Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

<filename>srv.exe and Desktoplayer


  • This topic is locked This topic is locked
14 replies to this topic

#1 Eromanga

Eromanga

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 13 June 2017 - 04:22 AM

When i open my Task Manager i found so many iexplorer.exe even thought IE is not open and when i open some of my .exe file or my game launchers it creates other .exe with srv on that last part of the loucher and i have this Desktop.exe but it's not in the Task Manager but Avast always scan it and put it on the avast chest and it create again and again. Sorry for the bad English T_T..

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-06-2017
Ran by rayman (13-06-2017 17:05:55)
Running from C:\Users\rayman\Downloads\Programs
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2017-02-06 12:25:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2779879247-1015564688-3869832789-500 - Administrator - Disabled)
Guest (S-1-5-21-2779879247-1015564688-3869832789-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2779879247-1015564688-3869832789-1002 - Limited - Enabled)
rayman (S-1-5-21-2779879247-1015564688-3869832789-1000 - Administrator - Enabled) => C:\Users\rayman
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (Version: 2.7.2.4 - Intel) Hidden
[Theme Win 7] Inou Battle wa Nichijou-kei no Naka de By Bazzh version 1.0 (HKLM\...\{56AE28B7-B862-411C-96FE-E638A3CAF4EC}_is1) (Version: 1.0 - Suck-Style)
[Theme Win 7] Naruto The Last Movie - Naruto x Hinata by Eldiaz7 (HKLM\...\{4024c044-44ca-4758-ae32-bc95cea5b964}_is1) (Version:  - RF Theme Windows)
[Theme Win 7] Persona3 By Bazzh version 1.0 (HKLM\...\{13B7001F-D237-4B9B-9844-20AE8D80439D}_is1) (Version: 1.0 - Suck-Style)
[Theme Win 7] Sword Art Online II GGO Sinon By Bazzh version 1.0 (HKLM\...\{681FB258-A9BA-47DC-B42E-6800980B3024}_is1) (Version: 1.0 - Suck-Style)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AIMP (HKLM\...\AIMP) (Version: v4.13.1893, 07.04.2017 - AIMP DevTeam)
Apple Application Support (32-bit) (HKLM\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Athan Pro 4.5 (HKLM\...\Athan) (Version:  - )
Avast Premier (HKLM\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite DCP-T300 (HKLM\...\{BA07A125-6AC7-4293-89D6-391676FFD041}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Cheat Engine 6.6 (HKLM\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Folder Marker Free (HKLM\...\Folder Marker Free_is1) (Version: 4.3 - ArcticLine Software)
Free Alarm Clock (HKLM\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group)
Hisoka HxH By Bazzh (HKLM\...\{6e61ae53-1778-4b39-935e-e1b376b7c2e2}_is1) (Version:  - k-rlitos.com)
IDM Crack 6.28 build 9 (HKLM\...\IDM Crack 6.28 build 9) (Version: build 12 - Crackingpatching.com Team)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.2.54 - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{954190cd-c66c-4650-bd15-f3dd85f2ae15}) (Version: 2.7.2.4 - Intel)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{B7C4ABF3-59A7-47AB-A72E-956BA5B4841C}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 101 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
Microangelo On Display (HKLM\...\{8679D366-D73F-4303-92F7-853B13C1F424}) (Version: 7.0.3 - Impact Software)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
PotPlayer (HKLM\...\PotPlayer) (Version:  - Kakao Corp.)
Rainmeter (HKLM\...\Rainmeter) (Version: 4.0 r2746 - )
Realtek Card Reader (HKLM\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.27041 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.607 (Version: 3.55.2393.607 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHAREit (HKLM\...\www.ushareit.com_is1) (Version: 4.0.5.171 - SHAREit Technologies Co.Ltd)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.21.9613 - SoftEther VPN Project)
Soulworker Patcher (HKU\S-1-5-21-2779879247-1015564688-3869832789-1000\...\13b90f2efd70d797) (Version: 2.8.1.0 - Miyu)
Sword Art Online By Bazzh (HKLM\...\{7775fa71-f2d0-4fc3-a4b9-b3adc9ccad1b}_is1) (Version:  - k-rlitos.com)
Uchiha Madara By Bazzh (HKLM\...\{cf901564-0761-4fbc-b544-7368b25103ef}_is1) (Version:  - k-rlitos.com)
WinRAR 5.40 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2779879247-1015564688-3869832789-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2779879247-1015564688-3869832789-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2779879247-1015564688-3869832789-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2779879247-1015564688-3869832789-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2779879247-1015564688-3869832789-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2779879247-1015564688-3869832789-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2779879247-1015564688-3869832789-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2284144B-BEE9-4376-B22B-E2647F6A4CC1} - \AutoKMSDaily -> No File <==== ATTENTION
Task: {25E1DD0C-688E-4E8B-A9F9-016630A44CBF} - System32\Tasks\{F93D34C2-E0CC-46BD-A460-F4D215848DD3} => pcalua.exe -a A:\Installer\WSP_PH.exe -d A:\Installer
Task: {30B871C0-503B-4581-A3A7-D9E0203298D6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-10] (AVAST Software)
Task: {3FA38140-8739-467A-B035-4A980C39B67E} - \AutoKMS -> No File <==== ATTENTION
Task: {87496DFE-B773-486C-A6FE-F234A1887613} - System32\Tasks\SafeZone scheduled Autoupdate 1497072872 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {941D5C4A-B45D-499C-996F-6FB1221D6409} - System32\Tasks\{37A1D59F-B145-4FC1-B75F-CD6A3BC6BB12} => pcalua.exe -a "C:\Program Files\GodsWar Online\unins000.exe" -d "C:\Program Files\GodsWar Online"
Task: {BF7AF405-6DA2-4075-9A47-DE57501D2C98} - System32\Tasks\{28C5D1D9-06DB-4B50-ADA6-E89DF30E5551} => pcalua.exe -a "F:\PC\Installer\New folder\Chipset_Intel_10.1.1.11_W10x64\Setup.exe" -d "F:\PC\Installer\New folder\Chipset_Intel_10.1.1.11_W10x64"
Task: {D65E86F5-A93B-4BBB-88D9-D9DD738731B1} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {DF6A75CF-561C-4189-AA16-C2A991683A45} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {E0A731A7-7D7F-478B-8245-933B220169EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-28] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-06-10 16:29 - 2017-06-10 16:29 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-06-10 16:29 - 2017-06-10 16:29 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-06-10 16:29 - 2017-06-10 16:29 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-13 07:55 - 2017-06-13 07:55 - 05778720 _____ () C:\Program Files\AVAST Software\Avast\defs\17061202\algo.dll
2017-06-10 16:29 - 2017-06-10 16:29 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-06-10 16:29 - 2017-06-10 16:29 - 00230632 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2004-12-25 19:37 - 2004-12-25 19:37 - 00258121 _____ () C:\Program Files\Athan\vbh.dll
2010-03-09 04:08 - 2010-03-09 04:08 - 00282697 _____ () C:\Program Files\Athan\vbp.dll
2004-03-20 20:49 - 2004-03-20 20:49 - 00229444 _____ () C:\Program Files\Athan\vbq.dll
2017-06-10 16:29 - 2017-06-10 16:29 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-06-10 16:29 - 2017-06-10 16:29 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-06-10 16:28 - 2017-06-10 16:28 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-06-10 16:29 - 2017-06-10 16:29 - 00134920 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-06-10 08:15 - 2017-06-03 14:30 - 02877272 _____ () A:\Google\Chrome\Application\59.0.3071.86\libglesv2.dll
2017-06-10 08:15 - 2017-06-03 14:30 - 00086360 _____ () A:\Google\Chrome\Application\59.0.3071.86\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:40640B7D [116]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:04 - 2017-06-07 03:44 - 00000880 _____ C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.0 keystone.mwbsys.com
0.0.0.0 serius.mwbsys.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2779879247-1015564688-3869832789-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\rayman\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 121.1.3.81 - 121.1.3.16
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Users^rayman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Gameroom.lnk => C:\Windows\pss\Facebook Gameroom.lnk.Startup
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\rayman\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: Amworks => regsvr32.exe C:\Users\rayman\AppData\Local\Amworks\jzjnylmb.dll
MSCONFIG\startupreg: Auto Azan Player => C:\Program Files\Auto Azan Player\Azan3.exe hide
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files\Bluestacks\HD-Agent.exe
MSCONFIG\startupreg: BrHelp => C:\Program Files\Brother\Brother Help\BrotherHelp.exe /AUTORUN
MSCONFIG\startupreg: BtTray => "C:\Program Files\Bluetooth Suite\BtTray.exe"
MSCONFIG\startupreg: DLLSuite2016 => C:\Program Files\DLL Suite\DLLSuite.exe
MSCONFIG\startupreg: EaseUS Cleanup => "C:\Program Files\EaseUS\EaseUS Partition Master 11.10\bin\CleanUpUI.exe" 10 300
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files\EaseUS\EaseUS Partition Master 11.10\bin\EpmNews.exe
MSCONFIG\startupreg: Ettion => C:\Users\rayman\AppData\Local\Ettion\aacdbc6111cfb3aea70f7f85aa148411.exe
MSCONFIG\startupreg: Fences => "C:\Program Files\Stardock\Fences\Fences.exe" /startup
MSCONFIG\startupreg: Find => C:\Users\rayman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Run => C:\Windows\file6.exe
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient.exe" /uihelp
MSCONFIG\startupreg: TS2WSP => E:\Games\KJ_GAMES\TS2WSP_PH\WSP.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B9C1D6CA-978F-4FBB-B6B0-C24F30219D8C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{0A70AA5D-C981-442E-AD0C-59DFDE0476A2}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{F4BEDDC8-E3C7-42D0-A081-3881608F9D21}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{1F9F48C7-8DA8-4EFA-BD2C-145EE87C1A2D}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{F16DC26C-2DA3-4A8E-805B-05BBF552BE5C}] => (Allow) C:\Users\rayman\AppData\Local\Temp\is-AMRL0.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{8CAC02D2-A833-4383-9151-E12431AC3ABC}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{1566C1E2-9945-4E20-A90A-7E270B36E207}] => (Allow) C:\Windows\System32\rundll32.exe
FirewallRules: [{6B5773A7-C247-4217-BCFE-8358F0EAD6F6}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{1611D49F-345A-45FF-93BD-ADFDED0AEC2C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{4099440D-2BCF-4E98-BBFD-3A50B73C115A}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{80D1F60A-2488-43C9-A231-F7C91B4ACBC3}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{3D3A04EB-FB98-4BBC-B615-5012402104A6}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{FDC99198-9890-4B01-B3B6-D4FE3066DA67}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [TCP Query User{864AC571-03DF-42D9-B99C-7056E4DFC4CC}F:\games\cabal\launcher\launcher.exe] => (Allow) F:\games\cabal\launcher\launcher.exe
FirewallRules: [UDP Query User{0324FE38-7919-452B-AD15-D269F38D8D58}F:\games\cabal\launcher\launcher.exe] => (Allow) F:\games\cabal\launcher\launcher.exe
FirewallRules: [{7221B53C-D0CB-49D6-A77E-527C1C4B35CD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5333FA77-46DB-4078-810A-F79ABB3FC19D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9351B248-F985-44DF-986F-600CF8C3B5C9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{524476EF-5584-4718-BA25-9BEA40CF4A49}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{A3B8877E-53BB-4D71-8B8B-3A7EDE7E5B2F}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{BD9BA5A2-564F-4E76-A930-FB62D5EEBEC1}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{56B8339F-C9B7-4F28-9677-95FA05AD7508}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{A36F814D-FC29-4FDC-927A-C6D20C649D65}G:\games\cabal\launcher\launcher.exe] => (Allow) G:\games\cabal\launcher\launcher.exe
FirewallRules: [UDP Query User{B870E0F6-CBCE-4CD4-BCA6-D47169607BE7}G:\games\cabal\launcher\launcher.exe] => (Allow) G:\games\cabal\launcher\launcher.exe
FirewallRules: [{83E3941C-D9B7-4FD2-B391-28FEF3637BA5}] => (Allow) C:\Program Files\Firefox\Firefox.exe
FirewallRules: [{95AAEC24-2844-4BF2-8D68-A9AC31610726}] => (Allow) C:\Program Files\Toolhair\Application\chrome.exe
FirewallRules: [TCP Query User{C7557248-BBDC-403C-9996-E3A86D404785}G:\games\steam\steam.exe] => (Allow) G:\games\steam\steam.exe
FirewallRules: [UDP Query User{3D0982B9-CD89-455B-9EB7-10C7EF40BE44}G:\games\steam\steam.exe] => (Allow) G:\games\steam\steam.exe
FirewallRules: [{DE8CE665-95DA-4E12-AC35-CE9A3264FF81}] => (Allow) G:\Games\Steam\Steam.exe
FirewallRules: [{51B91EC4-2A1C-4FE7-9049-FE7273966A78}] => (Allow) G:\Games\Steam\Steam.exe
FirewallRules: [{90E10F16-6FE8-409B-AD90-7B88BD6BDE59}] => (Allow) G:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D6C76A63-7A40-49E5-9D0C-B9E4334CAC70}] => (Allow) G:\Games\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7CDB5290-829A-4B87-8BCC-6EDC427F302D}] => (Allow) G:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{18C566C0-7CE0-477D-8F68-6A910993DA57}] => (Allow) G:\Games\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [TCP Query User{408802AC-D010-4E2A-B763-5C468F654FF3}C:\program files\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [UDP Query User{73C18F52-368D-4B0C-9070-5F6CE91656CB}C:\program files\ostotosoft\drivertalent\drivertalent.exe] => (Allow) C:\program files\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [{D7ED1EDD-BE9D-48D6-B45B-02F6C4E6F2BA}] => (Allow) C:\Program Files\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{94F28B6F-89F3-4A23-9237-0DE4890CD450}] => (Allow) C:\Program Files\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{57EB5856-651D-4B9E-BF98-F2F399791135}] => (Allow) C:\Program Files\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{55FE49F3-D0DE-457F-B663-CFB47E0AA17E}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{53D8C136-6EFE-4457-83F1-339BF20C9BDF}] => (Allow) C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.exe
FirewallRules: [{FCA7CD5F-5FC6-4BE4-9943-6E08FCE28DD2}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [{4A1086BB-9C2D-41A4-84DC-24DA7C520DF5}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe
FirewallRules: [TCP Query User{980FD27E-1B61-45A3-934B-2E309DCC3F43}E:\games\zhypermu s8\main.exe] => (Allow) E:\games\zhypermu s8\main.exe
FirewallRules: [UDP Query User{910499A3-1AFA-4BD5-B22D-4172DAB85F78}E:\games\zhypermu s8\main.exe] => (Allow) E:\games\zhypermu s8\main.exe
FirewallRules: [TCP Query User{A1C39C2B-F642-4053-B7C7-07DB8B64E2A9}C:\users\rayman\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\rayman\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{6818B5F7-FBB2-4818-A4E2-F686C8B1F38B}C:\users\rayman\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\rayman\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{337E6C70-2C45-48B7-8BE2-151FA6B11940}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [UDP Query User{AF5A2958-A087-4A2F-968C-227A95924C76}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe
FirewallRules: [TCP Query User{93735729-3CB8-4460-A6CF-D22A44CF7BAD}C:\users\rayman\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\rayman\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{CECA9E02-23C9-4374-97E8-2C9C21D2E679}C:\users\rayman\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\rayman\appdata\local\akamai\netsession_win.exe
FirewallRules: [{47EE7BE2-70EB-4575-A8D2-7B416BC22395}] => (Allow) LPort=1046
FirewallRules: [{06BD468E-359D-42EF-84C6-8B0363610291}] => (Allow) LPort=5000
FirewallRules: [{76FC2355-5847-4660-875D-801ACDB00994}] => (Allow) LPort=1072
FirewallRules: [{18BE6FDC-E239-4AC3-A5F5-207799861ECC}] => (Allow) LPort=5000
FirewallRules: [TCP Query User{3C5DB3FF-F9A7-4BE2-A9A5-B2C76B4CAA19}C:\hanpurple\soulworker\soulworker100.exe] => (Allow) C:\hanpurple\soulworker\soulworker100.exe
FirewallRules: [UDP Query User{6D7DDAF0-9F59-43A5-90C6-2CB3E2C3410A}C:\hanpurple\soulworker\soulworker100.exe] => (Allow) C:\hanpurple\soulworker\soulworker100.exe
FirewallRules: [TCP Query User{7657A965-A8F8-4F61-A692-627A302D9479}C:\hanpurple\soulworker\soulworker100.exe] => (Block) C:\hanpurple\soulworker\soulworker100.exe
FirewallRules: [UDP Query User{BC59C336-ACE4-41CB-978D-25E11D5D46DD}C:\hanpurple\soulworker\soulworker100.exe] => (Block) C:\hanpurple\soulworker\soulworker100.exe
FirewallRules: [{29BDC9EE-E57A-4D80-9A8E-97D59035AF20}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{78334436-2684-4A83-9E75-EE7868B86FD7}A:\google\chrome\application\chrome.exe] => (Block) A:\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{C0D69B00-A9C7-4561-B931-2650A24D65F4}A:\google\chrome\application\chrome.exe] => (Block) A:\google\chrome\application\chrome.exe
FirewallRules: [{37BD029F-DDD1-4C31-BA9A-056A3238C073}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{9B05B0B4-0258-43F1-857C-4AD9860228D5}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{BD7604D8-292A-41FB-AD10-B0EC8967A389}] => (Allow) C:\Program Files\Nox\bin\Nox.exe
FirewallRules: [{C4EA3CF4-9068-4C25-9043-10BD78727307}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RT\NoxVMHandle.exe
 
==================== Restore Points =========================
 
10-06-2017 08:36:40 Checkpoint by HitmanPro
10-06-2017 13:32:30 Device Driver Package Install: Avast Network Service
10-06-2017 20:55:20 Device Driver Package Install: TAP-Windows Provider V9 Network adapters
10-06-2017 22:08:57 Device Driver Package Install: Avast Network Service
13-06-2017 16:52:58 Avast Cleanup
 
==================== Faulty Device Manager Devices =============
 
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/13/2017 03:20:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/13/2017 01:57:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44cc4
Faulting module name: MODSys.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f7df1a2
Exception code: 0xc0000005
Fault offset: 0x0d777a60
Faulting process id: 0x7d0
Faulting application start time: 0x01d2e40815260df6
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: MODSys.dll
Report Id: 3be6b921-4ffd-11e7-86be-00ac9be53707
 
Error: (06/13/2017 01:45:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/13/2017 10:36:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/13/2017 07:40:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/13/2017 07:31:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/13/2017 07:10:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (06/13/2017 05:24:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1296228
 
Error: (06/13/2017 05:24:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1296228
 
Error: (06/13/2017 05:24:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (06/13/2017 03:23:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StfokchaquyQumase service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/13/2017 03:23:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the StfokchaquyQumase service to connect.
 
