F2, 227792A8B4E63CF60A3DEECF829448C8FD59A40DEF3F42414E432820F8D34F64 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
07:41:00.0853 0x0c5c  ufxsynopsys - ok
07:41:00.0900 0x0c5c  [ 63451BD694651307254B8DD37A3D79C7, C781E2D876AF42D5972CCDCF86B7A59F6AF8AF0C6350647F3FA1B209119B5EF9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
07:41:00.0920 0x0c5c  UI0Detect - ok
07:41:00.0964 0x0c5c  [ 6DE78C04BF32ECA7AF3064F53687C9A5, 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
07:41:00.0977 0x0c5c  uliagpkx - ok
07:41:00.0993 0x0c5c  [ 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4, BA2E6F16B6B3B54C943F1E7B9F79A6D1332A7ED228D754CC5AE70E3CD78B1F37 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
07:41:01.0018 0x0c5c  umbus - ok
07:41:01.0036 0x0c5c  [ 11680607944A719EF20E0E740785712A, 1567C2B3AAD702DCC2DC9C6B7B92EE5B681C06701A39DAC3AA7E2BE9E1E04F47 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
07:41:01.0109 0x0c5c  UmPass - ok
07:41:01.0167 0x0c5c  [ FD949725D9EB52C0B87435CDE1134668, 96E2B3D3379E9AE225E5A4C5251207F1E7DA573901F4F026758EDE9FAEF4F2C5 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
07:41:01.0202 0x0c5c  UmRdpService - ok
07:41:01.0239 0x0c5c  [ CB902A15DD21B363FECA5DCCF34F5C57, 6A0836A12A410EBD5C667982852B58CA9E9EDB11EA666C413CC0F811E01A549D ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
07:41:01.0327 0x0c5c  UnistoreSvc - ok
07:41:01.0377 0x0c5c  [ B85A8CF2BE74DFF1E80097AC94584112, B1DBACC33A4143FEE2CF54E567590A69580312AD7A053BCC85B487C4D451FBDA ] upnphost        C:\WINDOWS\System32\upnphost.dll
07:41:01.0421 0x0c5c  upnphost - ok
07:41:01.0436 0x0c5c  [ 2410A0C20D21A25E6C01979FA886BE90, DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
07:41:01.0448 0x0c5c  UrsChipidea - ok
07:41:01.0490 0x0c5c  [ 6E59CE43B6BA5AA1ADCF36A4DBBB92BB, 647D66775A90F67D803043DE8C8AE8BC2F7A042A8DCF9C95BF5458C79609481B ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
07:41:01.0503 0x0c5c  UrsCx01000 - ok
07:41:01.0525 0x0c5c  [ E8A59FA109A22FC07E44BDFCC9727DBD, 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16 ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
07:41:01.0538 0x0c5c  UrsSynopsys - ok
07:41:01.0588 0x0c5c  [ D8A44550ECE102B6443F5D54DCE7DAB3, 97F5AE7B17DAC4A4F3186C77116BC8E49874FB0018C99D8E2CDA29D89E8B0912 ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
07:41:01.0603 0x0c5c  usbccgp - ok
07:41:01.0620 0x0c5c  [ 66B3D22DAB5312FF238ABF5C6D9F8FAB, 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
07:41:01.0638 0x0c5c  usbcir - ok
07:41:01.0645 0x0c5c  [ 3E4F20DB902D2E2914F3FF3DB9772200, F3D32BE06A26164B5F6E8DB67160D1DBBDC6D14666EEF84EA43C78CB7706E31C ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
07:41:01.0660 0x0c5c  usbehci - ok
07:41:01.0688 0x0c5c  [ 41F7F00D76904416EF1F9EFA1A4C37A2, 7A4250EB2E2E0037B3AE1480C13B229ECFF5C575E68E4F934EE011DB1833B46A ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
07:41:01.0712 0x0c5c  usbhub - ok
07:41:01.0773 0x0c5c  [ E7463CE8579A0418A98BE9BE42C647D7, 923CD51C82FCF9DC4E9EEA99E53634EE07EBF62FB5DFC337F01309D7D5C7622C ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
07:41:01.0806 0x0c5c  USBHUB3 - ok
07:41:01.0824 0x0c5c  [ DAB35CCA86F5FBE77D870A40089BC4A1, 4A47D59D882D0F2B93F2EE7F10995E7D68B58009434E2CBD04C659E0D1F059D8 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
07:41:01.0853 0x0c5c  usbohci - ok
07:41:01.0899 0x0c5c  [ 21162F65C7756AAECAEBED9E67D0A5FE, DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
07:41:01.0971 0x0c5c  usbprint - ok
07:41:01.0988 0x0c5c  [ D67B6A4A6FB99D29444C2DBA2B636799, 62BC778D60593B2AB0DA13C4DB3EA5971895AE09DA06E8AB2D03973C940C890C ] usbscan         C:\WINDOWS\System32\drivers\usbscan.sys
07:41:02.0011 0x0c5c  usbscan - ok
07:41:02.0027 0x0c5c  [ 4AAD6547953D373A1EB5B2DF583D868B, 4E3DCEC9644550996C314FCC39F885DDE4AA7AD821B8596D96C5BEA5D60795F7 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
07:41:02.0063 0x0c5c  usbser - ok
07:41:02.0112 0x0c5c  [ 8949F77132A4F8F3BA17C6727099F002, 86AD4A2263B34983335180FDAE775D1744E042D2A11300D27DF546F15F285A25 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
07:41:02.0128 0x0c5c  USBSTOR - ok
07:41:02.0139 0x0c5c  [ 8B3E458A8851F9A3B2109B1680EE1159, 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
07:41:02.0160 0x0c5c  usbuhci - ok
07:41:02.0212 0x0c5c  [ 9E9D58F5E1702955B2F4D62996F80E8E, 6C21C250B9D98346D0D5CB7D6C11AB120A1D195C28313BDB0CE532663F0114E2 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
07:41:02.0234 0x0c5c  USBXHCI - ok
07:41:02.0309 0x0c5c  [ 2771EBB565F5C121E66060B173991D4D, 1EB34A6262A18E47ADCA392FDB2D58E8428A1CA43EB4196D76A897F74A03CA7F ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
07:41:02.0394 0x0c5c  UserDataSvc - ok
07:41:02.0471 0x0c5c  [ 36EC82F0E399F36BD25F593D63DC144A, 2A9E916A098ACD5A5074A5FD053ECAB027A0932A348C728F20CD63EF16289533 ] UserManager     C:\WINDOWS\System32\usermgr.dll
07:41:02.0578 0x0c5c  UserManager - ok
07:41:02.0607 0x0c5c  [ BF6C588423B2F856015AE8F61D93D01F, D45A3409E4EF026ECF1F8295EF9CFAA4C111776C2BA04171591744CDAB912479 ] UsoSvc          C:\WINDOWS\system32\usocore.dll
07:41:02.0659 0x0c5c  UsoSvc - ok
07:41:02.0675 0x0c5c  [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
07:41:02.0689 0x0c5c  VaultSvc - ok
07:41:02.0736 0x0c5c  [ E1BE37312785A71862516F66B3FD24CE, D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
07:41:02.0750 0x0c5c  vdrvroot - ok
07:41:02.0811 0x0c5c  [ 67A6E949395A09914AD8B38FE14B8D15, 593F2FAA880B2E0468F98BD58B5214A170E5890907B25294D7A47C66505A3D45 ] vds             C:\WINDOWS\System32\vds.exe
07:41:02.0865 0x0c5c  vds - ok
07:41:02.0880 0x0c5c  [ E42C0F2850735FF9D908B9DB581E6314, E2204A56BF37FC57CD2ED96E3F908882D72B4BFF1BFB97C5172C851F1E4F9650 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
07:41:02.0897 0x0c5c  VerifierExt - ok
07:41:02.0925 0x0c5c  [ EC15FD6A28757793E2DA394CD94ABD52, DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
07:41:02.0966 0x0c5c  vhdmp - ok
07:41:02.0979 0x0c5c  [ D0C9632C350F46786643A069251BC249, CF65BA0D3F3D2B821C10E2D4F53F5B6BF6236CA9767419392A561CFA79254C3B ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