Error: (06/13/2017 03:22:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DAUMDVDMaker service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/13/2017 03:22:58 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the DAUMDVDMaker service to connect.
 
Error: (06/13/2017 01:52:36 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (06/13/2017 01:48:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StfokchaquyQumase service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/13/2017 01:48:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the StfokchaquyQumase service to connect.
 
Error: (06/13/2017 01:47:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DAUMDVDMaker service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/13/2017 01:47:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the DAUMDVDMaker service to connect.
 
Error: (06/13/2017 10:42:57 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU N2920 @ 1.86GHz
Percentage of memory in use: 58%
Total physical RAM: 1934.36 MB
Available physical RAM: 802.59 MB
Total Virtual: 3868.73 MB
Available Virtual: 2637.77 MB
 
==================== Drives ================================
 
Drive a: (Anime) (Fixed) (Total:117.19 GB) (Free:47.01 GB) NTFS
Drive c: () (Fixed) (Total:151.4 GB) (Free:71.53 GB) NTFS
Drive e: (Private Files) (Fixed) (Total:195.31 GB) (Free:29.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: CCA7666A)
Partition 1: (Active) - (Size=1.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.2 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=151.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-06-2017
Ran by rayman (administrator) on RAYMAN-PC (13-06-2017 17:04:34)
Running from C:\Users\rayman\Downloads\Programs
Loaded Profiles: rayman (Available Profiles: rayman)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(www.IslamicFinder.org) C:\Program Files\Athan\Athan.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Comfort Software Group) C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Google Inc.) A:\Google\Chrome\Application\chrome.exe
(Google Inc.) A:\Google\Chrome\Application\chrome.exe
(Google Inc.) A:\Google\Chrome\Application\chrome.exe
(Google Inc.) A:\Google\Chrome\Application\chrome.exe
(Google Inc.) A:\Google\Chrome\Application\chrome.exe
(Google Inc.) A:\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [Rainmeter] => C:\Program Files\Rainmeter\Rainmeter.exe [38544 2017-01-01] (Rainmeter)
HKLM\...\Run: [SAO Utils] => "A:\Installer\Sao uti\SAO Utils.exe"
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Athan] => C:\Program Files\Athan\Athan.exe [1216512 2014-05-04] (www.IslamicFinder.org)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient.exe [3957704 2017-06-10] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-10] (AVAST Software)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,userinit.exe
HKU\S-1-5-21-2779879247-1015564688-3869832789-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2779879247-1015564688-3869832789-1000\...\Run: [FreeAC] => C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe [3015072 2016-01-19] (Comfort Software Group)
HKU\S-1-5-21-2779879247-1015564688-3869832789-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [4001848 2017-06-09] (Tonec Inc.)
HKU\S-1-5-21-2779879247-1015564688-3869832789-1000\...\MountPoints2: {faaabdef-ecc0-11e6-ae53-84732cba1758} - F:\Setup.exe /s
HKLM\...\Providers\97h8zufu: C:\Program Files\Bozoty Agent\local32spl.dll
ShellExecuteHooks: No Name - {8BC2E310-EABD-11E6-9AFB-64006A5CFC23} - C:\Users\rayman\AppData\Roaming\Domety\Qekopy.dll -> No File
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-06-10] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2017-06-10]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\rayman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2017-03-28]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
Startup: C:\Users\rayman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SAO Utils.lnk [2017-06-13]
ShortcutTarget: SAO Utils.lnk -> A:\Installer\Sao uti\New folder\SAO Utils\SAO Utils.exe (Studio GPBeta)
BootExecute: autocheck autochk * aswBoot.exe /M:3d21017eb /dir:"C:\Program Files\AVAST Software\Avast"
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 121.1.3.81 121.1.3.16 121.1.3.66
Tcpip\..\Interfaces\{42A7DC39-7A61-477F-AD3D-DAB8A39BC88A}: [DhcpNameServer] 121.1.3.81 121.1.3.16 121.1.3.66
Tcpip\..\Interfaces\{A22C0BEB-E4EF-4EF8-BA8F-A3A61213DE10}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2779879247-1015564688-3869832789-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://soulworker.hangame.co.jp/
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2017-06-07] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-06-10] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation)
 
FireFox:
========
FF HKU\S-1-5-21-2779879247-1015564688-3869832789-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\rayman\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\rayman\AppData\Roaming\IDM\idmmzcc5 [2017-06-11] [not signed]
FF HKU\S-1-5-21-2779879247-1015564688-3869832789-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-28] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com.ph/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\rayman\AppData\Local\Google\Chrome\User Data\Default [2017-06-13]
CHR Extension: (Google Slides) - C:\Users\rayman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-06-10]
CHR Extension: (Google Docs) - C:\Users\rayman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-06-10]
CHR Extension: (Google Sheets) - C:\Users\rayman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-06-10]
CHR Extension: (Google Docs Offline) - C:\Users\rayman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-10]
CHR Extension: (One Piece logo) - C:\Users\rayman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghhlbpnfjpoclfaecoabciimllecbbob [2017-06-10]
CHR Extension: (Grammarly for Chrome) - C:\Users\rayman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-06-11]
CHR Extension: (IDM Integration Module) - C:\Users\rayman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\rayman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-10]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2017-06-09]
CHR HKU\S-1-5-21-2779879247-1015564688-3869832789-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.T33JLUAUS56ITVHBMWPUDN3RVE - E:\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5732136 2017-06-10] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-10] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [310496 2017-06-10] (AVAST Software)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280696 2016-05-12] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [274040 2016-05-12] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel® Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [5449136 2016-05-16] (INCA Internet Co., Ltd.)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient.exe [3957704 2017-06-10] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [37376 2017-06-05] (Microsoft Corporation) [File not signed]
S3 uSHAREitSvc; C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-01-20] (SHAREit Technologies Co.Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 DAUMDVDMaker; rundll32.exe "C:\Program Files\DAUM\DAUMDVDMaker.dll",soeasy [X]
S2 StfokchaquyQumase; rundll32.exe "C:\Program Files\Qumase\StfokchaquyQumase.dll",soeasy [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [258288 2017-06-10] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148696 2017-06-10] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [268016 2017-06-10] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41664 2017-06-10] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-06-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-06-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107928 2017-06-10] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [27896 2017-06-10] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [391048 2017-06-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-06-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-06-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [764576 2017-06-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [482608 2017-06-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115152 2017-06-10] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [48152 2017-06-10] (The OpenVPN Project)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [279800 2017-06-10] (AVAST Software)
R3 athr; C:\Windows\System32\DRIVERS\athr.sys [3268608 2014-07-22] (Qualcomm Atheros Communications, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [47056 2017-06-10] ()
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [19216 2014-11-04] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [384272 2014-11-04] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [805648 2014-11-04] (Intel Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0057.sys [37920 2017-02-09] (SoftEther Corporation)
R3 RSBASTOR; C:\Windows\System32\DRIVERS\RtsBaStor.sys [233176 2013-09-04] (Realtek Semiconductor Corp.)
R3 SEE; C:\Windows\System32\drivers\see.sys [55328 2017-02-09] (SoftEther Corporation)
R3 TXEI; C:\Windows\System32\DRIVERS\TXEI.sys [75792 2013-07-01] (Intel Corporation)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 XDva535; \??\C:\Windows\system32\XDva535.sys [X]
S3 XDva536; \??\C:\Windows\system32\XDva536.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-13 17:04 - 2017-06-13 17:04 - 00000000 ____D C:\FRST
2017-06-13 17:01 - 2017-06-13 17:03 - 00004290 _____ C:\Users\rayman\Desktop\Rkill.txt
2017-06-13 17:01 - 2017-06-13 17:01 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-13 17:00 - 2017-06-13 17:00 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\rayman\Downloads\rkill.com
2017-06-12 20:18 - 2017-06-12 20:18 - 00000000 ____D C:\Users\rayman\AppData\Local\MultiPlayerManager
2017-06-12 20:11 - 2017-06-12 20:19 - 00000000 ____D C:\Users\rayman\.BigNox
2017-06-12 20:05 - 2017-06-12 20:20 - 00000000 ____D C:\Users\rayman\vmlogs
2017-06-12 10:49 - 2017-06-12 10:49 - 00000000 ____D C:\Users\rayman\AppData\Roaming\2K Sports
2017-06-11 19:18 - 2017-06-11 19:18 - 00000000 ____D C:\Users\rayman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-11 19:18 - 2017-06-11 19:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-06-10 22:14 - 2017-06-10 16:29 - 00330768 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-06-10 22:07 - 2017-06-10 22:06 - 00391048 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-06-10 22:06 - 2017-06-10 22:06 - 00027896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2017-06-10 21:23 - 2017-06-10 21:23 - 00007458 _____ C:\Users\rayman\Documents\Reg153.reg
2017-06-10 16:09 - 2017-06-10 16:09 - 00000000 ___HD C:\$AV_ASW
2017-06-10 15:46 - 2017-06-10 15:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2017-06-10 13:37 - 2017-06-10 13:37 - 00000000 ____D C:\Users\rayman\AppData\Roaming\AVAST Software
2017-06-10 13:34 - 2017-06-10 13:34 - 00001200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-06-10 13:31 - 2017-06-10 16:31 - 00115152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-06-10 13:31 - 2017-06-10 16:29 - 00764576 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-06-10 13:31 - 2017-06-10 16:29 - 00482608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-06-10 13:31 - 2017-06-10 16:29 - 00279800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-06-10 13:31 - 2017-06-10 16:29 - 00107928 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-06-10 13:31 - 2017-06-10 16:29 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-06-10 13:31 - 2017-06-10 16:29 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-06-10 13:31 - 2017-06-10 16:29 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-06-10 13:31 - 2017-06-10 16:29 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-06-10 13:31 - 2017-06-10 16:28 - 00268016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-06-10 13:31 - 2017-06-10 16:28 - 00258288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-06-10 13:31 - 2017-06-10 16:28 - 00148696 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-06-10 13:31 - 2017-06-10 16:28 - 00041664 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-06-10 13:29 - 2017-06-10 13:29 - 00048152 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\aswTap.sys
2017-06-10 13:28 - 2017-06-10 13:29 - 00000000 ____D C:\Program Files\AVAST Software
2017-06-10 12:42 - 2017-06-10 12:46 - 24297183 _____ C:\Users\rayman\Downloads\Avast Internet Security 2016 Build 11.1.2245 + Key valid till 2018 {L Drago}.zip.crdownload
2017-06-10 08:38 - 2017-06-10 08:38 - 00047056 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-06-09 00:59 - 2017-06-09 00:15 - 00148104 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2017-06-06 13:12 - 2017-06-06 13:12 - 00029864 _____ C:\ProgramData\agent.uninstall.1496725930.bdinstall.bin
2017-06-06 05:40 - 2017-06-06 05:40 - 00000000 ____D C:\ProgramData\bdch
2017-06-06 04:41 - 2017-06-06 04:41 - 00029399 _____ C:\ProgramData\agent.update.1496695253.bdinstall.bin
2017-06-06 04:34 - 2017-06-06 04:34 - 00000000 ____D C:\Users\rayman\AppData\Local\Bitdefender Antivirus Free
2017-06-06 04:30 - 2017-06-06 04:30 - 00000000 ____D C:\ProgramData\Bitdefender
2017-06-06 03:48 - 2017-06-06 03:48 - 00046202 _____ C:\ProgramData\agent.1496692116.bdinstall.bin
2017-06-06 03:39 - 2017-06-06 03:39 - 00001435 _____ C:\ProgramData\agent.1496691586.bdinstall.bin
2017-06-06 03:38 - 2017-06-06 03:38 - 00028976 _____ C:\ProgramData\agent.1496691509.bdinstall.bin
2017-06-05 22:34 - 2017-06-05 22:34 - 00000000 ____D C:\Users\rayman\AppData\Roaming\QuickScan
2017-06-05 22:05 - 2017-06-05 22:05 - 00045991 _____ C:\ProgramData\agent.1496671537.bdinstall.bin
2017-06-05 22:05 - 2017-06-05 22:05 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-06-04 11:20 - 2017-06-04 11:20 - 00000000 ____D C:\Users\rayman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miyu
2017-06-04 11:20 - 2017-06-04 11:20 - 00000000 ____D C:\Users\rayman\AppData\Local\SWPatcher
2017-06-04 08:03 - 2017-06-04 08:05 - 04434217 _____ C:\Users\rayman\Downloads\forge-1.11.2-13.20.0.2312-universal.jar
2017-06-04 06:57 - 2017-06-04 06:58 - 02044782 _____ C:\Users\rayman\Downloads\OptiFine_1.9.0_HD_U_D8.jar
2017-06-03 15:09 - 2017-06-06 19:36 - 00000000 ___RD C:\HanPurple
2017-06-03 14:47 - 2017-06-03 14:47 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-03 14:47 - 2017-06-03 14:47 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-03 14:47 - 2017-06-03 14:47 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-03 14:47 - 2017-06-03 14:47 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-03 14:47 - 2017-06-03 14:47 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-03 14:47 - 2017-06-03 14:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2017-06-03 14:47 - 2017-06-03 14:47 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2017-06-03 14:47 - 2017-06-03 14:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-03 14:47 - 2017-06-03 14:47 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-03 14:47 - 2017-06-03 14:47 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2017-06-03 14:47 - 2017-06-03 14:47 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2017-06-03 14:47 - 2017-06-03 14:47 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-03 14:47 - 2017-06-03 14:47 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2017-06-03 14:47 - 2017-06-03 14:47 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2017-06-03 14:47 - 2017-06-03 14:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2017-06-03 14:47 - 2017-06-03 14:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-03 13:57 - 2017-06-13 15:25 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2017-06-03 13:57 - 2017-06-10 15:46 - 00002066 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2017-06-02 09:01 - 2017-06-02 09:01 - 02679656 _____ (Eximion B.V.) C:\Users\rayman\Downloads\KalydoPlayer_6.04.02.exe
2017-06-02 04:16 - 2017-06-11 19:11 - 00000000 ____D C:\Users\rayman\Downloads\IDM
2017-05-31 10:42 - 2017-06-07 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playone
2017-05-30 11:54 - 2017-06-06 05:55 - 00226921 _____ C:\Users\rayman\Documents\bookmarks_5_30_17.html
2017-05-30 10:33 - 2017-06-02 12:13 - 00007490 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-05-30 10:33 - 2017-06-02 12:11 - 00014608 _____ C:\Windows\ZAM.krnl.trace
2017-05-30 10:32 - 2017-06-07 11:06 - 00000000 ____D C:\Users\rayman\AppData\Local\Zemana
2017-05-30 09:24 - 2017-05-30 09:25 - 02056699 _____ C:\Users\rayman\Downloads\OptiFine_1.11.2_HD_U_B9.jar
2017-05-30 03:07 - 2017-05-30 03:07 - 00000000 ____D C:\ProgramData\Aeria Games
2017-05-30 03:06 - 2017-05-30 04:18 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2017-05-29 11:10 - 2017-05-29 11:10 - 00160840 _____ (SurfRight B.V.) C:\Windows\system32\LnkProtect.dll
2017-05-29 09:16 - 2017-05-29 09:16 - 00000000 ____D C:\Users\rayman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R2Games
2017-05-28 21:45 - 2017-06-07 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
2017-05-28 21:45 - 2017-06-07 11:06 - 00000000 ____D C:\Program Files\FreeAlarmClock
2017-05-28 14:29 - 2017-06-07 11:06 - 00000000 ____D C:\Users\rayman\AppData\Local\Mozilla
2017-05-28 13:36 - 2017-05-28 13:43 - 43984979 _____ C:\Users\rayman\Downloads\sao_utils_beta1_web_browser_engine_win32.nvg
2017-05-28 13:34 - 2017-05-28 13:34 - 00398531 _____ C:\Users\rayman\Downloads\sao_utils_beta1_web_widget.nvg
2017-05-28 08:38 - 2017-05-28 08:39 - 00000000 ____D C:\Users\rayman\AppData\Roaming\ControlCenter4
2017-05-28 08:34 - 2017-06-07 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
2017-05-28 08:32 - 2017-06-13 15:26 - 00000000 ____D C:\Program Files\ControlCenter4
2017-05-28 08:32 - 2017-06-10 08:38 - 00000000 ____D C:\Program Files\Browny02
2017-05-28 08:32 - 2015-04-14 09:51 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\system32\BROSNMP.DLL
2017-05-28 08:31 - 2017-05-28 08:32 - 00000000 ____D C:\Program Files\Brother
2017-05-28 08:31 - 2014-07-04 12:10 - 00002560 _____ (Brother Industries Ltd.) C:\Windows\system32\BrDctF2S.dll
2017-05-28 08:31 - 2013-07-12 14:03 - 00214016 _____ (brother) C:\Windows\system32\NSSearch.dll
2017-05-28 08:31 - 2010-03-15 19:45 - 00073728 _____ (Brother Industries Ltd.) C:\Windows\system32\BrDctF2.dll
2017-05-28 08:31 - 2007-12-13 22:16 - 00005120 _____ (Brother Industries Ltd.) C:\Windows\system32\BrDctF2L.dll
2017-05-26 14:32 - 2017-05-26 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2017-05-26 14:27 - 2017-06-07 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2017-05-26 13:15 - 2017-06-06 05:55 - 00226334 _____ C:\Users\rayman\Documents\bookmarks_5_26_17.html
2017-05-26 09:26 - 2017-05-26 09:27 - 00047737 _____ C:\Users\rayman\Downloads\Development Settings.apk
2017-05-26 08:54 - 2017-05-26 08:54 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2017-05-24 20:43 - 2017-05-22 14:16 - 634253665 _____ C:\Users\rayman\Downloads\GlobalMu.net s9ep5 v19.rar
2017-05-24 20:04 - 2017-05-24 20:04 - 00000000 ___HD C:\Windows\PIF
2017-05-24 06:41 - 2017-06-07 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Marker
2017-05-24 06:41 - 2017-06-07 11:06 - 00000000 ____D C:\Program Files\Folder Marker
2017-05-24 06:41 - 2017-05-24 06:41 - 00000000 ____D C:\Users\rayman\AppData\Roaming\ArcticLine
2017-05-23 20:20 - 2017-05-23 20:20 - 00000000 ____D C:\Users\rayman\AppData\Roaming\LibrariIcon
2017-05-22 14:46 - 2017-06-07 04:15 - 00000000 ____D C:\Users\rayman\AppData\Local\RabanSoft
2017-05-22 14:46 - 2017-05-22 14:46 - 00000016 _____ C:\ProgramData\mntemp
2017-05-21 18:41 - 2017-06-07 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R2Games
2017-05-19 15:21 - 2017-05-19 15:21 - 00009216 ___SH C:\Users\rayman\Thumbs.db
2017-05-18 20:50 - 2017-05-18 21:27 - 80950111 _____ C:\Users\rayman\Downloads\Battle-Camp-(MOD)_4.1.1-Android-1.com.apk
2017-05-18 18:47 - 2017-05-18 18:47 - 00000334 _____ C:\Users\rayman\Documents\Systeminfo.txt
2017-05-18 18:19 - 2017-05-18 18:20 - 00007944 _____ C:\Users\rayman\Downloads\BattleCamp.deb
2017-05-16 18:35 - 2017-05-16 18:35 - 00000000 ____D C:\ProgramData\WEBZEN
2017-05-15 20:00 - 2017-06-02 05:39 - 00000000 ___RD C:\Users\rayman\Documents\Bluetooth Folder
2017-05-15 07:44 - 2017-05-15 07:44 - 00000045 _____ C:\Users\rayman\nuuid.ini
2017-05-15 07:44 - 2017-05-15 07:44 - 00000041 _____ C:\Users\rayman\inst.ini
2017-05-15 07:44 - 2017-05-15 07:44 - 00000000 ____D C:\Users\rayman\Nox_share
2017-05-15 07:44 - 2017-05-15 07:44 - 00000000 ____D C:\Users\rayman\AppData\Roaming\Microsoft\Windows\Start Menu\Nox
2017-05-15 07:41 - 2017-06-12 20:21 - 00000000 ____D C:\Users\rayman\AppData\Local\Nox
2017-05-14 17:37 - 2017-05-14 17:37 - 00000017 _____ C:\Users\rayman\Documents\new list.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-13 16:27 - 2017-02-08 21:24 - 00000000 ____D C:\Users\rayman\AppData\Roaming\IDM
2017-06-13 15:44 - 2009-07-14 12:34 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-13 15:44 - 2009-07-14 12:34 - 00021088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-13 15:20 - 2017-02-08 15:24 - 00000000 __SHD C:\Users\rayman\IntelGraphicsProfiles
2017-06-13 15:20 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-13 13:59 - 2017-02-08 21:24 - 00000000 ____D C:\Users\rayman\AppData\Roaming\DMCache
2017-06-13 13:59 - 2010-11-21 05:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-13 13:59 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\inf
2017-06-13 13:58 - 2017-05-04 09:13 - 00000000 ____D C:\Users\rayman\AppData\Local\CrashDumps
2017-06-12 20:31 - 2017-02-09 00:08 - 00000000 ____D C:\Users\rayman\AppData\Local\Deployment
2017-06-12 20:22 - 2017-03-24 17:16 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-12 20:19 - 2017-02-28 06:48 - 00000000 ____D C:\Users\rayman\.android
2017-06-12 20:11 - 2017-02-06 20:25 - 00000000 ____D C:\Users\rayman
2017-06-12 20:11 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\registration
2017-06-12 04:16 - 2017-02-08 21:24 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-06-11 19:10 - 2017-02-08 20:48 - 00000000 ____D C:\Users\rayman\Downloads\Compressed
2017-06-11 10:42 - 2017-02-06 21:27 - 01768760 _____ C:\Windows\UTP.exe
2017-06-11 06:06 - 2017-05-04 21:42 - 00000499 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2017-06-10 15:27 - 2017-02-08 20:51 - 00000000 ____D C:\Users\rayman\Downloads\VPN
2017-06-10 15:09 - 2017-02-08 18:33 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-10 12:15 - 2017-02-09 07:41 - 00000000 ___RD C:\Tweaker
2017-06-10 08:37 - 2017-04-03 05:56 - 00000000 ____D C:\Users\rayman\Downloads\CheatEngineTrainer
2017-06-10 08:37 - 2017-02-08 19:57 - 00003232 _____ C:\Windows\system32\.crusader
2017-06-10 08:21 - 2009-07-14 12:53 - 00032616 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-06-09 16:33 - 2009-07-14 12:52 - 00000000 ____D C:\Windows\Downloaded Program Files
2017-06-08 13:26 - 2017-03-22 11:39 - 00007887 _____ C:\Windows\BRRBCOM.INI
2017-06-07 11:06 - 2017-05-09 05:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2017-06-07 11:06 - 2017-05-04 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHAREit
2017-06-07 11:06 - 2017-04-16 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Athan
2017-06-07 11:06 - 2017-03-26 03:13 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-06-07 11:06 - 2017-03-25 12:00 - 00000000 ____D C:\Windows\W7SBC
2017-06-07 11:06 - 2017-03-24 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2017-06-07 11:06 - 2017-03-24 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-06-07 11:06 - 2017-03-23 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuranReciter
2017-06-07 11:06 - 2017-03-11 21:37 - 00000000 ____D C:\Windows\system32\athan
2017-06-07 11:06 - 2017-03-10 18:21 - 00000000 ____D C:\Program Files\Athan
2017-06-07 11:06 - 2017-02-25 04:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saint Ran 5 Class
2017-06-07 11:06 - 2017-02-21 07:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-06-07 11:06 - 2017-02-21 07:10 - 00000000 ____D C:\Program Files\iTunes
2017-06-07 11:06 - 2017-02-19 09:30 - 00000000 ____D C:\Program Files\Apple Software Update
2017-06-07 11:06 - 2017-02-19 09:29 - 00000000 ____D C:\Program Files\Bonjour
2017-06-07 11:06 - 2017-02-14 21:36 - 00000000 ____D C:\Users\rayman\AppData\Roaming\Rainmeter
2017-06-07 11:06 - 2017-02-14 21:36 - 00000000 ____D C:\Program Files\Rainmeter
2017-06-07 11:06 - 2017-02-12 16:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
2017-06-07 11:06 - 2017-02-12 16:58 - 00000000 ____D C:\Program Files\Cheat Engine 6.6
2017-06-07 11:06 - 2017-02-12 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Seven Theme
2017-06-07 11:06 - 2017-02-09 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microangelo On Display
2017-06-07 11:06 - 2017-02-09 22:16 - 00000000 ____D C:\Program Files\Microangelo On Display
2017-06-07 11:06 - 2017-02-09 15:05 - 00000000 ____D C:\Users\rayman\AppData\Roaming\AIMP
2017-06-07 11:06 - 2017-02-09 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
2017-06-07 11:06 - 2017-02-09 15:05 - 00000000 ____D C:\Program Files\AIMP
2017-06-07 11:06 - 2017-02-09 07:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-07 11:06 - 2017-02-08 23:59 - 00000000 ____D C:\Windows\system32\RTCOM
2017-06-07 11:06 - 2017-02-08 17:34 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-06-07 11:06 - 2017-02-08 06:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-06-07 11:06 - 2017-02-08 06:31 - 00000000 ____D C:\Program Files\WinRAR
2017-06-07 11:06 - 2017-02-07 07:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-06-07 11:06 - 2017-02-07 07:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2017-06-07 11:06 - 2017-02-06 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RF Theme Windows
2017-06-07 11:06 - 2009-07-14 12:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-06-07 11:06 - 2009-07-14 12:52 - 00000000 ____D C:\Program Files\Windows Sidebar
2017-06-07 11:06 - 2009-07-14 12:52 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-07 11:06 - 2009-07-14 12:52 - 00000000 ____D C:\Program Files\Windows Defender
2017-06-07 11:06 - 2009-07-14 12:52 - 00000000 ____D C:\Program Files\DVD Maker
2017-06-07 11:06 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\Setup
2017-06-07 11:06 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\com
2017-06-07 11:06 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2017-06-07 11:06 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system
2017-06-07 11:06 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\servicing
2017-06-07 04:06 - 2017-03-24 22:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-06 14:24 - 2017-05-09 19:07 - 00114126 _____ C:\Users\rayman\Downloads\CyberLink_PowerDirector_Ultimate_Suite_14.htm
2017-06-06 14:23 - 2017-04-18 23:25 - 00233623 _____ C:\Users\rayman\Documents\bookmarks_4_18_17.html
2017-06-06 14:23 - 2017-02-08 08:55 - 00230967 _____ C:\Users\rayman\Documents\PSO2 Skill Simulator.htm
2017-06-06 14:23 - 2017-02-08 08:55 - 00178719 _____ C:\Users\rayman\Documents\bookmarks_2_6_17.html
2017-06-05 03:41 - 2010-11-21 05:29 - 02755072 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2017-06-05 03:41 - 2009-07-14 07:40 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2017-06-05 03:41 - 2009-07-14 07:39 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\themeservice.dll
2017-06-04 11:53 - 2017-05-09 05:11 - 00000000 ____D C:\Program Files\Intel Driver Update Utility
2017-06-04 07:44 - 2017-02-07 07:31 - 00000000 ____D C:\Users\rayman\AppData\Roaming\.minecraft
2017-06-04 01:00 - 2017-02-08 15:35 - 00000000 ____D C:\Users\rayman\AppData\Local\ElevatedDiagnostics
2017-06-03 19:47 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\rescache
2017-06-03 14:52 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-06-02 20:48 - 2017-02-08 18:00 - 00000000 ____D C:\Users\rayman\AppData\Local\Google
2017-06-02 19:18 - 2017-02-08 20:47 - 00000000 ____D C:\Users\rayman\Downloads\Cleaner
2017-06-02 09:13 - 2017-03-22 07:42 - 00000000 ____D C:\Users\rayman\AppData\LocalLow\Mozilla
2017-06-02 05:39 - 2017-03-12 13:01 - 00000000 ___RD C:\Users\rayman\Documents\DDM Games
2017-06-02 05:39 - 2017-03-12 06:09 - 00000000 ___RD C:\Users\rayman\Documents\XtremeworkX
2017-06-02 05:39 - 2017-03-10 18:24 - 00000000 ___RD C:\Users\rayman\Documents\BabyRAN-En5
2017-06-02 05:39 - 2017-02-18 06:33 - 00000000 ___RD C:\Users\rayman\Documents\Private Programs
2017-06-02 05:39 - 2017-02-14 21:36 - 00000000 ___RD C:\Users\rayman\Documents\Rainmeter
2017-06-02 05:39 - 2017-02-08 08:55 - 00000000 ___RD C:\Users\rayman\Documents\WinAutomation
2017-06-02 05:39 - 2017-02-08 08:55 - 00000000 ___RD C:\Users\rayman\Documents\Stardock
2017-06-02 05:39 - 2017-02-08 08:55 - 00000000 ___RD C:\Users\rayman\Documents\SIP
2017-06-02 05:39 - 2017-02-08 08:55 - 00000000 ___RD C:\Users\rayman\Documents\DragonNest
2017-06-02 05:39 - 2017-02-08 08:55 - 00000000 ___RD C:\Users\rayman\Documents\Disney Interactive Studios
2017-06-02 05:39 - 2017-02-08 08:55 - 00000000 ___RD C:\Users\rayman\Documents\CAPCOM
2017-06-02 05:39 - 2017-02-08 08:53 - 00000000 ___RD C:\Users\rayman\Documents\SEGA
2017-06-02 05:39 - 2017-02-08 08:53 - 00000000 ___RD C:\Users\rayman\Documents\Scanned Documents
2017-06-02 05:39 - 2017-02-08 08:53 - 00000000 ___RD C:\Users\rayman\Documents\RanOnline
2017-06-02 05:39 - 2017-02-08 08:53 - 00000000 ___RD C:\Users\rayman\Documents\PSO2 Skill Simulator_files
2017-06-02 05:39 - 2017-02-08 08:53 - 00000000 ___RD C:\Users\rayman\Documents\OneNote Notebooks
2017-06-02 05:39 - 2017-02-08 08:53 - 00000000 ___RD C:\Users\rayman\Documents\NFS Undercover
2017-06-02 05:39 - 2017-02-08 08:53 - 00000000 ___RD C:\Users\rayman\Documents\NFS Most Wanted
2017-06-02 05:39 - 2017-02-08 08:53 - 00000000 ___RD C:\Users\rayman\Documents\My Cheat Tables
2017-06-02 05:39 - 2017-02-08 08:53 - 00000000 ___RD C:\Users\rayman\Documents\MicrosoftWorld
2017-06-02 05:39 - 2017-02-08 08:53 - 00000000 ___RD C:\Users\rayman\Documents\Java-prog
2017-06-02 05:39 - 2017-02-08 08:53 - 00000000 ___RD C:\Users\rayman\Documents\GTA San Andreas User Files
2017-06-02 05:39 - 2017-02-08 08:53 - 00000000 ___RD C:\Users\rayman\Documents\Fax
2017-05-30 11:11 - 2017-03-21 22:15 - 00000000 ____D C:\Windows\AutoKMS
2017-05-30 10:18 - 2017-03-21 22:14 - 00151552 _____ C:\Windows\KMSEmulator.exe
2017-05-30 03:36 - 2017-02-09 18:49 - 00000000 ____D C:\Windows\system32\directx
2017-05-29 11:46 - 2017-03-22 08:04 - 00000000 ____D C:\ProgramData\HitmanPro
2017-05-28 18:57 - 2017-04-02 21:26 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-05-28 18:57 - 2017-04-02 21:26 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-05-28 18:57 - 2017-02-23 19:51 - 00000000 ____D C:\Users\rayman\AppData\Local\Adobe
2017-05-28 08:35 - 2017-03-22 11:39 - 00007817 _____ C:\Windows\BROPT300.INI
2017-05-28 08:31 - 2017-02-07 19:42 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2017-05-28 07:29 - 2017-02-08 20:50 - 00000000 ____D C:\Users\rayman\Downloads\SHAREit
2017-05-25 19:46 - 2017-02-08 06:34 - 00000000 ___RD C:\Intel
2017-05-25 19:46 - 2009-07-14 10:37 - 00000000 ___RD C:\PerfLogs
2017-05-25 17:26 - 2017-02-08 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2017-05-23 21:30 - 2009-07-14 10:37 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-22 20:25 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\Cursors
2017-05-17 12:40 - 2017-04-06 22:19 - 00000000 ____D C:\Users\rayman\AppData\Local\Facebook
2017-05-16 15:21 - 2017-02-28 06:43 - 00000552 _____ C:\Users\rayman\AppData\Local\TroubleshooterConfig.json
2017-05-16 15:21 - 2017-02-28 06:33 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-05-14 20:51 - 2017-02-28 06:48 - 00000000 ____D C:\Users\rayman\AppData\Local\Troubleshooter
 