07:41:03.0015 0x0c5c  vhf - ok
07:41:03.0031 0x0c5c  [ E886CB75DA2B6EB35469EF10135624C7, 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
07:41:03.0046 0x0c5c  vmbus - ok
07:41:03.0059 0x0c5c  [ 46D2EC27820EC0F798F85821E53C2942, D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
07:41:03.0085 0x0c5c  VMBusHID - ok
07:41:03.0142 0x0c5c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
07:41:03.0186 0x0c5c  vmicguestinterface - ok
07:41:03.0200 0x0c5c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
07:41:03.0229 0x0c5c  vmicheartbeat - ok
07:41:03.0242 0x0c5c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
07:41:03.0271 0x0c5c  vmickvpexchange - ok
07:41:03.0285 0x0c5c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
07:41:03.0314 0x0c5c  vmicrdv - ok
07:41:03.0327 0x0c5c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
07:41:03.0358 0x0c5c  vmicshutdown - ok
07:41:03.0371 0x0c5c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
07:41:03.0400 0x0c5c  vmictimesync - ok
07:41:03.0413 0x0c5c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvmsession   C:\WINDOWS\System32\ICSvc.dll
07:41:03.0442 0x0c5c  vmicvmsession - ok
07:41:03.0459 0x0c5c  [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
07:41:03.0488 0x0c5c  vmicvss - ok
07:41:03.0505 0x0c5c  [ B9265F47E7A354BAAA0AF5CBA3F8F7CE, F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
07:41:03.0519 0x0c5c  volmgr - ok
07:41:03.0570 0x0c5c  [ BEE9C8B72AB752B794F69C2B9B3678AA, 49A5093C26F3CDCD60577F7F2D7F936C7B2BD010B27F2C49A7B6AA41E42DF98D ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
07:41:03.0600 0x0c5c  volmgrx - ok
07:41:03.0612 0x0c5c  [ E1F91A727A04C9F8199D04FF3BBBF63C, 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
07:41:03.0635 0x0c5c  volsnap - ok
07:41:03.0682 0x0c5c  [ F7B1B1101271E31F43CC76E890704F51, 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
07:41:03.0695 0x0c5c  vpci - ok
07:41:03.0717 0x0c5c  [ D48ED0A08BD2FD25A833E6AC99623091, 6CA7580878D3893E14B4938023A00CDFC9BE215A0CE4ED59A94F95DFD9FDF4D8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
07:41:03.0733 0x0c5c  vsmraid - ok
07:41:03.0809 0x0c5c  [ 4CF5A1E0C4FCA956ACD6C654E2A8610E, 57F3C7200C25E8717AF92AF2ED7615C6605179D3514B432220FA6EA94CAB4F2E ] VSS             C:\WINDOWS\system32\vssvc.exe
07:41:03.0884 0x0c5c  VSS - ok
07:41:03.0910 0x0c5c  [ 6990D4AFDF545669D4E6C232F26DE1FB, 9B8F99A035188FD96BA79E935E8EF387BEA2223ECA0B74CF64AB993DABAA5722 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
07:41:03.0930 0x0c5c  VSTXRAID - ok
07:41:03.0974 0x0c5c  [ 1EE11F0508C58EF081F4176E66D6970B, 9069B3FC8850C7CF617909C6DBFC3753FEB59A9E708379CC57190F4097FB374E ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
07:41:04.0003 0x0c5c  vwifibus - ok
07:41:04.0020 0x0c5c  [ 938E4EF58E42D252B742B0E243011B90, AC0C21FBAF15924CB271CA43ACB7A86287936C78B4852BCFC59EC7EC703E036C ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
07:41:04.0049 0x0c5c  vwififlt - ok
07:41:04.0112 0x0c5c  [ 48C1A256591297C43ECFC4E30D144EAA, 8E66833ED2CEB6D7E499EB2E4282B4F9DFA28B6D21757BB88EC52FD069D7FACE ] W32Time         C:\WINDOWS\system32\w32time.dll
07:41:04.0166 0x0c5c  W32Time - ok
07:41:04.0259 0x0c5c  [ CDA9A00B16808D7A5BBB66287B89EE21, B25F98F26B0153E5DD5C744539CB6ACAFAA13E0F7B5D140C1844158B79BC9006 ] w3logsvc        C:\WINDOWS\system32\inetsrv\w3logsvc.dll
07:41:04.0275 0x0c5c  w3logsvc - ok
07:41:04.0336 0x0c5c  [ 1430B095A4DF52C04BDBC31C861C9324, B686C97D13CE966D44A7695BE78A4501F96CF8E69B24AFFE6C8E643132BB8861 ] W3SVC           C:\WINDOWS\system32\inetsrv\iisw3adm.dll
07:41:04.0376 0x0c5c  W3SVC - ok
07:41:04.0420 0x0c5c  [ 00C27B64C758C111E5D78A70DE6CA2B6, C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
07:41:04.0446 0x0c5c  WacomPen - ok
07:41:04.0474 0x0c5c  [ D76D1AC4F2C642D09A68227D129A4726, D14D6C4D94E9660848C74B220359683D91A4A3D70750E781A20B6D86D46794CE ] WalletService   C:\WINDOWS\system32\WalletService.dll
07:41:04.0569 0x0c5c  WalletService - ok
07:41:04.0588 0x0c5c  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:41:04.0619 0x0c5c  wanarp - ok
07:41:04.0624 0x0c5c  [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:41:04.0642 0x0c5c  wanarpv6 - ok
07:41:04.0669 0x0c5c  [ 1430B095A4DF52C04BDBC31C861C9324, B686C97D13CE966D44A7695BE78A4501F96CF8E69B24AFFE6C8E643132BB8861 ] WAS             C:\WINDOWS\system32\inetsrv\iisw3adm.dll
07:41:04.0701 0x0c5c  WAS - ok
07:41:04.0776 0x0c5c  [ 2598BBF11C9E7D0885DCA52E7FD5BCBD, 46B1FB080A2CD88C89A0EB8BA2594A1FA2C341ED77A6C6835CBFFE42907FAC55 ] wbengine        C:\WINDOWS\system32\wbengine.exe
07:41:04.0920 0x0c5c  wbengine - ok
07:41:04.0983 0x0c5c  [ 642EFABF900374FA85639D83B5533AFD, 292692D6AAC2A785D237ADFBC7CA3D379E8FC79FA366A8CE7D06F5CA5CE6866B ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
07:41:05.0113 0x0c5c  WbioSrvc - ok
07:41:05.0169 0x0c5c  [ 0BF8D8C7EC9FB15D6480A12101E88B71, E7BC6A4E53D8C9D73BF83097DFE43ED8038B7BED0AE56E5AF7983F74562F15A3 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
07:41:05.0236 0x0c5c  Wcmsvc - ok
07:41:05.0284 0x0c5c  [ 53A036CED1270F2459E708A05922FD49, 2F281A72E4B0408DE6C8153F5988C9AA38591FB1E72558767D389637D0666A85 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
07:41:05.0335 0x0c5c  wcncsvc - ok
07:41:05.0351 0x0c5c  [ 965B6197A659782B6A0F68411A180AAD, 5541AB78B71E4FA655BCBF2D80D574B2A3B4AA8871F65D26620BDE549FA5459A ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
07:41:05.0425 0x0c5c  WcsPlugInService - ok
07:41:05.0437 0x0c5c  [ 069D3D6E20AD753B34FCE856F0436869, CF8C12295DDAA56E7350019AADBA533D7857CFB3F20DEE14E557963645A9331B ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
07:41:05.0451 0x0c5c  WdBoot - ok
07:41:05.0475 0x0c5c  [ 6CC727E94CD84E9720FDCDA8089CABCC, BCF66056B06DED6BC2D329E910FCD3E685D627BAD3B5D7F4B0E970B45CD9CEF4 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
07:41:05.0515 0x0c5c  Wdf01000 - ok
07:41:05.0560 0x0c5c  [ E3E97151A1D1E87BB2D5371F66C5F169, 0ED0B9852FE0533816F5EE2F06045B3964A00FD749A7011DB3C663AB6FA369E2 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
07:41:05.0579 0x0c5c  WdFilter - ok
07:41:05.0638 0x0c5c  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