==================== Files in the root of some directories =======
 
2017-04-27 15:21 - 2015-08-02 06:41 - 0237056 _____ (Clarus, Inc.) C:\Users\rayman\AppData\Roaming\c731200
2017-02-09 00:22 - 2017-02-09 00:23 - 0005873 _____ () C:\Users\rayman\AppData\Local\HWVendorDetection.log
2017-02-14 21:43 - 2017-02-14 21:57 - 0007605 _____ () C:\Users\rayman\AppData\Local\Resmon.ResmonCfg
2017-02-28 06:43 - 2017-05-16 15:21 - 0000552 _____ () C:\Users\rayman\AppData\Local\TroubleshooterConfig.json
2017-06-05 22:05 - 2017-06-05 22:05 - 0045991 _____ () C:\ProgramData\agent.1496671537.bdinstall.bin
2017-06-06 03:38 - 2017-06-06 03:38 - 0028976 _____ () C:\ProgramData\agent.1496691509.bdinstall.bin
2017-06-06 03:39 - 2017-06-06 03:39 - 0001435 _____ () C:\ProgramData\agent.1496691586.bdinstall.bin
2017-06-06 03:48 - 2017-06-06 03:48 - 0046202 _____ () C:\ProgramData\agent.1496692116.bdinstall.bin
2017-06-06 13:12 - 2017-06-06 13:12 - 0029864 _____ () C:\ProgramData\agent.uninstall.1496725930.bdinstall.bin
2017-06-06 04:41 - 2017-06-06 04:41 - 0029399 _____ () C:\ProgramData\agent.update.1496695253.bdinstall.bin
2017-02-09 00:00 - 2017-02-09 00:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-05-22 14:46 - 2017-05-22 14:46 - 0000016 _____ () C:\ProgramData\mntemp
2017-05-02 09:10 - 2017-05-02 09:10 - 0000027 _____ () C:\ProgramData\serverclasscache.ini
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe
[2017-03-25 12:00] - [2016-08-29 22:55] - 2489856 _____ (Microsoft Corporation) 7515B445E817D78EBDF670647B19D720
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-12 09:56
 
==================== End of FRST.txt ============================

Edited by Eromanga, 13 June 2017 - 04:43 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:37 PM

Posted 14 June 2017 - 07:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Java Version 131 is installed. Remove this old version in bold via the Control Panel > Programs > Programs and Features.
Java SE Development Kit 8 Update 101 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180101}) (Version: 8.0.1010.13 - Oracle Corporation)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2779879247-1015564688-3869832789-1000\...\Run: [AdobeBridge] => [X]
HKLM\...\Providers\97h8zufu: C:\Program Files\Bozoty Agent\local32spl.dll
ShellExecuteHooks: No Name - {8BC2E310-EABD-11E6-9AFB-64006A5CFC23} - C:\Users\rayman\AppData\Roaming\Domety\Qekopy.dll -> No File
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR Extension: (Chrome Media Router) - C:\Users\rayman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-10]
CHR HKU\S-1-5-21-2779879247-1015564688-3869832789-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
S2 DAUMDVDMaker; rundll32.exe "C:\Program Files\DAUM\DAUMDVDMaker.dll",soeasy [X]
S2 StfokchaquyQumase; rundll32.exe "C:\Program Files\Qumase\StfokchaquyQumase.dll",soeasy [X]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 XDva535; \??\C:\Windows\system32\XDva535.sys [X]
S3 XDva536; \??\C:\Windows\system32\XDva536.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
Task: {2284144B-BEE9-4376-B22B-E2647F6A4CC1} - \AutoKMSDaily -> No File <==== ATTENTION
Task: {3FA38140-8739-467A-B035-4A980C39B67E} - \AutoKMS -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:40640B7D [116]
FirewallRules: [TCP Query User{524476EF-5584-4718-BA25-9BEA40CF4A49}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{A3B8877E-53BB-4D71-8B8B-3A7EDE7E5B2F}C:\windows\kmsemulator.exe] => (Block) C:\windows\kmsemulator.exe
FirewallRules: [TCP Query User{BD9BA5A2-564F-4E76-A930-FB62D5EEBEC1}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{56B8339F-C9B7-4F28-9677-95FA05AD7508}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe[/B]
C:\Program Files\Bozoty Agent
C:\windows\kmsemulator.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists do this scan.

Malwarebytes Anti-Rootkit

Please download [url=https://www.malwarebytes.com/antirootkit

Anti-Rootkit BETA and save it to your Desktop.
  • Right-click on the icon and select Run as administrator to start the extraction of the program;
  • Click Yes to accept the security warning that may appear;
  • Click OK to extract it to your Desktop (MBAR will be launched shortly after the extraction);
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
  • Once the scan is done, if threats are found, make sure that every item is checked, and click on the Cleanup button (a reboot might be required);
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt;
  • Please copy and paste the entire content of that log in your next reply;
If you have any problems running either one come back and let me know.
===

#3 Eromanga

Eromanga
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 15 June 2017 - 06:36 AM

Hello nasdaq thanks in advance for the help.

Java Version 131 (uninstalled)

Java SE Development Kit 8 Update 101 (uninstalled)

 Scanned Complete and restart.. and theirs a new in task manager Desktoplayer.exe is running now and iexplorer.exe is still in there

Attached Files


Edited by Eromanga, 15 June 2017 - 06:37 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:37 PM

Posted 15 June 2017 - 07:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,userinit.exe
c:\program files\microsoft\desktoplayer.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is it now?


Also, please run this search and post the result.

Please run the Farbar Recovery Scan Tool. Enter \desktoplayer.exe in the Search Box and hit the File Search button.
Post the content of the Search.txt;userinit.exe in your next reply.

#5 Eromanga

Eromanga
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 15 June 2017 - 02:14 PM

fixlist complete here is the fixlog.

 

and search complete here.

 

desktoplayer recreating it self again and but not running in task manager anymore but iexplorer is still running in the task manager.. 

when desktoplayer recreate my avast chest getting it. i add some SS

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:37 PM

Posted 16 June 2017 - 07:29 AM

Sorry there was an error in my previous request.

Please run the Farbar Recovery Scan Tool. Enter desktoplayer.exe;userinit.exe in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

This time lest also check what will find in the Registry.

Do this second search.
Please run the Farbar Recovery Scan Tool. Enter desktoplayer.exe;userinit.exe in the Search Box and hit the Search Registry button.
Post the content of the Search.txt in your next reply.

#7 Eromanga

Eromanga
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 16 June 2017 - 02:58 PM

Here's your request 

 

 

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:37 PM

Posted 17 June 2017 - 07:34 AM


Hi,

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"


Restart the computer when completed.

You can delete the fixme.reg file when done.

How is the computer running now?

#9 Eromanga

Eromanga
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 17 June 2017 - 02:55 PM

Hi Nasdaq..

it doesn't  change much.. to long to load when restart and Desktoplayer.exe still recreate it self and iexplorer.exe still running in task manager even do IE is not open..



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:37 PM

Posted 18 June 2017 - 06:56 AM

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
aswMBRScan.gif
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
  • There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Wait for further instructions.


#11 Eromanga

Eromanga
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 18 June 2017 - 08:19 AM

here is the results.
 
 
 
Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/18/2017 08:53:45 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Possibly Patched Files.
 
 * C:\Windows\Explorer.EXE
 * C:\Windows\explorer.exe
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
 * TBS [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * C:\Windows\System32\UxTheme.dll : 249,856 : 06/05/2017 03:41 AM : 5ae8fd64fc69a242c572968e1d4e6eb2 [NoSig]
 +-> C:\Windows\winsxs\x86_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_a5baf0f767e33083\uxtheme.dll : 249,856 : 07/14/2009 09:16 AM : 63bfdf555da2075a77d677829c3cccd0 [Pos Repl]
 
 * C:\Windows\explorer.exe : 2,489,856 : 08/29/2016 10:55 PM : 7515b445e817d78ebdf670647b19d720 [NoSig]
 +-> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe : 2,616,320 : 11/21/2010 05:29 AM : 40d777b7a95e00593eb1568c68514493 [Pos Repl]
 +-> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_5432df58f129e196\explorer.exe : 2,972,672 : 08/29/2016 10:55 PM : 6ddca324434ffa506cf7dc4e51db7935 [Pos Repl]
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  0.0.0.0 keystone.mwbsys.com
  0.0.0.0 serius.mwbsys.com
 
Program finished at: 06/18/2017 08:56:08 PM
Execution time: 0 hours(s), 2 minute(s), and 23 seconds(s)
 
 
 
 
 
 
 
 
 