07:41:05.0668 0x0c5c  WdiServiceHost - ok
07:41:05.0673 0x0c5c  [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
07:41:05.0695 0x0c5c  WdiSystemHost - ok
07:41:05.0753 0x0c5c  [ 2BC2E99623119521EEF7910A11D0FDE0, 3F3E48A79534F0F65F961D9B170D534562E04901B630127B16DF02E6D42F2BBF ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
07:41:05.0827 0x0c5c  wdiwifi - ok
07:41:05.0841 0x0c5c  [ 07B043160399AF4009054E2EA3464BF4, 8D652D7CD75F8FB2B5414155355F0C970015914E1AC6522DBB8387BB8662F542 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
07:41:05.0857 0x0c5c  WdNisDrv - ok
07:41:05.0901 0x0c5c  WdNisSvc - ok
07:41:05.0948 0x0c5c  [ 9972D395DBD05D91DA5EDADEB9325680, 9382D846793F285721A1A0FED42F914035A53D856B902FADB0B7144C471BDA91 ] WebClient       C:\WINDOWS\System32\webclnt.dll
07:41:05.0986 0x0c5c  WebClient - ok
07:41:06.0009 0x0c5c  [ B6BF579761489720BCE787F723F596E5, 879B17F6A4F23F5E85A09126B7B407955DDCEB1BA4A8FFC0A418B7F47311C056 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
07:41:06.0035 0x0c5c  Wecsvc - ok
07:41:06.0047 0x0c5c  [ 10C9CF8771A2A87F575F9FB56821474E, 15E3DFFE9CF6777F67E426ECF797D2DF743EA152DEE336DCC9C2F92A0E6EB9A3 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
07:41:06.0079 0x0c5c  WEPHOSTSVC - ok
07:41:06.0101 0x0c5c  [ 357C083FE35D030D991D163AAF622A06, F301852D49DBDEF0D28F56CD74CBDC71CA003EBD07D3F46EA5C870DC1BD07896 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
07:41:06.0155 0x0c5c  wercplsupport - ok
07:41:06.0178 0x0c5c  [ 2235AF716D15D9DFE4C59DC2AC0C440C, 2DCFCEBEA77E7E40CEF9A785BE1A794B390B36E40FBCF49B494F9CEA3F6A28C4 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
07:41:06.0211 0x0c5c  WerSvc - ok
07:41:06.0259 0x0c5c  [ C11272713719922DE5711094333BD166, 61D4F07E02AECF04964FF51EEA31069A2B0EAA549AD2B29B5FD3E1E6BB543593 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
07:41:06.0275 0x0c5c  WFPLWFS - ok
07:41:06.0291 0x0c5c  [ 205A1FAE910F5C493D236245850BB62A, DBA4D1D734BAA3CDEB8A7F9C81A8DAA88CEA55AF5C4C5908E76FB8E522C5EC8A ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
07:41:06.0320 0x0c5c  WiaRpc - ok
07:41:06.0363 0x0c5c  [ EF536C54AB9281FDC4E83B07279FCFC4, 22E4F133170682EE14413CA8FDC2DBE73AB31960D6ACB728A6B398229FDDFD3B ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
07:41:06.0377 0x0c5c  WIMMount - ok
07:41:06.0379 0x0c5c  WinDefend - ok
07:41:06.0401 0x0c5c  [ D8966A76408107224C6013993135DD78, 6159F69BC26FF817078E68C70E6DFC9075FEBF9EF9F4F046C7A65BC377544AE6 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
07:41:06.0417 0x0c5c  WindowsTrustedRT - ok
07:41:06.0431 0x0c5c  [ 8B102A7B6CE326FD4208CC7C2D183343, E47C1D76CBFD2A382C3A7BB048D752FB6DD4616FADDEB1C3ADD5DDAE149742AF ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
07:41:06.0443 0x0c5c  WindowsTrustedRTProxy - ok
07:41:06.0500 0x0c5c  [ D4B30E23A3B373648F61290DAF432CB2, 7084E24A2E813BDD11C880F2B2D2626CD3600D9BABAA8AA8F068748E90BC8D58 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
07:41:06.0575 0x0c5c  WinHttpAutoProxySvc - ok
07:41:06.0621 0x0c5c  [ 4A53441C1C4D2878BEF27E381138BB2D, C221E74491E6FD2AF472B53876B46788D5CF62F4E645457F3B3816FD0ED2BAA1 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
07:41:06.0633 0x0c5c  WinMad - ok
07:41:06.0726 0x0c5c  [ 1033C37122C7404C3B926ADF84874832, 163B3A7112F13AE7BB2655A28C6B19AF9B263F2AD2FF1B75314BE3E2B9118903 ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
07:41:06.0803 0x0c5c  Winmgmt - ok
07:41:06.0903 0x0c5c  [ 703D0F62C5AA4D08EE8756516C0D125D, 02015A5E62490C11EC968160C528C2AFD1D7194AACA27F407B06EB462657511F ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
07:41:07.0041 0x0c5c  WinRM - ok
07:41:07.0089 0x0c5c  [ 260907CE034FE327AC99BDA4153AB22F, B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
07:41:07.0115 0x0c5c  WINUSB - ok
07:41:07.0162 0x0c5c  [ 40A3E8D729F458B2C9A8BD9380FF83D5, CD42FFC138969EF8C9588FD113F0B9A98FBA282D46A5B6BCFA765F55ED6E97A1 ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
07:41:07.0176 0x0c5c  WinVerbs - ok
07:41:07.0265 0x0c5c  [ 453740989239803FE363FF8B40EA2E08, 25499705627C38D3431B3C336E0CF3BF55ABB0C461B88DA6D3767CAAE1E2B893 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
07:41:07.0422 0x0c5c  WlanSvc - ok
07:41:07.0481 0x0c5c  [ E48BBF1363F843E030757EC190DD33E6, B37199495115ED423BA99B7317377CE865BB482D4E847861E871480AC49D4A84 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
07:41:07.0584 0x0c5c  wlidsvc - ok
07:41:07.0597 0x0c5c  [ 8F010BF65238F3F822D22BA12831796E, 2CA830F259B742D2F5CDD0437960BF512D40FB4A4C2342E3BABB38D468F79694 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
07:41:07.0612 0x0c5c  WmiAcpi - ok
07:41:07.0663 0x0c5c  [ 74ACA5A7880C1F0BB9D60E32E1705A70, A89817BCCBFF94D7394614DA81D1C6C4F53AF47A539E674EEF6DC3FC496BF702 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
07:41:07.0693 0x0c5c  wmiApSrv - ok
07:41:07.0743 0x0c5c  WMPNetworkSvc - ok
07:41:07.0750 0x0c5c  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
07:41:07.0768 0x0c5c  Wof - ok
07:41:07.0855 0x0c5c  [ 3B6CCFF7AD385842A9638DCF654ABCD4, 2E6605E5E1BD214D7F47F30E73481C07AE70CAE3A3B565FA37D1A551A58BFDB1 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
07:41:07.0984 0x0c5c  workfolderssvc - ok
07:41:08.0028 0x0c5c  [ 22C52D7EE7C7D0E02C8EFD8CAE8E3A71, 126605A12CEC9CC07DE3050F12E43CECABEAF0D00DF12300AF70F34700F7FE8E ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
07:41:08.0043 0x0c5c  wpcfltr - ok
07:41:08.0097 0x0c5c  [ 45FA01F8B7971ACB65202038E34D04A3, 9B2C2ABC7DB716295B0BD0AF04DA08E6B4200D7CF1C7DB59DD8FD8FEBD56D94C ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
07:41:08.0131 0x0c5c  WPDBusEnum - ok
07:41:08.0142 0x0c5c  [ 1C08E424CBDD5065BB7266F8C048C1B1, 0452C85EDA6CBAB75C2617886C5D8117ED25D91F1BE0F8377B08D55B6629B028 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
07:41:08.0155 0x0c5c  WpdUpFltr - ok
07:41:08.0196 0x0c5c  [ 2C6EEFFBB7FB1C51CCD3737C77AB9109, 8C2ED309FAF4312512E7BCCBBC51B1353603A3499077A1DE21991F0692AF1620 ] WpnService      C:\WINDOWS\system32\WpnService.dll
07:41:08.0273 0x0c5c  WpnService - ok