 
TDSSKiller Scan
20:56:52.0244 0x165c  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
20:57:00.0633 0x165c  ============================================================
20:57:00.0633 0x165c  Current date / time: 2017/06/18 20:57:00.0633
20:57:00.0633 0x165c  SystemInfo:
20:57:00.0634 0x165c  
20:57:00.0634 0x165c  OS Version: 6.1.7601 ServicePack: 1.0
20:57:00.0634 0x165c  Product type: Workstation
20:57:00.0635 0x165c  ComputerName: RAYMAN-PC
20:57:00.0635 0x165c  UserName: rayman
20:57:00.0635 0x165c  Windows directory: C:\Windows
20:57:00.0635 0x165c  System windows directory: C:\Windows
20:57:00.0635 0x165c  Processor architecture: Intel x86
20:57:00.0635 0x165c  Number of processors: 4
20:57:00.0635 0x165c  Page size: 0x1000
20:57:00.0635 0x165c  Boot type: Normal boot
20:57:00.0636 0x165c  CodeIntegrityOptions = 0x00000000
20:57:00.0636 0x165c  ============================================================
20:57:03.0033 0x165c  KLMD registered as C:\Windows\system32\drivers\35417014.sys
20:57:03.0033 0x165c  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23677, osProperties = 0x0
20:57:03.0490 0x165c  System UUID: {6AFC6887-E7DC-D5CC-DB12-9091D5AADB18}
20:57:04.0808 0x165c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:57:04.0832 0x165c  ============================================================
20:57:04.0832 0x165c  \Device\Harddisk0\DR0:
20:57:04.0832 0x165c  MBR partitions:
20:57:04.0832 0x165c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3B8800
20:57:04.0848 0x165c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3B9800, BlocksNum 0xEA60000
20:57:04.0848 0x165c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xEE19A78, BlocksNum 0x12ECB588
20:57:04.0848 0x165c  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x21CE5000, BlocksNum 0x186A0000
20:57:04.0848 0x165c  ============================================================
20:57:04.0918 0x165c  E: <-> \Device\Harddisk0\DR0\Partition4
20:57:04.0991 0x165c  C: <-> \Device\Harddisk0\DR0\Partition3
20:57:05.0029 0x165c  A: <-> \Device\Harddisk0\DR0\Partition2
20:57:05.0072 0x165c  ============================================================
20:57:05.0073 0x165c  Initialize success
20:57:05.0073 0x165c  ============================================================
20:57:17.0038 0x0e44  ============================================================
20:57:17.0038 0x0e44  Scan started
20:57:17.0038 0x0e44  Mode: Manual; 
20:57:17.0038 0x0e44  ============================================================
20:57:17.0038 0x0e44  KSN ping started
20:57:19.0053 0x0e44  KSN ping finished: true
20:57:20.0758 0x0e44  ================ Scan system memory ========================
20:57:20.0758 0x0e44  System memory - ok
20:57:20.0759 0x0e44  ================ Scan services =============================
20:57:20.0893 0x0e44  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:57:20.0902 0x0e44  1394ohci - ok
20:57:20.0963 0x0e44  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:57:20.0976 0x0e44  ACPI - ok
20:57:21.0007 0x0e44  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:57:21.0010 0x0e44  AcpiPmi - ok
20:57:21.0140 0x0e44  [ 8D6BA8E7676038A27FD4ECF12CC744B0, F5D59B764DCB4A06A51939533DC7B2391FD68E3979C48939C023A60DCE0D2101 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:57:21.0145 0x0e44  AdobeARMservice - ok
20:57:21.0219 0x0e44  [ 7DE8B8AC559E16AEB388E7D098E7C288, 37F24B6182E3DE39BDE568304E5ED97CDE9CB45B6BF5C7A4096A09138C1D0B89 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:57:21.0230 0x0e44  AdobeFlashPlayerUpdateSvc - ok
20:57:21.0282 0x0e44  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:57:21.0306 0x0e44  adp94xx - ok
20:57:21.0351 0x0e44  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:57:21.0366 0x0e44  adpahci - ok
20:57:21.0380 0x0e44  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:57:21.0389 0x0e44  adpu320 - ok
20:57:21.0448 0x0e44  [ 39AEAECE9F42407F176FE130D790BFBE, 19010DF87BDC1884268098CC04B4B15ECB710C94054A57157C0F9B7A795BDB28 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:57:21.0452 0x0e44  AeLookupSvc - ok
20:57:21.0589 0x0e44  [ 93B49FA857F7036A4EFF32371F6E7391, B9B2867D9A80E7F028E9D7C6ABCB9EC5198ACE28CEE101C5A846666B356B2843 ] AFD             C:\Windows\system32\drivers\afd.sys
20:57:21.0605 0x0e44  AFD - ok
20:57:21.0652 0x0e44  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
20:57:21.0657 0x0e44  agp440 - ok
20:57:21.0685 0x0e44  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:57:21.0692 0x0e44  aic78xx - ok
20:57:21.0739 0x0e44  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
20:57:21.0744 0x0e44  ALG - ok
20:57:21.0778 0x0e44  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:57:21.0781 0x0e44  aliide - ok
20:57:21.0810 0x0e44  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:57:21.0815 0x0e44  amdagp - ok
20:57:21.0828 0x0e44  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:57:21.0831 0x0e44  amdide - ok
20:57:21.0847 0x0e44  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:57:21.0853 0x0e44  AmdK8 - ok
20:57:21.0877 0x0e44  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:57:21.0882 0x0e44  AmdPPM - ok
20:57:21.0939 0x0e44  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:57:21.0945 0x0e44  amdsata - ok
20:57:21.0971 0x0e44  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:57:21.0980 0x0e44  amdsbs - ok
20:57:22.0006 0x0e44  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:57:22.0009 0x0e44  amdxata - ok
20:57:22.0053 0x0e44  [ 2803361B68FFCA70D84DE3C2BEC54419, D7756BAC8542C9EEA29BA1365A234956881E697A70651BC2A07CE9CDBF4FD263 ] AppID           C:\Windows\system32\drivers\appid.sys
20:57:22.0057 0x0e44  AppID - ok
20:57:22.0083 0x0e44  [ 4D6A7156203A1BB3FD60766E71FC347D, 8E3C17181B74ED1E9CCCBE1F100F431207CC0328F7CA4BE58DB063FAD3A5073A ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:57:22.0087 0x0e44  AppIDSvc - ok
20:57:22.0106 0x0e44  [ 5EDA6BA186D1B05D5EF4E96F81F3F3EF, B815998ED90E4AC8F4394992082E1F05076CA07C868A15E616C291DCAAF8A000 ] Appinfo         C:\Windows\System32\appinfo.dll
20:57:22.0110 0x0e44  Appinfo - ok
20:57:22.0258 0x0e44  [ 82812A27B150D765D03B0074A8257259, C463B96F9AA8CC777AE06807D406014C39B327D29DB98F4F26B5BC90D3F4E2E4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:57:22.0319 0x0e44  Apple Mobile Device - ok
20:57:22.0513 0x0e44  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:57:22.0521 0x0e44  AppMgmt - ok
20:57:22.0555 0x0e44  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
20:57:22.0561 0x0e44  arc - ok
20:57:22.0606 0x0e44  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:57:22.0612 0x0e44  arcsas - ok
20:57:22.0692 0x0e44  [ F6922183F22406BA661D0B45A478DAC9, EE64C2009FB28C2306761C6D938E07D07A843D0F7663F1E85A1F1A9DDF6771A0 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:57:22.0696 0x0e44  aspnet_state - ok
20:57:23.0074 0x0e44  [ 3884068236B2A0D18A93B06B165DB4D7, 6CF0EEA93F4B6C5F314246A4EC889EA28DED1A6008B889BB13E3A0B5B9FE8B38 ] aswbIDSAgent    C:\Program Files\AVAST Software\Avast\aswidsagent.exe
20:57:23.0347 0x0e44  aswbIDSAgent - ok
20:57:23.0415 0x0e44  [ 9635A4EDD2CE4FF5EF0F17260AF77796, 908569940F5724E3565CF3178754107BAFD76F30A6797197C1AF0B9DA51D25E1 ] aswbidsdriver   C:\Windows\system32\drivers\aswbidsdriverx.sys
20:57:23.0428 0x0e44  aswbidsdriver - ok
20:57:23.0462 0x0e44  [ A0B577D535ECAB12A7EC9E99930D5BDE, 48C404E0EFBDBC40FCF2684E65379F930E4BC37C3F7EF9559F7F7890D788FE14 ] aswbidsh        C:\Windows\system32\drivers\aswbidshx.sys
20:57:23.0470 0x0e44  aswbidsh - ok
20:57:23.0498 0x0e44  [ A276EE33D3B1AF0BF4E945F4D7FDEDED, 15F896BD6CCB8C2C9CE82EC34E24522F3BA03CD1F8C8CBD408F4CC97A18BBFFC ] aswblog         C:\Windows\system32\drivers\aswblogx.sys
20:57:23.0511 0x0e44  aswblog - ok
20:57:23.0534 0x0e44  [ 95051C90F87D302F0AFB1A39F158204E, BC42D4EDAF04B3C9D329B98A66E3BB9CC573A9DDEAD02A106FF93D04E95BAC4B ] aswbuniv        C:\Windows\system32\drivers\aswbunivx.sys
20:57:23.0538 0x0e44  aswbuniv - ok
20:57:23.0573 0x0e44  [ 696854F7A7220212B19AF4437EE62DAE, C5DD820D0BBDD3596BF3358F01D4521A305D7C487D43D2221B84B235ED853BAC ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
20:57:23.0576 0x0e44  aswHwid - ok
20:57:23.0601 0x0e44  [ DE04CE53CC6CCF9E6083EA2D6A82EDE7, A34655563AD8AC654B965E89E2666E36C3A7E1CEC775E9980E51B5C0983F703D ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
20:57:23.0605 0x0e44  aswKbd - ok
20:57:23.0625 0x0e44  [ 77BF6097D3E2A51745516060ADFA2C28, 9E90AEBF572CCEEF13CBD40A912CF487A9BA521140EF77AC5C369405AA2FA5DF ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
20:57:23.0631 0x0e44  aswMonFlt - ok
20:57:23.0674 0x0e44  [ 110AA1FEF89E2299039A1B1D2201C02D, C93B372F91595C06DC67CC2AFCD21AAD0AB83443EA8F193B696DDC47BC3D0BEC ] aswNetNd6       C:\Windows\system32\DRIVERS\aswNetNd6.sys
20:57:23.0677 0x0e44  aswNetNd6 - ok
20:57:23.0746 0x0e44  [ 85CEACCBB0F9BC2AC4304660E104A7F4, 6AFE66B199C5982C608D0BE7661CEBC217035240F523E86A8E5BD01D57FD7ACE ] aswNetSec       C:\Windows\system32\drivers\aswNetSec.sys
20:57:23.0780 0x0e44  aswNetSec - ok
20:57:23.0818 0x0e44  [ 8E8BEAEDE1CD8DAA16B7E30B488036D2, 4B1F689724932115C8E0BC9D6B39E8A6A14908B319221001A5A4581EE86D2A2C ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
20:57:23.0824 0x0e44  aswRdr - ok
20:57:23.0837 0x0e44  [ 84D096A4F4068D0DB870BB1506A5CBA1, 56582B9381822C20C4FBE2FB8BF58CAC2AA17A9196AE36DA1FC5E30788A1AE75 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
20:57:23.0842 0x0e44  aswRvrt - ok
20:57:23.0913 0x0e44  [ 7322AA4781AE307803E52F6B058D9235, CCC0B0442EAB322437541E964B13925DE97F84661DA195A240E13D762EA57233 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
20:57:23.0968 0x0e44  aswSnx - ok
20:57:24.0015 0x0e44  [ 51899919FDF36770A15186DB241AF253, 00C72C693C3851DA23E2FDDF7961BA7FFD96EA89812E70C148ECFECFD50E893D ] aswSP           C:\Windows\system32\drivers\aswSP.sys
20:57:24.0050 0x0e44  aswSP - ok
20:57:24.0070 0x0e44  [ 5D4CF2186F7D3058917D04AE4A183111, DA5F6542E16E5AC9D885F9507B7FC8CAB98156C17316106297B32E06D8BBA3FE ] aswStm          C:\Windows\system32\drivers\aswStm.sys
20:57:24.0077 0x0e44  aswStm - ok
20:57:24.0105 0x0e44  [ AC425922F6C3BC3AB8F32CE021F26E1F, 0225BB8E3C43DF9F4311B884A90B06230A2D00B2FB55595ACFA1D551501E3A44 ] aswTap          C:\Windows\system32\DRIVERS\aswTap.sys
20:57:24.0109 0x0e44  aswTap - ok
20:57:24.0142 0x0e44  [ E1CC7A2FA9F5A186FF2E1AE64C5F930A, C4C4C88D9D08C1FEFF09B76C909929BFC7233509D2ECD3ADCE4B9E84BDE318AC ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
20:57:24.0156 0x0e44  aswVmm - ok
20:57:24.0176 0x0e44  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:57:24.0180 0x0e44  AsyncMac - ok
20:57:24.0195 0x0e44  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:57:24.0197 0x0e44  atapi - ok
20:57:24.0375 0x0e44  [ 8D1EB98F26DECC783A75C9899B2B8458, F73EF8110AB2851D89C811B567A82584A1ED0A4FC89FE7AD74A6664C2A7119AF ] athr            C:\Windows\system32\DRIVERS\athr.sys
20:57:24.0537 0x0e44  athr - ok
20:57:24.0605 0x0e44  [ 4F1E405154D2E68E6ACC3FE07DE02E93, 83FAB4E92B87E8C46BF39DD7556D2F7DCE0AD1E4C9C09ED12C428B82FAD03BDE ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:57:24.0640 0x0e44  AudioEndpointBuilder - ok
20:57:24.0665 0x0e44  [ 4F1E405154D2E68E6ACC3FE07DE02E93, 83FAB4E92B87E8C46BF39DD7556D2F7DCE0AD1E4C9C09ED12C428B82FAD03BDE ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:57:24.0684 0x0e44  Audiosrv - ok
20:57:24.0717 0x0e44  [ D961A7C05A76302E782B1B0CF6546BA7, DAE7481B4FFC0746944213D10EF59C21BBA9937138D660E72E63F43BCDC1F799 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:57:24.0730 0x0e44  avast! Antivirus - ok
20:57:24.0792 0x0e44  [ FCE853F74DED74D58D2D5C477429F36A, D422278D70C487AA7E262A83A32EBF358A657254D299655F28BC909CFE75E4A2 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
20:57:24.0813 0x0e44  avast! Firewall - ok
20:57:24.0863 0x0e44  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:57:24.0870 0x0e44  AxInstSV - ok
20:57:24.0922 0x0e44  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
20:57:24.0946 0x0e44  b06bdrv - ok
20:57:24.0974 0x0e44  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
20:57:24.0985 0x0e44  b57nd60x - ok
20:57:25.0010 0x0e44  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
20:57:25.0016 0x0e44  BDESVC - ok
20:57:25.0036 0x0e44  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:57:25.0038 0x0e44  Beep - ok
20:57:25.0082 0x0e44  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
20:57:25.0116 0x0e44  BFE - ok
20:57:25.0163 0x0e44  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
20:57:25.0209 0x0e44  BITS - ok
20:57:25.0230 0x0e44  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:57:25.0234 0x0e44  blbdrive - ok
20:57:25.0286 0x0e44  [ 5EA9C80F18CBC393EA7D9A2991DED4B5, 7E5EB1CE44FEBE93686174058D51581FA00BDFF0EBB84BD74BC08F6386019253 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:57:25.0320 0x0e44  Bonjour Service - ok
20:57:25.0346 0x0e44  [ 28AF7D4427868B7CE4C00CAB1864C7F6, AAE5303878AF0F7AA18069A8FCD99639EBC34622B456AF86C5E4F27858196E06 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:57:25.0351 0x0e44  bowser - ok
20:57:25.0380 0x0e44  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:57:25.0383 0x0e44  BrFiltLo - ok
20:57:25.0392 0x0e44  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:57:25.0395 0x0e44  BrFiltUp - ok
20:57:25.0431 0x0e44  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
20:57:25.0437 0x0e44  Browser - ok
20:57:25.0468 0x0e44  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:57:25.0481 0x0e44  Brserid - ok
20:57:25.0501 0x0e44  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:57:25.0506 0x0e44  BrSerWdm - ok
20:57:25.0520 0x0e44  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:57:25.0523 0x0e44  BrUsbMdm - ok
20:57:25.0537 0x0e44  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:57:25.0540 0x0e44  BrUsbSer - ok
20:57:25.0635 0x0e44  [ 0471D5669F18C50E552B2BC0CB15E7B3, 472F471FF9E5A1FDD5610BAC2F5E727AB284B7B5A71C4E515D549667F0B5EB86 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
20:57:25.0648 0x0e44  BrYNSvc - ok
20:57:25.0708 0x0e44  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
20:57:25.0711 0x0e44  BthEnum - ok
20:57:25.0729 0x0e44  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:57:25.0734 0x0e44  BTHMODEM - ok
20:57:25.0749 0x0e44  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:57:25.0755 0x0e44  BthPan - ok
20:57:25.0798 0x0e44  [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
20:57:25.0821 0x0e44  BTHPORT - ok
20:57:25.0883 0x0e44  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
20:57:25.0888 0x0e44  bthserv - ok
20:57:25.0913 0x0e44  [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
20:57:25.0918 0x0e44  BTHUSB - ok
20:57:25.0947 0x0e44  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:57:25.0952 0x0e44  cdfs - ok
20:57:26.0015 0x0e44  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:57:26.0021 0x0e44  cdrom - ok
20:57:26.0054 0x0e44  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:57:26.0060 0x0e44  CertPropSvc - ok
20:57:26.0088 0x0e44  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:57:26.0092 0x0e44  circlass - ok
20:57:26.0125 0x0e44  [ 1136E4A71849BCFCB057140AD03AAEE6, 9A9615F33E475039382E452052040C21EFA9C6669FB4E95D466C014FCAEF4D74 ] CLFS            C:\Windows\system32\CLFS.sys
20:57:26.0138 0x0e44  CLFS - ok
20:57:26.0204 0x0e44  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:57:26.0209 0x0e44  clr_optimization_v2.0.50727_32 - ok
20:57:26.0241 0x0e44  [ BD2AE15EFB47E5215B4D0C59EA00C91A, E2A3FB8B606E55E843958B93EE6A5FDCE6FB4AAA6BEFD2F030BAA91ED4B5B013 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:57:26.0248 0x0e44  clr_optimization_v4.0.30319_32 - ok
20:57:26.0276 0x0e44  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:57:26.0279 0x0e44  CmBatt - ok
20:57:26.0308 0x0e44  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:57:26.0311 0x0e44  cmdide - ok
20:57:26.0350 0x0e44  [ 7F7D4B16389CEF932950F6B2604D2601, E7C32734DAA75A00866A0F961C945BF7CC7A29D3A9806041D0046BC9FD3ACC5A ] CNG             C:\Windows\system32\Drivers\cng.sys
20:57:26.0382 0x0e44  CNG - ok
20:57:26.0414 0x0e44  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:57:26.0418 0x0e44  Compbatt - ok
20:57:26.0442 0x0e44  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:57:26.0445 0x0e44  CompositeBus - ok
20:57:26.0467 0x0e44  COMSysApp - ok
20:57:26.0521 0x0e44  [ 5EC2BA2CC5A8A501ED11724C1F26255F, 5B21753CA38D244A8B29910FF508F72989E6CC35B429EDF0DFBDEE40532D58AC ] cphs            C:\Windows\system32\IntelCpHeciSvc.exe
20:57:26.0555 0x0e44  cphs - ok
20:57:26.0575 0x0e44  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:57:26.0578 0x0e44  crcdisk - ok
20:57:26.0618 0x0e44  [ 348B3A4DD922F590EB39DB231F7AEE4D, 62341BBB263E8E72436FE008E2645692712C2143964D67CE38D58F47F5DEA8B1 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:57:26.0626 0x0e44  CryptSvc - ok
20:57:26.0671 0x0e44  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
20:57:26.0705 0x0e44  CSC - ok
20:57:26.0746 0x0e44  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
20:57:26.0781 0x0e44  CscService - ok
20:57:26.0821 0x0e44  [ 1F54F58D7FA2B3442084E32CDE5E309E, F0D8124E7C9ADC88BD8C53646F2499CDB3D2105DA7C4D28F3D26F313859B3D32 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:57:26.0843 0x0e44  DcomLaunch - ok
20:57:26.0874 0x0e44  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
20:57:26.0887 0x0e44  defragsvc - ok
20:57:26.0926 0x0e44  [ EA9DBD76CE9254C77BAAB4339DD4C4FB, ECEE6EB8CFE1BD20BC7B6ED29A1624DDC3E22A37A56BA43B9B14E37D4003B72D ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:57:26.0932 0x0e44  DfsC - ok
20:57:26.0969 0x0e44  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:57:26.0991 0x0e44  Dhcp - ok
20:57:27.0086 0x0e44  [ 58F9BFBAE3C25D1A349DF0C6ECE8F9DF, FF1CFC9B323BCE2CFC06F9B2A98A29396832134FD61A570C1971A7240899E526 ] DiagTrack       C:\Windows\system32\diagtrack.dll
20:57:27.0142 0x0e44  DiagTrack - ok
20:57:27.0167 0x0e44  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
20:57:27.0171 0x0e44  discache - ok
20:57:27.0199 0x0e44  [ B7B470F163002A0D0E381EE45834BF6B, 5B5E204341A6B1689C3F8717C41782B1A077A026F8B19DA3DE08CA44AB1D95B2 ] Disk            C:\Windows\system32\drivers\disk.sys
20:57:27.0203 0x0e44  Disk - ok
20:57:27.0225 0x0e44  [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
20:57:27.0230 0x0e44  dmvsc - ok
20:57:27.0273 0x0e44  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:57:27.0282 0x0e44  Dnscache - ok
20:57:27.0319 0x0e44  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:57:27.0394 0x0e44  dot3svc - ok
20:57:27.0443 0x0e44  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
20:57:27.0453 0x0e44  DPS - ok
20:57:27.0502 0x0e44  [ A3F684B866A7D89AE396276CE7AFD416, 1E4C034B7B106FA403B13842A199D88A33B492A577B58CDDAE0B4706266B9565 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:57:27.0530 0x0e44  drmkaud - ok
20:57:27.0585 0x0e44  [ 4B21D102E49E9D44C478D6766A7FCBE5, 7CEEBCF81EE23876F039ED1222020D6F45FE6B3A5CE3BB93DDA3B8BBEAA15E47 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:57:27.0642 0x0e44  DXGKrnl - ok
20:57:27.0689 0x0e44  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
20:57:27.0698 0x0e44  EapHost - ok
20:57:27.0877 0x0e44  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
20:57:28.0035 0x0e44  ebdrv - ok
20:57:28.0075 0x0e44  [ 083D9DCFFF8C71BF0797535C85C24492, 9956283C0E507EF9D8D6FD994A82EEC5916B117915AC1DC9932DCA36C8231186 ] EFS             C:\Windows\System32\lsass.exe
20:57:28.0082 0x0e44  EFS - ok
20:57:28.0151 0x0e44  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:57:28.0186 0x0e44  ehRecvr - ok
20:57:28.0200 0x0e44  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
20:57:28.0206 0x0e44  ehSched - ok
20:57:28.0268 0x0e44  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:57:28.0302 0x0e44  elxstor - ok
20:57:28.0321 0x0e44  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:57:28.0323 0x0e44  ErrDev - ok
20:57:28.0391 0x0e44  [ 4D6E409B7A0441206127BDA32D4652E9, 87BFC5B0DCB0E4ECC3BFDE3F127FE6BCFEF553ED9F07FDD3C88D59BE83BBDCB5 ] ESProtectionDriver C:\Windows\system32\drivers\mbae.sys
20:57:28.0395 0x0e44  ESProtectionDriver - ok
20:57:28.0436 0x0e44  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
20:57:28.0450 0x0e44  EventSystem - ok
20:57:28.0478 0x0e44  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:57:28.0485 0x0e44  exfat - ok
20:57:28.0513 0x0e44  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:57:28.0520 0x0e44  fastfat - ok
20:57:28.0573 0x0e44  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
20:57:28.0608 0x0e44  Fax - ok
20:57:28.0628 0x0e44  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\drivers\fdc.sys
20:57:28.0631 0x0e44  fdc - ok
20:57:28.0649 0x0e44  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
20:57:28.0654 0x0e44  fdPHost - ok
20:57:28.0671 0x0e44  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:57:28.0676 0x0e44  FDResPub - ok
20:57:28.0699 0x0e44  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:57:28.0704 0x0e44  FileInfo - ok
20:57:28.0721 0x0e44  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:57:28.0724 0x0e44  Filetrace - ok
20:57:28.0741 0x0e44  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:57:28.0744 0x0e44  flpydisk - ok
20:57:28.0773 0x0e44  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:57:28.0784 0x0e44  FltMgr - ok
20:57:28.0842 0x0e44  [ 46D1195D74B0FBFF6C57916F48F41E38, 4FA734B358F288BB806610A706755C2BF89C276B12932309505486EDBB4F31CD ] FontCache       C:\Windows\system32\FntCache.dll
20:57:28.0899 0x0e44  FontCache - ok
20:57:28.0958 0x0e44  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:57:28.0961 0x0e44  FontCache3.0.0.0 - ok
20:57:28.0982 0x0e44  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:57:28.0986 0x0e44  FsDepends - ok
20:57:29.0011 0x0e44  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:57:29.0014 0x0e44  Fs_Rec - ok
20:57:29.0064 0x0e44  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:57:29.0074 0x0e44  fvevol - ok
20:57:29.0107 0x0e44  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:57:29.0112 0x0e44  gagp30kx - ok
20:57:29.0160 0x0e44  [ 8DA745095F6B73BB5B8266BF773DA1FA, 3EA614A9B8D4F61704A8754B014C8F6AC60551435BC4D9F2E761955905DA89F3 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:57:29.0195 0x0e44  gpsvc - ok
20:57:29.0220 0x0e44  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:57:29.0224 0x0e44  hcw85cir - ok
20:57:29.0273 0x0e44  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:57:29.0294 0x0e44  HdAudAddService - ok
20:57:29.0323 0x0e44  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:57:29.0330 0x0e44  HDAudBus - ok
20:57:29.0343 0x0e44  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:57:29.0346 0x0e44  HidBatt - ok
20:57:29.0362 0x0e44  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:57:29.0368 0x0e44  HidBth - ok
20:57:29.0395 0x0e44  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:57:29.0399 0x0e44  HidIr - ok
20:57:29.0429 0x0e44  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
20:57:29.0436 0x0e44  hidserv - ok
20:57:29.0465 0x0e44  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:57:29.0468 0x0e44  HidUsb - ok
20:57:29.0490 0x0e44  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:57:29.0500 0x0e44  hkmsvc - ok
20:57:29.0527 0x0e44  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:57:29.0549 0x0e44  HomeGroupListener - ok
20:57:29.0588 0x0e44  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:57:29.0611 0x0e44  HomeGroupProvider - ok
20:57:29.0652 0x0e44  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:57:29.0657 0x0e44  HpSAMD - ok
20:57:29.0711 0x0e44  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:57:29.0758 0x0e44  HTTP - ok
20:57:29.0772 0x0e44  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:57:29.0775 0x0e44  hwpolicy - ok
20:57:29.0815 0x0e44  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:57:29.0821 0x0e44  i8042prt - ok
20:57:29.0887 0x0e44  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:57:29.0909 0x0e44  iaStorV - ok
20:57:29.0962 0x0e44  [ A77695A8DA81C6ACBBC091295B4D3478, 95DABAA03B6E3C99AD16851387EF6AC2401333C09D997756B5C104FF3E33835C ] IDMWFP          C:\Windows\system32\DRIVERS\idmwfp.sys
20:57:29.0971 0x0e44  IDMWFP - ok
20:57:30.0051 0x0e44  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:57:30.0097 0x0e44  idsvc - ok
20:57:30.0117 0x0e44  IEEtwCollectorService - ok
20:57:30.0281 0x0e44  [ CDAEA264A9D8E43C872530D2BE586BC8, 87BB6545E0F96AFCEF2EDE7E5DFA18FED9CA7356079E17C6ACEFB4C41B67F15F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
20:57:30.0427 0x0e44  igfx - ok
20:57:30.0555 0x0e44  [ D94D51682D3BF160B3A981C5B68B8E36, 98F508428F1D26293DA81AB13DF4E31CEBD21A9CC48FDB940302CBC9A9C71BFA ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
20:57:30.0570 0x0e44  igfxCUIService1.0.0.0 - ok
20:57:30.0614 0x0e44  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:57:30.0618 0x0e44  iirsp - ok
20:57:30.0681 0x0e44  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:57:30.0728 0x0e44  IKEEXT - ok
20:57:30.0907 0x0e44  [ 19B572DD46F038509846589DCB702B19, C887F184665F04AC3C02CB154D428E47917BBAD50295166C53BA03265092ABAB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:57:31.0066 0x0e44  IntcAzAudAddService - ok
20:57:31.0126 0x0e44  [ D01C750421277EDAD729CDE1FA3BF36C, 90D297D887E6139E1C496A6F024781AEF456AB913D7AB69E4952B5AFA75041F6 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
20:57:31.0160 0x0e44  IntcDAud - ok
20:57:31.0255 0x0e44  [ 72CA1CBD58509FB68330D7C245B7F1CC, EE49C85E8EF0BF182B9534522F2CEEB6A2A12A685163E1D70DA975E08598460E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
20:57:31.0290 0x0e44  Intel® Capability Licensing Service Interface - ok
20:57:31.0356 0x0e44  [ 3ED77CA5E6992767D6EE838E158D0435, B1FC125CA62EB6B0002019409751B12551D373EB894CC36E4DB01B6C6FAA0E72 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
20:57:31.0446 0x0e44  Intel® Capability Licensing Service TCP IP Interface - ok
20:57:31.0502 0x0e44  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:57:31.0531 0x0e44  intelide - ok
20:57:31.0578 0x0e44  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:57:31.0582 0x0e44  intelppm - ok
20:57:31.0633 0x0e44  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:57:31.0642 0x0e44  IPBusEnum - ok
20:57:31.0694 0x0e44  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:57:31.0698 0x0e44  IpFilterDriver - ok
20:57:31.0740 0x0e44  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:57:31.0809 0x0e44  iphlpsvc - ok
20:57:31.0852 0x0e44  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:57:31.0857 0x0e44  IPMIDRV - ok
20:57:31.0878 0x0e44  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:57:31.0885 0x0e44  IPNAT - ok
20:57:31.0973 0x0e44  [ 8AE11E59B56A064E5AA41063457D3058, 993A4E490FFFDC6571DCDF9A8C2D4773F0E6228FACFBB985EF5392AEF9871141 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:57:32.0008 0x0e44  iPod Service - ok
20:57:32.0030 0x0e44  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:57:32.0033 0x0e44  IRENUM - ok
20:57:32.0055 0x0e44  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:57:32.0060 0x0e44  isapnp - ok
20:57:32.0093 0x0e44  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:57:32.0105 0x0e44  iScsiPrt - ok
20:57:32.0140 0x0e44  [ EC69BDFABF2CE67408DB38B387DCD275, 3F0C2AEE9DB73A332289B49CC8C524A2B719FF13EC80E2EAA7BB7E4B574C60B7 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
20:57:32.0144 0x0e44  iusb3hcs - ok
20:57:32.0181 0x0e44  [ 6AF307C68939744D21E27C917D442758, 4B2CA0B04786A1B2294579628A3575D6C1D51544EB20D5188F819DE1E42E65CA ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
20:57:32.0215 0x0e44  iusb3hub - ok
20:57:32.0269 0x0e44  [ EC5EA597986CD754C70BCCB88D3BDCB2, 9397185358C552007863E838C446440223093F2B26278C2019AD0B851AD73FE8 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
20:57:32.0315 0x0e44  iusb3xhc - ok
20:57:32.0341 0x0e44  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:57:32.0345 0x0e44  kbdclass - ok
20:57:32.0382 0x0e44  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:57:32.0385 0x0e44  kbdhid - ok
20:57:32.0403 0x0e44  [ 083D9DCFFF8C71BF0797535C85C24492, 9956283C0E507EF9D8D6FD994A82EEC5916B117915AC1DC9932DCA36C8231186 ] KeyIso          C:\Windows\system32\lsass.exe
20:57:32.0411 0x0e44  KeyIso - ok
20:57:32.0454 0x0e44  [ E60EC294C18BAD5812309DCDCC5AE8E4, 273D69467F34447C687FF59D05C68BCD861F8BD13EA9D336A8F9056C9FA38D97 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:57:32.0459 0x0e44  KSecDD - ok
20:57:32.0472 0x0e44  [ 58097853B579B12601CABACD5176A944, D9DEA1AF3929ABE4D1AF49906E9E501E222A9E376412C4FBC8E7ECF97D0FF8F7 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:57:32.0480 0x0e44  KSecPkg - ok
20:57:32.0528 0x0e44  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:57:32.0573 0x0e44  KtmRm - ok
20:57:32.0616 0x0e44  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:57:32.0650 0x0e44  LanmanServer - ok
20:57:32.0679 0x0e44  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:57:32.0694 0x0e44  LanmanWorkstation - ok
20:57:32.0743 0x0e44  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:57:32.0747 0x0e44  lltdio - ok
20:57:32.0782 0x0e44  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:57:32.0804 0x0e44  lltdsvc - ok
20:57:32.0850 0x0e44  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:57:32.0859 0x0e44  lmhosts - ok
20:57:32.0903 0x0e44  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:57:32.0910 0x0e44  LSI_FC - ok
20:57:32.0954 0x0e44  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:57:32.0960 0x0e44  LSI_SAS - ok
20:57:32.0976 0x0e44  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:57:32.0981 0x0e44  LSI_SAS2 - ok
20:57:33.0005 0x0e44  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:57:33.0012 0x0e44  LSI_SCSI - ok
20:57:33.0041 0x0e44  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:57:33.0047 0x0e44  luafv - ok
20:57:33.0096 0x0e44  [ 5B207453D7910D1992F4760FE4983658, A35C0B58CA317BC4247CD6F2A35D4B8897B255588DAAC9E5C9576C326333F231 ] MBAMChameleon   C:\Windows\system32\drivers\MBAMChameleon.sys
20:57:33.0107 0x0e44  MBAMChameleon - ok
20:57:33.0155 0x0e44  [ C44EB07967016BA75C4F4C0109F3E7D0, F26222109C692D8490895CAC1428ACC794DA9BD58851F3D31A27E30562D23C8F ] MBAMFarflt      C:\Windows\system32\drivers\farflt.sys
20:57:33.0164 0x0e44  MBAMFarflt - ok
20:57:33.0217 0x0e44  [ D9351F554ED0784764DB0564186906AE, C7DC59A8D528A9A2FCF592D20C20B40D4315B1C09E82A4C1D0B5C6807E8E7338 ] MBAMProtection  C:\Windows\system32\drivers\mbam.sys
20:57:33.0223 0x0e44  MBAMProtection - ok
20:57:33.0473 0x0e44  [ ADED0E73F165B8353690F8055A51154D, BEED269D09723FE13A27A494E5CA9A0555142AE7647C97EB3E2C7AA111633A20 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
20:57:33.0592 0x0e44  MBAMService - ok
20:57:33.0637 0x0e44  [ 56E4DE5761F5313CCD82A89815FFA716, 5BBA2085B3C0A56CE2A5FB82ABF6468C742918B7C9003C0F07B10BED04C4EDFA ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
20:57:33.0649 0x0e44  MBAMSwissArmy - ok
20:57:33.0682 0x0e44  [ FFF76C0B8F68EF5D4A4CF138342E1187, 281D27E9E20594B22B194ADF402CD6896F4C8CE3140E53AE26BF035C7C000909 ] MBAMWebProtection C:\Windows\system32\drivers\mwac.sys
20:57:33.0688 0x0e44  MBAMWebProtection - ok
20:57:33.0715 0x0e44  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:57:33.0725 0x0e44  Mcx2Svc - ok
20:57:33.0747 0x0e44  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:57:33.0752 0x0e44  megasas - ok
20:57:33.0780 0x0e44  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:57:33.0792 0x0e44  MegaSR - ok
20:57:33.0849 0x0e44  Microsoft SharePoint Workspace Audit Service - ok
20:57:33.0872 0x0e44  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
20:57:33.0881 0x0e44  MMCSS - ok
20:57:33.0900 0x0e44  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
20:57:33.0904 0x0e44  Modem - ok
20:57:33.0931 0x0e44  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:57:33.0935 0x0e44  monitor - ok
20:57:33.0964 0x0e44  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:57:33.0968 0x0e44  mouclass - ok
20:57:33.0990 0x0e44  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:57:33.0994 0x0e44  mouhid - ok
20:57:34.0021 0x0e44  [ D1BDF813C9FE5ED53134EDF360927735, 0FC422513A9C98C32A90C7C5B2635DA6104C6425A2E2A8746B110A07AFB1B539 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:57:34.0027 0x0e44  mountmgr - ok
20:57:34.0047 0x0e44  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:57:34.0057 0x0e44  mpio - ok
20:57:34.0088 0x0e44  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:57:34.0094 0x0e44  mpsdrv - ok
20:57:34.0147 0x0e44  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:57:34.0193 0x0e44  MpsSvc - ok
20:57:34.0229 0x0e44  [ 06AC0310138E4B2C35AF7344D18BC686, FCDB6CC851EC47F92FFF764717A44FF5D5D0E179C215B3C6E77FB9BEA4DE1908 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:57:34.0236 0x0e44  MRxDAV - ok
20:57:34.0281 0x0e44  [ E3DFD23D6205F839BFB946392A0CC347, 3927C97E4375C379C6A73E6009497054EE6170AE7BFD1D7FC9C04C1F2ADE6F37 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:57:34.0289 0x0e44  mrxsmb - ok
20:57:34.0329 0x0e44  [ A81652F841CBE168E605859591424070, 6DDE8694F1931E258FC490E7B8DB5FD79EADDED335F558C24C59D37A637D5653 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:57:34.0340 0x0e44  mrxsmb10 - ok