07:41:08.0319 0x0c5c  [ 638B43D39A3D0B47024555CF1095E6F1, C7EA0A6ED227A5256EB02CA76FEC538DF196B8DC38DA2A567757D2B221C9473E ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
07:41:08.0347 0x0c5c  ws2ifsl - ok
07:41:08.0395 0x0c5c  [ 5B813FADEA5BE9195F01C83287F823F7, B186175B12AF444F987FE9F0F9D329A0F9186C06E3D228824E0929BB0084853F ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
07:41:08.0422 0x0c5c  wscsvc - ok
07:41:08.0425 0x0c5c  WSearch - ok
07:41:08.0545 0x0c5c  [ 1E099AE79C6D58063E0B4F538732B87F, 0EDA8AA7CA1946DFF651AF6FBCBEBEE904FB269E67F6AB6739247C5242BCDC7E ] WSService       C:\WINDOWS\System32\WSService.dll
07:41:08.0671 0x0c5c  WSService - ok
07:41:08.0747 0x0c5c  [ BFB3F9076F9B6CBC540012842177DD63, 669C6BE8D7AF18FB8934267E713315F95B17AE6563352745FF594816BB581768 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
07:41:08.0846 0x0c5c  wuauserv - ok
07:41:08.0897 0x0c5c  [ A928F25CB62232F413EE655352856E10, 1D2B278A24DDDE8792ADE7649FF90A98E186B79F13AA296C30E4180293BE906A ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
07:41:08.0944 0x0c5c  WudfPf - ok
07:41:08.0960 0x0c5c  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
07:41:08.0980 0x0c5c  WUDFRd - ok
07:41:09.0031 0x0c5c  [ 1336DA39FE006EAB2733CA4DE5B3560C, F0D6C71ADCB66D4D14EC6D09FD43F5521A3A8CA53F248DFD01696FB4F033BE77 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
07:41:09.0049 0x0c5c  wudfsvc - ok
07:41:09.0057 0x0c5c  [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
07:41:09.0077 0x0c5c  WUDFWpdFs - ok
07:41:09.0128 0x0c5c  [ A17D939E89831694963802A729191D1F, 5DE24F3A19BC83589D3FEE19C4E44ED04450AD2F3225745A45BA7B702E7DDFD6 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
07:41:09.0215 0x0c5c  WwanSvc - ok
07:41:09.0294 0x0c5c  [ 5DFAF8BE5A3CABAABF6795BC09EB7876, 1AFD0BC50EA5C2CCB2874E97FE5205175C80849BD6C9BDAF9FBC49174D478997 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
07:41:09.0361 0x0c5c  XblAuthManager - ok
07:41:09.0435 0x0c5c  [ 7118498F6E48758A2EF5A7D1982E2B62, 1FF75AE64CB6DB263E8B35515E092B325AA71A6B2210F8F2B0AD087B3BA33345 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
07:41:09.0593 0x0c5c  XblGameSave - ok
07:41:09.0618 0x0c5c  [ F279536122B83FD0D8E158AA753E1B7C, 6A542F28E24B30DBDC2EEE24DA33C2F4ADB3596AEDDD71DC1495DD40577CE4BB ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
07:41:09.0659 0x0c5c  xboxgip - ok
07:41:09.0728 0x0c5c  [ 69E727F94BEA64E66C284F3C482F33E6, B3E0F287E7A251E0FC17C41089C45737027E54F0213BDE847356AC882B4D3700 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
07:41:09.0834 0x0c5c  XboxNetApiSvc - ok
07:41:09.0875 0x0c5c  [ DA0807D87A62D076C29C4E30F1E84F46, CA3079350038091AEE04D4DA7C06865E9DB3095120AE61AAB575AA77E86A6223 ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
07:41:09.0903 0x0c5c  xinputhid - ok
07:41:09.0908 0x0c5c  ================ Scan global ===============================
07:41:09.0961 0x0c5c  [ 82E25186617BA6C15010F0D47C705705, 5BF9E38918E6EAE86448137E2D120B80318AA1143CDDF539A2BFBEE227646816 ] C:\WINDOWS\system32\basesrv.dll
07:41:09.0988 0x0c5c  [ 602060E8FD837EC184B10B32795D62AB, BC15589FF036A2FD2F598BA5D2E3F0D5EF348C73870F5CC763A3A04B8A9166F3 ] C:\WINDOWS\system32\winsrv.dll
07:41:10.0035 0x0c5c  [ 09E92888FFF86F3334E59778724DCA6F, 2344763B52395EF565A9DE5F55BEDCA026AD2E8072FFD06F826BF366B3BA2AB4 ] C:\WINDOWS\system32\sxssrv.dll
07:41:10.0060 0x0c5c  [ 6FF8248F3A9D69A095C7F3F42BC29CB2, 9077B1AA0AFB8DB329FDED0E51085DE1C51B22A986162F29037FCA404A80D512 ] C:\WINDOWS\system32\services.exe
07:41:10.0069 0x0c5c  [ Global ] - ok
07:41:10.0070 0x0c5c  ================ Scan MBR ==================================
07:41:10.0086 0x0c5c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:41:10.0411 0x0c5c  \Device\Harddisk0\DR0 - ok
07:41:10.0411 0x0c5c  ================ Scan VBR ==================================
07:41:10.0413 0x0c5c  [ 9F6BCACAECB3B28F41396F872961C88D ] \Device\Harddisk0\DR0\Partition1
07:41:10.0415 0x0c5c  \Device\Harddisk0\DR0\Partition1 - ok
07:41:10.0415 0x0c5c  ================ Scan generic autorun ======================
07:41:10.0416 0x0c5c  IgfxTray - ok
07:41:10.0418 0x0c5c  HotKeysCmds - ok
07:41:10.0420 0x0c5c  Persistence - ok
07:41:10.0516 0x0c5c  [ 059B8158C08C82C78DC6A8153A2467A4, 8E88DBC785CF679D238DC5CCBF0C79B03B30F742CF0FC6427AD0AD2AD5943169 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
07:41:10.0544 0x0c5c  SunJavaUpdateSched - ok
07:41:10.0638 0x0c5c  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
07:41:10.0647 0x0c5c  HP Software Update - ok
07:41:10.0938 0x0c5c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
07:41:11.0180 0x0c5c  OneDriveSetup - ok
07:41:11.0388 0x0c5c  [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
07:41:11.0548 0x0c5c  OneDriveSetup - ok
07:41:11.0593 0x0c5c  Skype - ok
07:41:11.0753 0x0c5c  [ 1D7DD340E13DF9585EABB849CFC3E11B, 31CCD9753402DC030C641214B4ECB48A757BCD9F427A143A88745C62EFF87766 ] C:\Users\NCIS\AppData\Local\Microsoft\OneDrive\OneDrive.exe
07:41:11.0791 0x0c5c  OneDrive - ok
07:41:11.0850 0x0c5c  [ 41E25E514D90E9C8BC570484DBAFF62B, E6C49F7CE186DC4C9DA2C393469B070C0F1B95A01D281AE2B89538DA453D1583 ] C:\WINDOWS\system32\cmd.exe
07:41:11.0889 0x0c5c  Uninstall C:\Users\NCIS\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64 - ok
07:41:11.0901 0x0c5c  [ 41E25E514D90E9C8BC570484DBAFF62B, E6C49F7CE186DC4C9DA2C393469B070C0F1B95A01D281AE2B89538DA453D1583 ] C:\WINDOWS\system32\cmd.exe
07:41:11.0926 0x0c5c  Uninstall C:\Users\NCIS\AppData\Local\Microsoft\OneDrive\17.3.6390.0509 - ok
07:41:11.0927 0x0c5c  Waiting for KSN requests completion. In queue: 169
07:41:12.0968 0x0c5c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.494 ), 0x60100 ( disabled : updated )
07:41:12.0987 0x0c5c  AV detected via SS2: AVG AntiVirus Free Edition, C:\Program Files (x86)\AVG\Av\avgwsc.exe ( 16.101.0.7752 ), 0x41000 ( enabled : updated )
07:41:12.0991 0x0c5c  Win FW state via NFP2: enabled ( trusted )
07:41:13.0642 0x0c5c  ============================================================
07:41:13.0642 0x0c5c  Scan finished
07:41:13.0642 0x0c5c  ============================================================
07:41:13.0648 0x1e48  Detected object count: 0
07:41:13.0648 0x1e48  Actual detected object count: 0


#4 kmcdonald

kmcdonald
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 24 August 2016 - 10:56 AM

I have attached 2 screen shots, this PC has been sitting on this screen after posting above reply, then AVG popped up with the ransomer threat again, I again checked and the file listed was not in the temp directory, I did have AVG clean.

Attached Files



#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:13 AM

Posted 24 August 2016 - 11:29 AM

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    Task: {01507EC5-EE98-4A78-9166-F185C6D730A4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> 
    Task: {0696485C-F3FB-44F3-98D8-31A9C882FC10} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> 
    Task: {0A039B3F-E556-47F2-B2B9-800032CC9065} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> 
    Task: {16E5E6D5-A2C0-4466-AACC-F78C23EE28B1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> 
    Task: {3F713C1F-88F7-4752-9402-5CBFDD466857} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> 
    Task: {5288C1F0-D4FB-4364-B558-07C48B29D4DB} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> 
    Task: {855D6C95-D274-4AF1-B774-AA67C7AA8359} - \Microsoft\Windows\Setup\gwx\rundetector -> 
    Task: {C6FB219F-04B0-4D9F-B93F-952CFD9FD3C5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> 
    Task: {D222AF27-9B4E-4770-B7B7-8E55A20F38A2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> 
    Task: {D81C23F0-8A47-405D-807C-73A72FE4A65E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess ->
    Task: {DFC3F2C6-5722-4C61-9059-8DA3B606F6BA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> 
    Task: {E751AC9A-09AF-41FD-AF01-837BB1148AA8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d ->
    Task: {F6FC5EAD-97F2-4B0C-9FAD-9968B7B17ED7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> 
    Task: {F7266FD1-EF63-405E-9A8B-2EE73B245114} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> 
    Task: {FB42BE99-4CDE-4DB5-A20C-9611FC719C42} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> 
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Step 2

Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.

hitman.gif

Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 kmcdonald

kmcdonald
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 24 August 2016 - 12:07 PM

Followed step 1 FRST and fixlist, right after the log file fixlog.txt posted to the desktop windows notified that FRST stopped responding, I clicked on the warning's ok and chrome and FRST shut down. I'm posting the fixlog.txt, Let me know if I should continue with Hitman or something else

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by NCIS (24-08-2016 10:02:15) Run:1
Running from C:\Users\NCIS\Desktop
Loaded Profiles: NCIS (Available Profiles: NCIS)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Task: {01507EC5-EE98-4A78-9166-F185C6D730A4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> 
Task: {0696485C-F3FB-44F3-98D8-31A9C882FC10} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> 
Task: {0A039B3F-E556-47F2-B2B9-800032CC9065} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> 
Task: {16E5E6D5-A2C0-4466-AACC-F78C23EE28B1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> 
Task: {3F713C1F-88F7-4752-9402-5CBFDD466857} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> 
Task: {5288C1F0-D4FB-4364-B558-07C48B29D4DB} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> 
Task: {855D6C95-D274-4AF1-B774-AA67C7AA8359} - \Microsoft\Windows\Setup\gwx\rundetector -> 
Task: {C6FB219F-04B0-4D9F-B93F-952CFD9FD3C5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> 
Task: {D222AF27-9B4E-4770-B7B7-8E55A20F38A2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> 
Task: {D81C23F0-8A47-405D-807C-73A72FE4A65E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess ->
Task: {DFC3F2C6-5722-4C61-9059-8DA3B606F6BA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> 
Task: {E751AC9A-09AF-41FD-AF01-837BB1148AA8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d ->
Task: {F6FC5EAD-97F2-4B0C-9FAD-9968B7B17ED7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> 
Task: {F7266FD1-EF63-405E-9A8B-2EE73B245114} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> 
Task: {FB42BE99-4CDE-4DB5-A20C-9611FC719C42} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> 
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:13 AM

Posted 24 August 2016 - 12:12 PM

Please run the fix again.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 kmcdonald

kmcdonald
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 24 August 2016 - 01:47 PM

The fix completed okay this time and required a reboot, below are the 3 scan result logs

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by NCIS (24-08-2016 10:32:40) Run:2
Running from C:\Users\NCIS\Desktop
Loaded Profiles: NCIS (Available Profiles: NCIS)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Task: {01507EC5-EE98-4A78-9166-F185C6D730A4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> 
Task: {0696485C-F3FB-44F3-98D8-31A9C882FC10} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> 
Task: {0A039B3F-E556-47F2-B2B9-800032CC9065} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> 
Task: {16E5E6D5-A2C0-4466-AACC-F78C23EE28B1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> 
Task: {3F713C1F-88F7-4752-9402-5CBFDD466857} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> 
Task: {5288C1F0-D4FB-4364-B558-07C48B29D4DB} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> 
Task: {855D6C95-D274-4AF1-B774-AA67C7AA8359} - \Microsoft\Windows\Setup\gwx\rundetector -> 
Task: {C6FB219F-04B0-4D9F-B93F-952CFD9FD3C5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> 
Task: {D222AF27-9B4E-4770-B7B7-8E55A20F38A2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> 
Task: {D81C23F0-8A47-405D-807C-73A72FE4A65E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess ->
Task: {DFC3F2C6-5722-4C61-9059-8DA3B606F6BA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> 
Task: {E751AC9A-09AF-41FD-AF01-837BB1148AA8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d ->
Task: {F6FC5EAD-97F2-4B0C-9FAD-9968B7B17ED7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> 
Task: {F7266FD1-EF63-405E-9A8B-2EE73B245114} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> 
Task: {FB42BE99-4CDE-4DB5-A20C-9611FC719C42} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> 
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01507EC5-EE98-4A78-9166-F185C6D730A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01507EC5-EE98-4A78-9166-F185C6D730A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0696485C-F3FB-44F3-98D8-31A9C882FC10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0696485C-F3FB-44F3-98D8-31A9C882FC10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0A039B3F-E556-47F2-B2B9-800032CC9065}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A039B3F-E556-47F2-B2B9-800032CC9065}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16E5E6D5-A2C0-4466-AACC-F78C23EE28B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16E5E6D5-A2C0-4466-AACC-F78C23EE28B1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F713C1F-88F7-4752-9402-5CBFDD466857}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F713C1F-88F7-4752-9402-5CBFDD466857}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5288C1F0-D4FB-4364-B558-07C48B29D4DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5288C1F0-D4FB-4364-B558-07C48B29D4DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{855D6C95-D274-4AF1-B774-AA67C7AA8359}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{855D6C95-D274-4AF1-B774-AA67C7AA8359}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6FB219F-04B0-4D9F-B93F-952CFD9FD3C5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6FB219F-04B0-4D9F-B93F-952CFD9FD3C5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D222AF27-9B4E-4770-B7B7-8E55A20F38A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D222AF27-9B4E-4770-B7B7-8E55A20F38A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D81C23F0-8A47-405D-807C-73A72FE4A65E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D81C23F0-8A47-405D-807C-73A72FE4A65E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFC3F2C6-5722-4C61-9059-8DA3B606F6BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFC3F2C6-5722-4C61-9059-8DA3B606F6BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E751AC9A-09AF-41FD-AF01-837BB1148AA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E751AC9A-09AF-41FD-AF01-837BB1148AA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6FC5EAD-97F2-4B0C-9FAD-9968B7B17ED7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6FC5EAD-97F2-4B0C-9FAD-9968B7B17ED7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7266FD1-EF63-405E-9A8B-2EE73B245114}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7266FD1-EF63-405E-9A8B-2EE73B245114}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB42BE99-4CDE-4DB5-A20C-9611FC719C42}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB42BE99-4CDE-4DB5-A20C-9611FC719C42}" => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 1954534 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6492584 B
Java, Flash, Steam htmlcache => 806 B
Windows/system/drivers => 25621078 B
Edge => 711864 B
Chrome => 313073233 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 1580 B
NetworkService => 185880 B
NCIS => 143237583 B
 
RecycleBin => 68751840 B
EmptyTemp: => 534.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:32:57 ====
 
HitmanPro 3.7.14.265
www.hitmanpro.com
 
   Computer name . . . . : NCIS-FC2
   Windows . . . . . . . : 10.0.0.10586.X64/2
   User name . . . . . . : NCIS-FC2\NCIS
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2016-08-24 10:43:37
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 25s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 43
 
   Objects scanned . . . : 1,223,736
   Files scanned . . . . : 15,880
   Remnants scanned  . . : 207,589 files / 1,000,267 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\NCIS\Desktop\FRST64.exe
      Size . . . . . . . : 2,396,672 bytes
      Age  . . . . . . . : 0.9 days (2016-08-23 13:02:21)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : B013E81A02D8CD690103C7900F14CCFAACC063D1945767361BA4715778CF0790
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
 
Cookies _____________________________________________________________________
 
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.turn.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:adadvisor.net
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtry.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:ib.mookie1.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:legolas-media.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap.rubiconproject.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
   C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Cookies:wtp101.com
 
 
 
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9333e7bbb69ced4cb36ef50a1d68bba9
# end=init
# utc_time=2016-08-24 05:49:32
# local_time=2016-08-24 10:49:32 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 30528
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9333e7bbb69ced4cb36ef50a1d68bba9
# end=updated
# utc_time=2016-08-24 05:55:23
# local_time=2016-08-24 10:55:23 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9333e7bbb69ced4cb36ef50a1d68bba9
# engine=30528
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-08-24 06:32:06
# local_time=2016-08-24 11:32:06 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='AVG AntiVirus Free Edition'
# compatibility_mode=1057 16777213 100 88 0 2251874 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 24952469 0 0
# scanned=151627
# found=0
# cleaned=0
# scan_time=2202
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9333e7bbb69ced4cb36ef50a1d68bba9
# end=init
# utc_time=2016-08-24 06:40:01
# local_time=2016-08-24 11:40:01 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
 


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:13 AM

Posted 25 August 2016 - 09:52 AM

Are these popups now gone or are they still there? What problems are left on your computer right now?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 kmcdonald

kmcdonald
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 25 August 2016 - 09:54 AM

At this point all seems okay but the AVG warning only comes up every 3 days or so. do you think you cleaned it? and if so where was it hiding?



#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:13 AM

Posted 25 August 2016 - 10:00 AM

Please observe the computer for a few days and let me know if you face the same issue again.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 kmcdonald

kmcdonald
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 25 August 2016 - 11:46 AM

Thanks, I will let you now by Monday 8/29 unless something happens sooner.