20:57:34.0358 0x0e44  [ 5FEE87B90B3778F7EAD695E700ABE7AF, 5B4C5FFB48CB3BAFDCA931398643F4783E95DAA164B41C4E7DD12EB3EBB091D9 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:57:34.0365 0x0e44  mrxsmb20 - ok
20:57:34.0386 0x0e44  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:57:34.0389 0x0e44  msahci - ok
20:57:34.0423 0x0e44  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:57:34.0430 0x0e44  msdsm - ok
20:57:34.0450 0x0e44  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
20:57:34.0463 0x0e44  MSDTC - ok
20:57:34.0483 0x0e44  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:57:34.0487 0x0e44  Msfs - ok
20:57:34.0499 0x0e44  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:57:34.0502 0x0e44  mshidkmdf - ok
20:57:34.0519 0x0e44  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:57:34.0522 0x0e44  msisadrv - ok
20:57:34.0558 0x0e44  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:57:34.0569 0x0e44  MSiSCSI - ok
20:57:34.0577 0x0e44  msiserver - ok
20:57:34.0597 0x0e44  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:57:34.0600 0x0e44  MSKSSRV - ok
20:57:34.0625 0x0e44  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:57:34.0628 0x0e44  MSPCLOCK - ok
20:57:34.0642 0x0e44  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:57:34.0645 0x0e44  MSPQM - ok
20:57:34.0664 0x0e44  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:57:34.0673 0x0e44  MsRPC - ok
20:57:34.0696 0x0e44  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:57:34.0700 0x0e44  mssmbios - ok
20:57:34.0718 0x0e44  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:57:34.0721 0x0e44  MSTEE - ok
20:57:34.0738 0x0e44  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:57:34.0741 0x0e44  MTConfig - ok
20:57:34.0758 0x0e44  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:57:34.0763 0x0e44  Mup - ok
20:57:34.0797 0x0e44  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
20:57:34.0842 0x0e44  napagent - ok
20:57:34.0898 0x0e44  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:57:34.0911 0x0e44  NativeWifiP - ok
20:57:34.0987 0x0e44  [ 9804FB2E46077F2977552347DFCA7E05, A34B703462C6998AB2B3EA6389F4B89616CDC257D44C400C92663E6FB4A8F196 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:57:35.0033 0x0e44  NDIS - ok
20:57:35.0051 0x0e44  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:57:35.0055 0x0e44  NdisCap - ok
20:57:35.0087 0x0e44  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:57:35.0091 0x0e44  NdisTapi - ok
20:57:35.0117 0x0e44  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:57:35.0121 0x0e44  Ndisuio - ok
20:57:35.0141 0x0e44  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:57:35.0149 0x0e44  NdisWan - ok
20:57:35.0164 0x0e44  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:57:35.0167 0x0e44  NDProxy - ok
20:57:35.0206 0x0e44  [ 338C8C0BF5C3F0D27C753B4F82141FB2, 3E26AC9433ED8EA2D4DC9AB0D4C732F6D3B1DD77455A4AB9BC08548578D40BCA ] Neo_VPN         C:\Windows\system32\DRIVERS\Neo_0057.sys
20:57:35.0210 0x0e44  Neo_VPN - ok
20:57:35.0238 0x0e44  [ 9213AA35BCA94EB79D366DA254E4BDF5, 5E1C71BEB6CFFF5A6F149E9FE6E169D087A6CBE63A504FEE8D42170284952F85 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl.sys
20:57:35.0241 0x0e44  Netaapl - ok
20:57:35.0276 0x0e44  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:57:35.0280 0x0e44  NetBIOS - ok
20:57:35.0316 0x0e44  [ A00996C9BFEF29A93B9F21DBE1DC502D, A97982CBBC2E240B0CD884ED3ED5D11B207DA8E7BEF73DCEA44E16E1CD84222F ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:57:35.0326 0x0e44  NetBT - ok
20:57:35.0337 0x0e44  [ 083D9DCFFF8C71BF0797535C85C24492, 9956283C0E507EF9D8D6FD994A82EEC5916B117915AC1DC9932DCA36C8231186 ] Netlogon        C:\Windows\system32\lsass.exe
20:57:35.0344 0x0e44  Netlogon - ok
20:57:35.0376 0x0e44  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
20:57:35.0410 0x0e44  Netman - ok
20:57:35.0442 0x0e44  [ 2635C2A431F5F04DFFE23C2678BBA410, D6F6973B57D2ED4DC4BF097CBBECFDA3045CED2C7E970CF7E127961F196893BD ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:57:35.0450 0x0e44  NetMsmqActivator - ok
20:57:35.0465 0x0e44  [ 2635C2A431F5F04DFFE23C2678BBA410, D6F6973B57D2ED4DC4BF097CBBECFDA3045CED2C7E970CF7E127961F196893BD ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:57:35.0472 0x0e44  NetPipeActivator - ok
20:57:35.0506 0x0e44  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
20:57:35.0540 0x0e44  netprofm - ok
20:57:35.0553 0x0e44  [ 2635C2A431F5F04DFFE23C2678BBA410, D6F6973B57D2ED4DC4BF097CBBECFDA3045CED2C7E970CF7E127961F196893BD ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:57:35.0560 0x0e44  NetTcpActivator - ok
20:57:35.0572 0x0e44  [ 2635C2A431F5F04DFFE23C2678BBA410, D6F6973B57D2ED4DC4BF097CBBECFDA3045CED2C7E970CF7E127961F196893BD ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:57:35.0579 0x0e44  NetTcpPortSharing - ok
20:57:35.0627 0x0e44  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:57:35.0632 0x0e44  nfrd960 - ok
20:57:35.0667 0x0e44  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:57:35.0701 0x0e44  NlaSvc - ok
20:57:35.0719 0x0e44  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:57:35.0723 0x0e44  Npfs - ok
20:57:35.0752 0x0e44  npggsvc - ok
20:57:35.0776 0x0e44  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
20:57:35.0785 0x0e44  nsi - ok
20:57:35.0802 0x0e44  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:57:35.0806 0x0e44  nsiproxy - ok
20:57:35.0900 0x0e44  [ 978E7A2E4BF4E8E70D0776EF0D9E97FB, B6C82BB9B3025FD2D37B6AB6FA9C2944F8B3020CD4588BE464CE73A992B7FF00 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:57:35.0945 0x0e44  Ntfs - ok
20:57:35.0973 0x0e44  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
20:57:35.0976 0x0e44  Null - ok
20:57:36.0010 0x0e44  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:57:36.0018 0x0e44  nvraid - ok
20:57:36.0043 0x0e44  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:57:36.0052 0x0e44  nvstor - ok
20:57:36.0080 0x0e44  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:57:36.0087 0x0e44  nv_agp - ok
20:57:36.0111 0x0e44  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:57:36.0117 0x0e44  ohci1394 - ok
20:57:36.0178 0x0e44  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:57:36.0187 0x0e44  ose - ok
20:57:36.0464 0x0e44  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:57:36.0733 0x0e44  osppsvc - ok
20:57:36.0782 0x0e44  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:57:36.0816 0x0e44  p2pimsvc - ok
20:57:36.0853 0x0e44  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:57:36.0887 0x0e44  p2psvc - ok
20:57:36.0916 0x0e44  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\drivers\parport.sys
20:57:36.0922 0x0e44  Parport - ok
20:57:36.0956 0x0e44  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:57:36.0961 0x0e44  partmgr - ok
20:57:36.0974 0x0e44  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
20:57:36.0977 0x0e44  Parvdm - ok
20:57:37.0012 0x0e44  [ 84752B402BF64CCDDF11816FEDF12DB4, 184DDFCEEE8C5B492415270FC640B8D584B3D79E7BADCE4DE7CDD74CC8C60130 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:57:37.0034 0x0e44  PcaSvc - ok
20:57:37.0059 0x0e44  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
20:57:37.0068 0x0e44  pci - ok
20:57:37.0098 0x0e44  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:57:37.0101 0x0e44  pciide - ok
20:57:37.0127 0x0e44  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:57:37.0138 0x0e44  pcmcia - ok
20:57:37.0157 0x0e44  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:57:37.0164 0x0e44  pcw - ok
20:57:37.0224 0x0e44  [ 0C941A3F148B4228867908F98F394461, 6D5F575F2E796C5EA8F9F3F96F9ACD935E274210A105C9365102B448E9AE2031 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:57:37.0287 0x0e44  PEAUTH - ok
20:57:37.0363 0x0e44  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:57:37.0414 0x0e44  PeerDistSvc - ok
20:57:37.0534 0x0e44  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
20:57:37.0624 0x0e44  pla - ok
20:57:37.0671 0x0e44  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:57:37.0717 0x0e44  PlugPlay - ok
20:57:37.0735 0x0e44  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:57:37.0745 0x0e44  PNRPAutoReg - ok
20:57:37.0778 0x0e44  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:57:37.0796 0x0e44  PNRPsvc - ok
20:57:37.0845 0x0e44  [ A2FEA7E16D8D056D2FF1EE93F9C73FB1, 6BC8C1B37274B50573F3DAC043DBD9B29B93F527290392842CD94910014D0C74 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:57:37.0879 0x0e44  PolicyAgent - ok
20:57:37.0904 0x0e44  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
20:57:37.0920 0x0e44  Power - ok
20:57:37.0962 0x0e44  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:57:37.0967 0x0e44  PptpMiniport - ok
20:57:37.0991 0x0e44  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
20:57:37.0996 0x0e44  Processor - ok
20:57:38.0040 0x0e44  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:57:38.0063 0x0e44  ProfSvc - ok
20:57:38.0082 0x0e44  [ 083D9DCFFF8C71BF0797535C85C24492, 9956283C0E507EF9D8D6FD994A82EEC5916B117915AC1DC9932DCA36C8231186 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:57:38.0089 0x0e44  ProtectedStorage - ok
20:57:38.0117 0x0e44  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:57:38.0124 0x0e44  Psched - ok
20:57:38.0205 0x0e44  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:57:38.0286 0x0e44  ql2300 - ok
20:57:38.0319 0x0e44  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:57:38.0328 0x0e44  ql40xx - ok
20:57:38.0366 0x0e44  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
20:57:38.0400 0x0e44  QWAVE - ok
20:57:38.0417 0x0e44  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:57:38.0422 0x0e44  QWAVEdrv - ok
20:57:38.0446 0x0e44  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:57:38.0450 0x0e44  RasAcd - ok
20:57:38.0488 0x0e44  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:57:38.0493 0x0e44  RasAgileVpn - ok
20:57:38.0516 0x0e44  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
20:57:38.0530 0x0e44  RasAuto - ok
20:57:38.0560 0x0e44  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:57:38.0566 0x0e44  Rasl2tp - ok
20:57:38.0596 0x0e44  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
20:57:38.0641 0x0e44  RasMan - ok
20:57:38.0658 0x0e44  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:57:38.0664 0x0e44  RasPppoe - ok
20:57:38.0691 0x0e44  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:57:38.0697 0x0e44  RasSstp - ok
20:57:38.0722 0x0e44  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:57:38.0734 0x0e44  rdbss - ok
20:57:38.0754 0x0e44  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:57:38.0758 0x0e44  rdpbus - ok
20:57:38.0774 0x0e44  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:57:38.0777 0x0e44  RDPCDD - ok
20:57:38.0813 0x0e44  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:57:38.0821 0x0e44  RDPDR - ok
20:57:38.0839 0x0e44  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:57:38.0842 0x0e44  RDPENCDD - ok
20:57:38.0855 0x0e44  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:57:38.0859 0x0e44  RDPREFMP - ok
20:57:38.0889 0x0e44  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:57:38.0898 0x0e44  RDPWD - ok
20:57:38.0935 0x0e44  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:57:38.0945 0x0e44  rdyboost - ok
20:57:38.0973 0x0e44  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:57:38.0984 0x0e44  RemoteAccess - ok
20:57:39.0023 0x0e44  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:57:39.0037 0x0e44  RemoteRegistry - ok
20:57:39.0079 0x0e44  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:57:39.0087 0x0e44  RFCOMM - ok
20:57:39.0101 0x0e44  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:57:39.0112 0x0e44  RpcEptMapper - ok
20:57:39.0134 0x0e44  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
20:57:39.0141 0x0e44  RpcLocator - ok
20:57:39.0196 0x0e44  [ 1F54F58D7FA2B3442084E32CDE5E309E, F0D8124E7C9ADC88BD8C53646F2499CDB3D2105DA7C4D28F3D26F313859B3D32 ] RpcSs           C:\Windows\system32\rpcss.dll
20:57:39.0219 0x0e44  RpcSs - ok
20:57:39.0266 0x0e44  [ EA388FB06A16D69145E35E8D15F62B30, 450098E8B56664D684DF9251F18F1B6A5677E5AE5B70667B8F0456BB85C33809 ] RSBASTOR        C:\Windows\system32\DRIVERS\RtsBaStor.sys
20:57:39.0278 0x0e44  RSBASTOR - ok
20:57:39.0304 0x0e44  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:57:39.0310 0x0e44  rspndr - ok
20:57:39.0365 0x0e44  [ 96F4CB5673D2EC2C7B607DFB7AF9E9B1, 989DB6AC1860301EBE124253C63CA7D1CED19C270B84EFB321F193CBD45E93A8 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
20:57:39.0410 0x0e44  RTL8167 - ok
20:57:39.0446 0x0e44  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:57:39.0450 0x0e44  s3cap - ok
20:57:39.0466 0x0e44  [ 083D9DCFFF8C71BF0797535C85C24492, 9956283C0E507EF9D8D6FD994A82EEC5916B117915AC1DC9932DCA36C8231186 ] SamSs           C:\Windows\system32\lsass.exe
20:57:39.0473 0x0e44  SamSs - ok
20:57:39.0519 0x0e44  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:57:39.0525 0x0e44  sbp2port - ok
20:57:39.0560 0x0e44  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:57:39.0582 0x0e44  SCardSvr - ok
20:57:39.0614 0x0e44  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:57:39.0618 0x0e44  scfilter - ok
20:57:39.0689 0x0e44  [ 9060B8D5BCD5F2B019249F85E3D811F3, 7FB32AB7FE118462988321B9230074DAA960B587417EB463187539C3215445AE ] Schedule        C:\Windows\system32\schedsvc.dll
20:57:39.0735 0x0e44  Schedule - ok
20:57:39.0769 0x0e44  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:57:39.0774 0x0e44  SCPolicySvc - ok
20:57:39.0806 0x0e44  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:57:39.0821 0x0e44  SDRSVC - ok
20:57:39.0851 0x0e44  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:57:39.0855 0x0e44  secdrv - ok
20:57:39.0885 0x0e44  [ 38CBFFED5FC39CDFE6B4014401ED2629, 7BA730E2EDB8387190E45DA2F475BFE42AB3B12319DE088BD8E9F59227EDA4DD ] seclogon        C:\Windows\system32\seclogon.dll
20:57:39.0896 0x0e44  seclogon - ok
20:57:39.0924 0x0e44  [ A0D8705D6BD72448E502F52FD253A99F, 649392E1905583E1551620EA43A5FC77E9430D6CC811D2F4C5420AE21552ECC2 ] SEE             C:\Windows\system32\drivers\see.sys
20:57:39.0929 0x0e44  SEE - ok
20:57:39.0944 0x0e44  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
20:57:39.0956 0x0e44  SENS - ok
20:57:39.0984 0x0e44  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:57:39.0995 0x0e44  SensrSvc - ok
20:57:40.0022 0x0e44  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:57:40.0026 0x0e44  Serenum - ok
20:57:40.0046 0x0e44  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\drivers\serial.sys
20:57:40.0053 0x0e44  Serial - ok
20:57:40.0061 0x0e44  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:57:40.0065 0x0e44  sermouse - ok
20:57:40.0104 0x0e44  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:57:40.0119 0x0e44  SessionEnv - ok
20:57:40.0394 0x0e44  [ A6DD3DA24E8E22FAEF318C2A10F550F5, 9436DFD4CCBE551FCEA02515C31A4E17F5EA7C9CDBE64010A907D18C2DFCA403 ] SEVPNCLIENT     C:\Program Files\SoftEther VPN Client\vpnclient.exe
20:57:40.0621 0x0e44  SEVPNCLIENT - ok
20:57:40.0677 0x0e44  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:57:40.0680 0x0e44  sffdisk - ok
20:57:40.0713 0x0e44  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:57:40.0716 0x0e44  sffp_mmc - ok
20:57:40.0737 0x0e44  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:57:40.0740 0x0e44  sffp_sd - ok
20:57:40.0773 0x0e44  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:57:40.0777 0x0e44  sfloppy - ok
20:57:40.0825 0x0e44  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:57:40.0859 0x0e44  SharedAccess - ok
20:57:40.0903 0x0e44  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:57:40.0948 0x0e44  ShellHWDetection - ok
20:57:40.0970 0x0e44  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:57:40.0975 0x0e44  sisagp - ok
20:57:41.0017 0x0e44  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:57:41.0021 0x0e44  SiSRaid2 - ok
20:57:41.0036 0x0e44  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:57:41.0042 0x0e44  SiSRaid4 - ok
20:57:41.0073 0x0e44  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:57:41.0079 0x0e44  Smb - ok
20:57:41.0125 0x0e44  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:57:41.0136 0x0e44  SNMPTRAP - ok
20:57:41.0151 0x0e44  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:57:41.0155 0x0e44  spldr - ok
20:57:41.0206 0x0e44  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
20:57:41.0251 0x0e44  Spooler - ok
20:57:41.0411 0x0e44  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
20:57:41.0571 0x0e44  sppsvc - ok
20:57:41.0611 0x0e44  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:57:41.0623 0x0e44  sppuinotify - ok