#13 kmcdonald

kmcdonald
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 29 August 2016 - 04:08 PM

Nothing has popped up since 8/24 are we calling this fixed?



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:13 AM

Posted 30 August 2016 - 11:36 AM

It's good to hear that your problems appear to be solved.

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 kmcdonald

kmcdonald
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 30 August 2016 - 01:13 PM

As requested

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-08-2016
Ran by NCIS (administrator) on NCIS-FC2 (30-08-2016 11:09:52)
Running from C:\Users\NCIS\Desktop
Loaded Profiles: NCIS (Available Profiles: NCIS)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Scott Systems) \\SERVER\Scott Systems\MaxxTraxx Pro\Mxtrxpro.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [204560 2016-08-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [6709008 2016-07-28] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1629447234-2497554020-3744553318-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1629447234-2497554020-3744553318-1000\...\MountPoints2: {ffbb593a-340d-11e6-a916-0024e8231cc1} - "I:\Autorun.exe" 
HKU\S-1-5-21-1629447234-2497554020-3744553318-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 64.105.132.250 64.105.156.138
Tcpip\..\Interfaces\{a8ac9e11-3d04-428a-bda9-e69604807b1c}: [DhcpNameServer] 64.105.132.250 64.105.156.138
 
Internet Explorer:
==================
HKU\S-1-5-21-1629447234-2497554020-3744553318-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/en-us/?ocid=U221DHP&pc=U221
HKU\S-1-5-21-1629447234-2497554020-3744553318-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/MSE_WCP
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-10] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-10] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-18] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-10] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-01]
CHR Extension: (Chrome Media Router) - C:\Users\NCIS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [674552 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5267456 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-08-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [760024 2016-07-28] (AVG Technologies CZ, s.r.o.)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RtlService; C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [314112 2016-06-30] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [261376 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [260352 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [261888 2016-07-19] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313088 2016-07-20] (AVG Technologies CZ, s.r.o.)
R3 e1kexpress; C:\Windows\system32\DRIVERS\e1k63x64.sys [498032 2013-02-20] (Intel Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-30 11:07 - 2016-08-30 11:07 - 00000000 ____D C:\Users\NCIS\Desktop\FRST-OlderVersion
2016-08-24 10:48 - 2016-08-24 10:48 - 00000000 ____D C:\Program Files (x86)\ESET
2016-08-24 10:42 - 2016-08-24 10:48 - 00000000 ____D C:\ProgramData\HitmanPro
2016-08-24 10:02 - 2016-08-24 10:32 - 00007090 _____ C:\Users\NCIS\Desktop\Fixlog.txt
2016-08-24 10:01 - 2016-08-24 10:48 - 02870984 _____ (ESET) C:\Users\NCIS\Desktop\esetsmartinstaller_enu.exe
2016-08-24 10:01 - 2016-08-24 10:01 - 02870984 _____ (ESET) C:\Users\NCIS\Downloads\esetsmartinstaller_enu.exe
2016-08-24 10:00 - 2016-08-24 10:42 - 11438608 _____ (SurfRight B.V.) C:\Users\NCIS\Desktop\HitmanPro_x64.exe
2016-08-24 09:59 - 2016-08-24 10:00 - 11438608 _____ (SurfRight B.V.) C:\Users\NCIS\Downloads\HitmanPro_x64.exe
2016-08-24 07:39 - 2016-08-24 08:58 - 00489364 _____ C:\TDSSKiller.3.1.0.11_24.08.2016_07.39.24_log.txt
2016-08-24 07:38 - 2016-08-24 07:39 - 04747704 _____ (AO Kaspersky Lab) C:\Users\NCIS\Desktop\tdsskiller.exe
2016-08-24 07:32 - 2016-08-24 07:38 - 04747704 _____ (AO Kaspersky Lab) C:\Users\NCIS\Downloads\tdsskiller.exe
2016-08-23 13:07 - 2016-08-23 13:08 - 00034619 _____ C:\Users\NCIS\Desktop\Addition.txt
2016-08-23 13:06 - 2016-08-30 11:10 - 00011316 _____ C:\Users\NCIS\Desktop\FRST.txt
2016-08-23 13:04 - 2016-08-30 11:09 - 00000000 ____D C:\FRST
2016-08-23 13:00 - 2016-08-30 11:07 - 02397696 _____ (Farbar) C:\Users\NCIS\Desktop\FRST64.exe
2016-08-23 08:48 - 2016-08-23 08:49 - 00000000 ____D C:\AdwCleaner
2016-08-23 08:44 - 2016-08-23 08:48 - 03784256 _____ C:\Users\NCIS\Downloads\adwcleaner_6.000.exe
2016-08-23 07:25 - 2016-08-23 07:25 - 00003324 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-19 12:02 - 2016-08-19 12:02 - 00000000 ____D C:\Users\NCIS\AppData\Local\ESET
2016-08-19 12:01 - 2016-08-19 12:02 - 06761600 _____ (ESET spol. s r.o.) C:\Users\NCIS\Downloads\esetonlinescanner_enu.exe
2016-08-18 12:11 - 2016-08-18 12:11 - 00000000 ____D C:\Users\NCIS\AppData\Roaming\TuneUp Software
2016-08-18 12:11 - 2016-08-18 12:11 - 00000000 ____D C:\Users\NCIS\AppData\Roaming\AVG
2016-08-18 12:11 - 2016-08-18 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-08-18 12:10 - 2016-08-18 12:10 - 00000000 ___HD C:\$AVG
2016-08-18 12:07 - 2016-08-30 07:57 - 00000000 ____D C:\ProgramData\MFAData
2016-08-18 12:07 - 2016-08-18 12:07 - 00000000 ____D C:\Users\NCIS\AppData\Local\MFAData
2016-08-18 11:57 - 2016-08-18 11:57 - 00000943 _____ C:\Users\Public\Desktop\AVG.lnk
2016-08-18 11:57 - 2016-08-18 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-08-18 11:55 - 2016-08-18 12:10 - 00000000 ____D C:\Program Files (x86)\AVG
2016-08-18 11:33 - 2016-08-18 12:11 - 00000000 ____D C:\Users\NCIS\AppData\Local\Avg
2016-08-18 11:33 - 2016-08-18 12:10 - 00000000 ____D C:\ProgramData\Avg
2016-08-18 11:33 - 2016-08-18 12:07 - 00000000 ____D C:\Users\NCIS\AppData\Local\AvgSetupLog
2016-08-18 11:32 - 2016-08-18 11:33 - 03143504 _____ (AVG Technologies CZ, s.r.o.) C:\Users\NCIS\Downloads\AVG_Protection_Free_1606.exe
2016-08-18 11:30 - 2016-08-18 11:30 - 02895464 _____ (AVG Technologies) C:\Users\NCIS\Downloads\AVG_Protection_Free_1115.exe
2016-08-18 11:01 - 2016-08-24 10:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-18 11:01 - 2016-08-18 11:01 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-18 11:01 - 2016-08-18 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-18 11:01 - 2016-08-18 11:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-18 11:01 - 2016-08-18 11:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-18 11:01 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-18 11:01 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-18 11:01 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-18 10:59 - 2016-08-18 11:00 - 22851472 _____ (Malwarebytes ) C:\Users\NCIS\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-10 10:36 - 2016-08-03 04:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 10:36 - 2016-08-03 04:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 10:36 - 2016-08-03 04:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 10:36 - 2016-08-03 03:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 10:36 - 2016-08-03 03:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 10:36 - 2016-08-03 03:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 10:36 - 2016-08-03 03:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 10:36 - 2016-08-03 03:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 10:36 - 2016-08-03 03:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 10:36 - 2016-08-03 03:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 10:36 - 2016-08-03 03:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 10:36 - 2016-08-03 03:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 10:36 - 2016-08-03 03:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 10:36 - 2016-08-03 03:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 10:36 - 2016-08-03 03:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 10:36 - 2016-08-03 03:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 10:36 - 2016-08-03 03:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 10:36 - 2016-08-03 03:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 10:36 - 2016-08-03 03:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 10:36 - 2016-08-03 03:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 10:36 - 2016-08-03 03:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 10:36 - 2016-08-03 03:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 10:36 - 2016-08-03 03:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 10:36 - 2016-08-03 03:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 10:36 - 2016-08-03 03:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 10:36 - 2016-08-03 03:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 10:36 - 2016-08-03 02:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 10:36 - 2016-08-03 02:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 10:36 - 2016-08-03 02:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 10:36 - 2016-08-03 02:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 10:36 - 2016-08-03 02:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 10:36 - 2016-08-03 02:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 10:36 - 2016-08-03 02:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 10:36 - 2016-08-03 02:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 10:36 - 2016-08-03 02:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 10:36 - 2016-08-03 02:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 10:36 - 2016-08-03 02:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 10:36 - 2016-08-03 02:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 10:36 - 2016-08-03 02:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 10:36 - 2016-08-03 02:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 10:36 - 2016-08-03 02:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 10:36 - 2016-08-03 02:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 10:36 - 2016-08-03 02:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 10:36 - 2016-08-03 02:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 10:36 - 2016-08-03 02:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 10:36 - 2016-08-03 02:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 10:36 - 2016-08-03 02:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 10:36 - 2016-08-03 02:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 10:36 - 2016-08-03 02:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 10:36 - 2016-08-03 02:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 10:36 - 2016-08-03 02:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 10:36 - 2016-08-03 02:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 10:36 - 2016-08-03 02:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 10:36 - 2016-08-03 02:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 10:36 - 2016-08-03 02:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 10:36 - 2016-08-03 02:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 10:36 - 2016-08-03 02:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 10:36 - 2016-08-03 02:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 10:36 - 2016-08-03 02:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 10:36 - 2016-08-03 02:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 10:36 - 2016-08-03 02:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 10:36 - 2016-08-03 02:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 10:36 - 2016-08-03 02:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 10:36 - 2016-08-03 02:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 10:36 - 2016-08-03 02:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 10:36 - 2016-08-03 02:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 10:36 - 2016-08-03 02:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 10:36 - 2016-08-03 02:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 10:36 - 2016-08-03 02:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 10:36 - 2016-08-03 02:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 10:36 - 2016-08-03 02:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 10:36 - 2016-08-03 02:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 10:36 - 2016-08-03 02:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 10:36 - 2016-08-03 02:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 10:36 - 2016-08-03 02:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 10:36 - 2016-08-03 02:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 10:36 - 2016-08-03 02:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 10:36 - 2016-08-03 02:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 10:36 - 2016-08-03 02:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 10:36 - 2016-08-03 02:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 10:36 - 2016-08-03 02:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 10:36 - 2016-08-03 02:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 10:36 - 2016-08-03 02:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 10:36 - 2016-08-03 02:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 10:36 - 2016-08-03 02:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 10:36 - 2016-08-02 22:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 10:36 - 2016-08-02 22:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 10:36 - 2016-08-02 22:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 10:36 - 2016-08-02 22:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 10:36 - 2016-08-02 22:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 10:36 - 2016-08-02 22:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 10:36 - 2016-08-02 22:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 10:36 - 2016-08-02 22:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 10:36 - 2016-08-02 22:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 10:36 - 2016-08-02 22:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 10:36 - 2016-08-02 21:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 10:36 - 2016-08-02 21:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 10:36 - 2016-08-02 21:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 10:36 - 2016-08-02 21:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 10:36 - 2016-08-02 21:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 10:36 - 2016-08-02 21:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 10:36 - 2016-08-02 21:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 10:36 - 2016-08-02 21:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 10:36 - 2016-08-02 21:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 10:36 - 2016-08-02 21:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 10:36 - 2016-08-02 21:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 10:36 - 2016-08-02 21:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 10:36 - 2016-08-02 21:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 10:36 - 2016-08-02 21:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 10:36 - 2016-08-02 21:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 10:36 - 2016-08-02 21:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 10:36 - 2016-08-02 21:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 10:36 - 2016-08-02 21:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 10:36 - 2016-08-02 21:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 10:36 - 2016-08-02 21:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 10:36 - 2016-08-02 21:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 10:36 - 2016-08-02 21:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 10:36 - 2016-08-02 21:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 10:36 - 2016-08-02 21:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 10:36 - 2016-08-02 21:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 10:36 - 2016-08-02 21:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 10:36 - 2016-08-02 21:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 10:36 - 2016-08-02 21:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 10:36 - 2016-08-02 21:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 10:36 - 2016-08-02 21:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 10:36 - 2016-08-02 21:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 10:36 - 2016-08-02 21:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-10 10:36 - 2016-08-02 21:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 10:35 - 2016-08-03 02:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-30 10:36 - 2016-06-10 13:38 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
2016-08-30 10:34 - 2016-07-28 16:29 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d1e927db4f0e16.job
2016-08-30 08:32 - 2016-05-24 15:18 - 00000164 __RSH C:\ProgramData\3002.xml
2016-08-30 08:08 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-29 17:02 - 2016-05-31 23:22 - 00000032 _____ C:\WINDOWS\mxtrxpro.ini
2016-08-29 16:58 - 2016-05-31 23:18 - 00002071 _____ C:\Users\NCIS\Desktop\Mxtrxpro.lnk
2016-08-29 16:34 - 2015-12-11 13:47 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-29 10:17 - 2016-05-31 23:16 - 00000000 ____D C:\Users\NCIS\AppData\Roaming\Skype
2016-08-29 07:58 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-29 07:51 - 2016-06-10 12:59 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.exe
2016-08-25 15:41 - 2015-10-29 23:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-24 10:42 - 2016-06-10 13:04 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-24 10:42 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-24 10:36 - 2016-05-24 15:17 - 00078032 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll
2016-08-24 10:36 - 2016-04-26 23:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-24 10:35 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-23 07:25 - 2016-06-10 13:24 - 00002371 _____ C:\Users\NCIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-23 07:25 - 2016-06-10 13:24 - 00000000 ___RD C:\Users\NCIS\OneDrive
2016-08-22 15:49 - 2016-06-01 00:35 - 00000000 ____D C:\speedDIAL
2016-08-18 12:11 - 2015-10-30 00:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-08-15 09:09 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-11 17:18 - 2016-04-26 23:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-11 17:16 - 2016-04-26 23:21 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-11 17:16 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-11 17:16 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 12:06 - 2015-12-10 13:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 12:06 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 12:06 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 12:03 - 2015-12-10 13:57 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 14:36 - 2015-12-11 13:53 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 14:36 - 2015-12-11 13:53 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-04 13:48 - 2015-12-11 13:47 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
 
==================== Files in the root of some directories =======
 
2016-05-24 15:18 - 2016-05-31 23:14 - 0032432 __RSH () C:\ProgramData\3002.abs
2016-05-24 15:18 - 2016-08-30 08:32 - 0000164 __RSH () C:\ProgramData\3002.xml
2016-05-24 15:18 - 2016-05-24 15:18 - 0015568 __RSH () C:\ProgramData\3029.abs
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-22 07:40
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-08-2016
Ran by NCIS (30-08-2016 11:10:36)
Running from C:\Users\NCIS\Desktop
Windows 10 Pro Version 1511 (X64) (2016-06-10 20:19:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1629447234-2497554020-3744553318-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1629447234-2497554020-3744553318-503 - Limited - Disabled)
Guest (S-1-5-21-1629447234-2497554020-3744553318-501 - Limited - Enabled)
NCIS (S-1-5-21-1629447234-2497554020-3744553318-1000 - Administrator - Enabled) => C:\Users\NCIS
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
7-Zip 15.12 (HKLM-x32\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
AVG (HKLM\...\AvgZen) (Version: 1.82.2.30772 - AVG Technologies)
AVG (Version: 16.101.7752 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4649 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.101.7752 - AVG Technologies)
AVG Zen (Version: 1.82.2 - AVG Technologies) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FMW 1 (Version: 1.122.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP LJ300-400 color M351-M451 (HKLM-x32\...\{15CA73D8-3C82-4BAE-86CD-945BF9620516}) (Version: 5.0.12200.630 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM351M451DSService (x32 Version: 001.001.05164 - Hewlett-Packard) Hidden
HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI (HKLM-x32\...\{BD019D8F-25B9-49D6-B301-07AFF65E35DD}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM351_M451LaserJetService (x32 Version: 005.021.00132 - Hewlett-Packard) Hidden
hppToolboxProxyM351 (x32 Version: 035.024.006 - HP) Hidden
hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden
hpStatusAlertsM351_M451 (x32 Version: 050.034.0131 - Hewlett-Packard) Hidden
InstanceFinder (x32 Version: 020.021.004 - HP) Hidden
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0199 - REALTEK Semiconductor Corp.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ToolboxProxy (x32 Version: 035.024.006 - HP) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WORLDPAC speedDIAL (HKLM-x32\...\WORLDPAC speedDIAL_is1) (Version:  - WORLDPAC)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1629447234-2497554020-3744553318-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\NCIS\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {07BD3A99-2154-495D-B2A6-3DA303F37A0C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {0E93E351-59F4-4F21-874A-1D9271998611} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {1AAEE63C-BACF-4FCC-8E9A-5E3F42272702} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-11] (Google Inc.)
Task: {1AD469AF-588D-4BDE-B36B-82FADF3AC597} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1EC63F7C-6F9E-4BA1-A653-39847E44FA0B} - System32\Tasks\GoogleUpdateTaskMachineUA1d1e927db4f0e16 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-11] (Google Inc.)
Task: {21005A4D-2FD7-4469-950A-A38867A5ECE5} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {22F35816-4906-4FB6-80CA-5C1553442431} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {30F5DD05-BB22-4F68-B7E6-A3D72009C180} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {4F3DEAE2-F763-4E9D-9B12-7207492FA33C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {4F9C4957-9133-4D1A-BA21-751094DF7D03} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {4FDBA435-B00B-4504-B5CA-DBF9AC866E12} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {52B92429-FD3C-4D49-9DBE-948F2D582413} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {6CCB29C2-900D-473B-ADB8-7A273AF8E9AF} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {73C34E97-6CBF-4D0A-B702-F59E195368CB} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {7F39B6BE-5AD0-4E0D-9661-86A153DBE332} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {803209ED-0B2A-4FB8-95D4-355A271B368B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8BF61548-F29F-4B06-BEBC-1594F9D9C84E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {96265497-4652-4228-9339-9EBA2AE2E326} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {A5EB41E2-4D1F-42DC-9FD1-4B02A1564C44} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {B59E3A41-5102-4903-8232-4AD6E435D70B} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B88244AC-596C-4F3B-ABE2-5D4AA5176E30} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B9DD14D3-A83D-4811-BFB3-051B8B30190B} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {C1BBE570-3F6F-4629-97BB-9AC1381C3F29} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D250C1F4-100B-4E22-AAEC-913B9F658CED} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\NCIS\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-23] (Microsoft Corporation)
Task: {D6D13EC6-2570-44CC-8F87-696F037F6624} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {ED226C1C-286B-41A2-91A7-2400E633F24F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FB748409-01BF-46C9-9F73-31CF6CAB00EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-11] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d1e927db4f0e16.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-12 12:44 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 12:44 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-23 07:24 - 2016-08-23 07:24 - 01864384 _____ () C:\Users\NCIS\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-04-26 23:10 - 2016-04-26 23:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 12:46 - 2016-06-30 20:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 12:45 - 2016-06-30 20:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 12:45 - 2016-06-30 20:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 12:45 - 2016-06-30 20:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 12:44 - 2016-06-30 20:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-10 14:07 - 2016-06-10 14:08 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-05-24 15:12 - 2012-11-06 09:47 - 00114688 _____ () C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\EnumDevLib.dll
2016-08-23 07:23 - 2016-08-23 07:23 - 01383616 _____ () C:\Users\NCIS\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-23 07:24 - 2016-08-23 07:24 - 00118976 _____ () C:\Users\NCIS\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-08-18 11:55 - 2016-08-18 11:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-06-10 14:07 - 2016-06-10 14:08 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-10 14:07 - 2016-06-10 14:08 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-08 14:36 - 2016-08-02 17:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 14:36 - 2016-08-02 17:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1629447234-2497554020-3744553318-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\NCIS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 64.105.132.250 - 64.105.156.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{7E765E19-AA9C-4CD8-ABC5-4F8C3D1D7459}] => (Allow) C:\speedDIAL\speedDIAL.exe
FirewallRules: [UDP Query User{C3DC0050-E084-4D41-B4D5-7E7CBEDE5391}\\server\scott systems\maxxtraxx pro\maxxchat.exe] => (Allow) \\server\scott systems\maxxtraxx pro\maxxchat.exe
FirewallRules: [TCP Query User{C5417F41-4971-462B-A72D-B1A5F07D01BE}\\server\scott systems\maxxtraxx pro\maxxchat.exe] => (Allow) \\server\scott systems\maxxtraxx pro\maxxchat.exe
FirewallRules: [UDP Query User{B68CE843-2F32-4275-9445-814268A5E9F5}\\server\scott systems\maxxtraxx pro\mxtrxpro.exe] => (Allow) \\server\scott systems\maxxtraxx pro\mxtrxpro.exe
FirewallRules: [TCP Query User{2ECD1EEA-6C82-4108-9D7D-54EB556DFB91}\\server\scott systems\maxxtraxx pro\mxtrxpro.exe] => (Allow) \\server\scott systems\maxxtraxx pro\mxtrxpro.exe
FirewallRules: [{A960A116-BD49-430F-9440-E9796F7B0ECE}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\Rtldhcp.exe
FirewallRules: [{669BCFF6-62A1-45BD-B7C9-72B653AE9B3B}] => (Allow) LPort=53
FirewallRules: [{6BABF380-5BB1-439E-B1E1-E0287859998A}] => (Allow) LPort=53
FirewallRules: [{79CB8552-2CA9-41F4-AA99-CDB18EB3474F}] => (Allow) LPort=68
FirewallRules: [{122FF94B-202C-4B60-9C51-36155EF71B3F}] => (Allow) LPort=67
FirewallRules: [{6DE0AA33-05ED-4EC5-8061-9E3148F10C43}] => (Allow) LPort=53
FirewallRules: [{8C6EFC07-BA9B-49E5-8885-5D64961B136C}] => (Allow) LPort=1542
FirewallRules: [{BD45E15F-7767-4B5C-B4AE-04F582DFBC27}] => (Allow) LPort=1542
FirewallRules: [{AF374D0A-7560-4A41-BAE6-68D7818B2CAC}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{C59A5DF0-707F-482E-B197-361DA7633C83}] => (Allow) C:\Program Files (x86)\REALTEK\USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{A8FE8EB3-528F-4414-B8D7-115A8E2CD233}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A5B6EA9B-19A0-4B67-8797-93B23126C9A8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{880F4B49-2D39-4650-8B64-68AD4A388D7B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{767B3C4E-63D3-4C51-B4D5-2320153A5A55}\\server\scott systems\maxxtraxx pro\mxtrxpro.exe] => (Block) \\server\scott systems\maxxtraxx pro\mxtrxpro.exe
FirewallRules: [UDP Query User{07804288-9448-45B2-A627-90DFF2CA2814}\\server\scott systems\maxxtraxx pro\mxtrxpro.exe] => (Block) \\server\scott systems\maxxtraxx pro\mxtrxpro.exe
FirewallRules: [{B345999D-CB2A-4C54-9C62-3612BD759064}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0BAB8335-3386-490B-961F-DDCFDA0AB971}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{8CF99E73-6A59-469F-9E34-1A0B70AC4AE5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{150E7B5F-6817-4307-A69D-871E63D4474A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{EF217BCF-6D8A-4A82-9413-29DCF11FF886}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{D9EFC66E-542A-4A5A-89B2-0E37FC7A81C8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{6F5BF2C3-A700-41AE-BCCA-4316E3B6E717}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{00244127-5FEF-45B1-A4FE-9CEDB5BA1583}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{21B1EAF6-9966-43CA-B655-B04C538DCA6D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/24/2016 11:54:31 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (08/24/2016 11:40:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (08/24/2016 11:39:45 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\NCIS\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (08/24/2016 11:36:24 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (08/24/2016 11:35:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (08/24/2016 10:50:26 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (08/24/2016 10:50:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (08/24/2016 10:48:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\users\ncis\desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (08/24/2016 10:48:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\NCIS\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
Error: (08/24/2016 10:48:54 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\NCIS\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_a2d8b04ea53e3145.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.494_none_ea85e725b9ba5a4b.manifest.
 
 
System errors:
=============
Error: (08/26/2016 04:17:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_2d482 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/26/2016 04:17:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_2d482 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/26/2016 04:17:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_2d482 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/26/2016 04:17:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2d482 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/24/2016 10:55:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (08/24/2016 10:55:15 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\NCIS\AppData\Local\Temp\ehdrv.sys
 
Error: (08/24/2016 10:55:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (08/24/2016 10:55:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\NCIS\AppData\Local\Temp\ehdrv.sys
 
Error: (08/24/2016 10:55:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (08/24/2016 10:55:14 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\NCIS\AppData\Local\Temp\ehdrv.sys
 
 
CodeIntegrity:
===================================
  Date: 2016-08-17 08:06:08.809
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-17 08:06:08.743
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 07:42:01.383
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-16 07:42:01.300
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-15 09:08:27.537
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-15 09:08:27.329
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-11 17:18:41.153
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-11 08:48:36.746
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-11 03:41:53.830
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-11 03:41:53.815
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 52%
Total physical RAM: 3931.61 MB
Available physical RAM: 1871.24 MB
Total Virtual: 10075.61 MB
Available Virtual: 7819.59 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:224.18 GB) (Free:196.81 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E4BFB262)
Partition 1: (Active) - (Size=8.3 GB) - (Type=27)
Partition 2: (Not Active) - (Size=224.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)
 
==================== End of Addition.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users