20:57:41.0668 0x0e44  [ 90FBF12A93BB60360993F690CF0ACF45, DEC5A16230670836A577736A8B797BAFAA8C7CD5DDBCB1C481A4108056670180 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:57:41.0690 0x0e44  srv - ok
20:57:41.0740 0x0e44  [ 14B6849E81F75ECDCA29261F707686E8, 770F2F36A72BB64DD426AC1E1659A39EF92E0A8E5E751D413452BA8633B92B34 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:57:41.0763 0x0e44  srv2 - ok
20:57:41.0803 0x0e44  [ 4589FBE14AB0E789D7BD43B04A0BB618, 35F0A71DBE195453D0E1D6CA822011993B2FABA78DC5543AC71D54ED36E19B27 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:57:41.0810 0x0e44  srvnet - ok
20:57:41.0844 0x0e44  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:57:41.0878 0x0e44  SSDPSRV - ok
20:57:41.0915 0x0e44  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:57:41.0929 0x0e44  SstpSvc - ok
20:57:41.0956 0x0e44  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:57:41.0960 0x0e44  stexstor - ok
20:57:42.0005 0x0e44  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
20:57:42.0051 0x0e44  StiSvc - ok
20:57:42.0076 0x0e44  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:57:42.0081 0x0e44  storflt - ok
20:57:42.0105 0x0e44  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
20:57:42.0116 0x0e44  StorSvc - ok
20:57:42.0137 0x0e44  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:57:42.0142 0x0e44  storvsc - ok
20:57:42.0167 0x0e44  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:57:42.0171 0x0e44  swenum - ok
20:57:42.0324 0x0e44  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:57:42.0349 0x0e44  SwitchBoard - ok
20:57:42.0397 0x0e44  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
20:57:42.0442 0x0e44  swprv - ok
20:57:42.0528 0x0e44  [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain         C:\Windows\system32\sysmain.dll
20:57:42.0597 0x0e44  SysMain - ok
20:57:42.0623 0x0e44  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
20:57:42.0637 0x0e44  TabletInputService - ok
20:57:42.0660 0x0e44  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:57:42.0694 0x0e44  TapiSrv - ok
20:57:42.0775 0x0e44  [ C7E41209132B9CF084CCEA8593F61328, 441E44C3C4803FA9304111E58AE7A2927EEB6584CEC9CBF81DC508E73A99033E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:57:42.0844 0x0e44  Tcpip - ok
20:57:42.0926 0x0e44  [ C7E41209132B9CF084CCEA8593F61328, 441E44C3C4803FA9304111E58AE7A2927EEB6584CEC9CBF81DC508E73A99033E ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:57:42.0982 0x0e44  TCPIP6 - ok
20:57:43.0018 0x0e44  [ A4BF8BE9D1F7D563C7868AC7B2561545, E3C2FFE53373E5255DC388E0C81CCE965E432EFAF52C85B5B3B3918815114073 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:57:43.0022 0x0e44  tcpipreg - ok
20:57:43.0045 0x0e44  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:57:43.0049 0x0e44  TDPIPE - ok
20:57:43.0070 0x0e44  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:57:43.0074 0x0e44  TDTCP - ok
20:57:43.0114 0x0e44  [ BB8817D0508DD5EA69C770C8DEF5AB67, C55671524EEF6E16BBCC92556E83FD1D6457E707EA9330FC1CDD28FB11D99B77 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:57:43.0120 0x0e44  tdx - ok
20:57:43.0130 0x0e44  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:57:43.0135 0x0e44  TermDD - ok
20:57:43.0193 0x0e44  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
20:57:43.0239 0x0e44  TermService - ok
20:57:43.0274 0x0e44  [ 59CFDA4EACB3788F8B17F87B49B0AC0E, 653CE0697A31BA79BE1094601BA3A94912B368E29212AF79288B010D45AD7658 ] Themes          C:\Windows\system32\themeservice.dll
20:57:43.0285 0x0e44  Themes - ok
20:57:43.0304 0x0e44  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
20:57:43.0312 0x0e44  THREADORDER - ok
20:57:43.0346 0x0e44  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
20:57:43.0359 0x0e44  TrkWks - ok
20:57:43.0399 0x0e44  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:57:43.0409 0x0e44  TrustedInstaller - ok
20:57:43.0445 0x0e44  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:57:43.0449 0x0e44  tssecsrv - ok
20:57:43.0474 0x0e44  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:57:43.0479 0x0e44  TsUsbFlt - ok
20:57:43.0503 0x0e44  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:57:43.0507 0x0e44  TsUsbGD - ok
20:57:43.0559 0x0e44  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:57:43.0566 0x0e44  tunnel - ok
20:57:43.0602 0x0e44  [ 22DB63E32E3B9A716A1B3EEC5E9A8F32, 4AE7B9F8DB57BACEC2CE5487E175193AF44D78A12874E0960E5C764DE10C4BC7 ] TXEI            C:\Windows\system32\DRIVERS\TXEI.sys
20:57:43.0608 0x0e44  TXEI - ok
20:57:43.0635 0x0e44  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:57:43.0640 0x0e44  uagp35 - ok
20:57:43.0682 0x0e44  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:57:43.0694 0x0e44  udfs - ok
20:57:43.0729 0x0e44  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:57:43.0742 0x0e44  UI0Detect - ok
20:57:43.0778 0x0e44  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:57:43.0783 0x0e44  uliagpkx - ok
20:57:43.0811 0x0e44  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:57:43.0815 0x0e44  umbus - ok
20:57:43.0845 0x0e44  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:57:43.0848 0x0e44  UmPass - ok
20:57:43.0888 0x0e44  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
20:57:43.0921 0x0e44  UmRdpService - ok
20:57:43.0972 0x0e44  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
20:57:44.0017 0x0e44  upnphost - ok
20:57:44.0047 0x0e44  [ A176718F0DF45F60F545CF3E14F4D108, 5E767CB0B51B3BA05B6F99A7E46BEC275489DCFE874343C9B992843AA1F2334E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
20:57:44.0051 0x0e44  USBAAPL - ok
20:57:44.0095 0x0e44  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:57:44.0102 0x0e44  usbaudio - ok
20:57:44.0124 0x0e44  [ 325A69967CC7B4BFB170F5636143A94A, E0341360827B9B3E244F24D0BC01D3B3C0CC97E232A361960849F799A16AD540 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:57:44.0130 0x0e44  usbccgp - ok
20:57:44.0159 0x0e44  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:57:44.0165 0x0e44  usbcir - ok
20:57:44.0202 0x0e44  [ 5D57798CAE5A0DD0B8F61C52B8E7C3D1, 5097997508E1406AD5B018C5006D82F8BFC7B157C6CAF1B4D80C7D6DB722A77A ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:57:44.0207 0x0e44  usbehci - ok
20:57:44.0260 0x0e44  [ 3835ECC1E928042F92D7AA1963D40523, 60237CB8C3F935544006621255FFD53C9E09C0AF4741D0C50968CB4D647336D5 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
20:57:44.0273 0x0e44  usbhub - ok
20:57:44.0311 0x0e44  [ 81E1E90305A4C7A13BADC5DFA22ABA37, 9EF3F5CD2FCF22A5BCC668778C8340D8C80719E9B43FB6C4484BFC98280B8BD9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:57:44.0315 0x0e44  usbohci - ok
20:57:44.0355 0x0e44  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:57:44.0359 0x0e44  usbprint - ok
20:57:44.0378 0x0e44  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:57:44.0383 0x0e44  usbscan - ok
20:57:44.0417 0x0e44  [ 144DA53294922A84FFAA3D90B1453745, A8DC6B534E4526E2226CF6C9D53A4B6B251D2F23728E41737063D24024C5266F ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:57:44.0423 0x0e44  USBSTOR - ok
20:57:44.0443 0x0e44  [ B4A1789BE90403D9549EF9DBAD37A429, 1F590F8DE0081953B944A076FFEB5FF3BCF7E2BEE4ABD97236A29C00B9242163 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:57:44.0447 0x0e44  usbuhci - ok
20:57:44.0478 0x0e44  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:57:44.0486 0x0e44  usbvideo - ok
20:57:44.0572 0x0e44  [ AA6EBA9C7424968403D6135224F47546, 5075A81C1C04C7B7F5D4470F8DE76F69A553AF6E77E4E5977E77CD8DE40E4DCA ] uSHAREitSvc     C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.Service.exe
20:57:44.0577 0x0e44  uSHAREitSvc - ok
20:57:44.0600 0x0e44  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
20:57:44.0612 0x0e44  UxSms - ok
20:57:44.0625 0x0e44  [ 083D9DCFFF8C71BF0797535C85C24492, 9956283C0E507EF9D8D6FD994A82EEC5916B117915AC1DC9932DCA36C8231186 ] VaultSvc        C:\Windows\system32\lsass.exe
20:57:44.0632 0x0e44  VaultSvc - ok
20:57:44.0664 0x0e44  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:57:44.0668 0x0e44  vdrvroot - ok
20:57:44.0706 0x0e44  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
20:57:44.0740 0x0e44  vds - ok
20:57:44.0754 0x0e44  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:57:44.0758 0x0e44  vga - ok
20:57:44.0779 0x0e44  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:57:44.0783 0x0e44  VgaSave - ok
20:57:44.0801 0x0e44  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:57:44.0811 0x0e44  vhdmp - ok
20:57:44.0827 0x0e44  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:57:44.0832 0x0e44  viaagp - ok
20:57:44.0842 0x0e44  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
20:57:44.0848 0x0e44  ViaC7 - ok
20:57:44.0878 0x0e44  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:57:44.0882 0x0e44  viaide - ok
20:57:44.0924 0x0e44  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:57:44.0934 0x0e44  vmbus - ok
20:57:44.0954 0x0e44  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:57:44.0958 0x0e44  VMBusHID - ok
20:57:44.0978 0x0e44  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:57:44.0983 0x0e44  volmgr - ok
20:57:45.0008 0x0e44  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:57:45.0029 0x0e44  volmgrx - ok
20:57:45.0055 0x0e44  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:57:45.0067 0x0e44  volsnap - ok
20:57:45.0101 0x0e44  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:57:45.0110 0x0e44  vsmraid - ok
20:57:45.0191 0x0e44  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
20:57:45.0259 0x0e44  VSS - ok
20:57:45.0274 0x0e44  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:57:45.0278 0x0e44  vwifibus - ok
20:57:45.0307 0x0e44  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:57:45.0312 0x0e44  vwififlt - ok
20:57:45.0355 0x0e44  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:57:45.0359 0x0e44  vwifimp - ok
20:57:45.0393 0x0e44  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
20:57:45.0438 0x0e44  W32Time - ok
20:57:45.0463 0x0e44  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:57:45.0466 0x0e44  WacomPen - ok
20:57:45.0500 0x0e44  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:57:45.0505 0x0e44  WANARP - ok
20:57:45.0514 0x0e44  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:57:45.0519 0x0e44  Wanarpv6 - ok
20:57:45.0595 0x0e44  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
20:57:45.0686 0x0e44  wbengine - ok
20:57:45.0709 0x0e44  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:57:45.0732 0x0e44  WbioSrvc - ok
20:57:45.0763 0x0e44  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:57:45.0808 0x0e44  wcncsvc - ok
20:57:45.0838 0x0e44  [ D9DF5C53DFE502D88A726DD6EFB3CCC3, 2804FA28CEF1A15C1E1BAAB440F7546A497C3B894313521750380F789678BC0C ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:57:45.0850 0x0e44  WcsPlugInService - ok
20:57:45.0883 0x0e44  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
20:57:45.0887 0x0e44  Wd - ok
20:57:45.0933 0x0e44  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:57:45.0967 0x0e44  Wdf01000 - ok
20:57:46.0004 0x0e44  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:57:46.0018 0x0e44  WdiServiceHost - ok
20:57:46.0029 0x0e44  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:57:46.0042 0x0e44  WdiSystemHost - ok
20:57:46.0073 0x0e44  [ DC54D7A40B6E18E5C7F592F836D163FF, 436AF3B94EAE6CBD2516A63235AE1D6EC4F1FCAA0F974A9672BB5AB2A846BB2C ] WebClient       C:\Windows\System32\webclnt.dll
20:57:46.0096 0x0e44  WebClient - ok
20:57:46.0139 0x0e44  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:57:46.0173 0x0e44  Wecsvc - ok
20:57:46.0202 0x0e44  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:57:46.0215 0x0e44  wercplsupport - ok
20:57:46.0252 0x0e44  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
20:57:46.0266 0x0e44  WerSvc - ok
20:57:46.0285 0x0e44  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:57:46.0289 0x0e44  WfpLwf - ok
20:57:46.0315 0x0e44  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:57:46.0318 0x0e44  WIMMount - ok
20:57:46.0390 0x0e44  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:57:46.0424 0x0e44  WinDefend - ok
20:57:46.0453 0x0e44  WinHttpAutoProxySvc - ok
20:57:46.0510 0x0e44  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:57:46.0519 0x0e44  Winmgmt - ok
20:57:46.0598 0x0e44  [ 8949A93520F7008C3B7AD320A0EEA267, F77C6BF73B300347FEB3D02C7A1F98807546D95E10E499D385B7F00D1366CC59 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:57:46.0667 0x0e44  WinRM - ok
20:57:46.0731 0x0e44  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:57:46.0736 0x0e44  WinUsb - ok
20:57:46.0792 0x0e44  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:57:46.0849 0x0e44  Wlansvc - ok
20:57:46.0866 0x0e44  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:57:46.0869 0x0e44  WmiAcpi - ok
20:57:46.0905 0x0e44  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:57:46.0914 0x0e44  wmiApSrv - ok
20:57:47.0009 0x0e44  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:57:47.0066 0x0e44  WMPNetworkSvc - ok
20:57:47.0097 0x0e44  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:57:47.0109 0x0e44  WPCSvc - ok
20:57:47.0133 0x0e44  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:57:47.0148 0x0e44  WPDBusEnum - ok
20:57:47.0167 0x0e44  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:57:47.0171 0x0e44  ws2ifsl - ok
20:57:47.0195 0x0e44  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
20:57:47.0210 0x0e44  wscsvc - ok
20:57:47.0219 0x0e44  WSearch - ok
20:57:47.0353 0x0e44  [ FAC7617DD8A8CCCBBB9D36C39AFA5ABE, 64BB658523F4610B6D092BD390D24307F0A545ABA5C78B5DB50B7AA9E65C6A51 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:57:47.0490 0x0e44  wuauserv - ok
20:57:47.0527 0x0e44  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:57:47.0532 0x0e44  WudfPf - ok
20:57:47.0557 0x0e44  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:57:47.0567 0x0e44  WUDFRd - ok
20:57:47.0598 0x0e44  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:57:47.0613 0x0e44  wudfsvc - ok
20:57:47.0644 0x0e44  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:57:47.0678 0x0e44  WwanSvc - ok
20:57:47.0712 0x0e44  XDva535 - ok
20:57:47.0723 0x0e44  XDva536 - ok
20:57:47.0753 0x0e44  xhunter1 - ok
20:57:47.0803 0x0e44  ================ Scan global ===============================
20:57:47.0836 0x0e44  [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\Windows\system32\basesrv.dll
20:57:47.0867 0x0e44  [ 090FF4D4A003291D7579A81089D06981, 2713E190F10A96E977C0BA5D38D89E8D123F7CB7D0180CFC0A4073EC42EDB2DB ] C:\Windows\system32\winsrv.dll
20:57:47.0911 0x0e44  [ 090FF4D4A003291D7579A81089D06981, 2713E190F10A96E977C0BA5D38D89E8D123F7CB7D0180CFC0A4073EC42EDB2DB ] C:\Windows\system32\winsrv.dll
20:57:47.0947 0x0e44  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
20:57:47.0980 0x0e44  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
20:57:48.0014 0x0e44  [ Global ] - ok
20:57:48.0014 0x0e44  ================ Scan MBR ==================================
20:57:48.0037 0x0e44  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:57:48.0981 0x0e44  \Device\Harddisk0\DR0 - ok
20:57:48.0982 0x0e44  ================ Scan VBR ==================================
20:57:48.0989 0x0e44  [ ED2A14E510740A1D0B07ED370399A2D5 ] \Device\Harddisk0\DR0\Partition1
20:57:48.0995 0x0e44  \Device\Harddisk0\DR0\Partition1 - ok
20:57:49.0094 0x0e44  [ A0A651BCC89B74D83EA2C6A86E3A938E ] \Device\Harddisk0\DR0\Partition2
20:57:49.0097 0x0e44  \Device\Harddisk0\DR0\Partition2 - ok
20:57:49.0104 0x0e44  [ 5EE544293AF8BE30B7948C025192824F ] \Device\Harddisk0\DR0\Partition3
20:57:49.0106 0x0e44  \Device\Harddisk0\DR0\Partition3 - ok
20:57:49.0117 0x0e44  [ 7FD6B022DD6A0A428FEAAC86F6A46FAA ] \Device\Harddisk0\DR0\Partition4
20:57:49.0120 0x0e44  \Device\Harddisk0\DR0\Partition4 - ok
20:57:49.0145 0x0e44  ================ Scan generic autorun ======================
20:57:49.0841 0x0e44  [ F00A74241943E58F3795291BC3AF0853, DFB6E450A0198E1AC600107D79E8A8301B1F413CC93FCCCFB2A511D249F264D0 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
20:57:50.0388 0x0e44  RTHDVCPL - ok
20:57:50.0482 0x0e44  [ 358C730A67DD4F0C0F7AF6DC3DDA9B22, 2C8C5EBA345DEF365065290EA3D489CAA3E54CC05D53152C03ED9CFC0DEAA840 ] C:\Program Files\Rainmeter\Rainmeter.exe
20:57:50.0485 0x0e44  Rainmeter - ok
20:57:50.0531 0x0e44  SAO Utils - ok
20:57:50.0616 0x0e44  [ 1315C5C5C54CE2AA37A155F97027DB59, 70CDA6AE7FF4FD08FAD931477C524957952EDC89985696FD988B9786A349C565 ] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
20:57:50.0650 0x0e44  AdobeAAMUpdater-1.0 - ok
20:57:50.0727 0x0e44  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:57:50.0747 0x0e44  SwitchBoard - ok
20:57:50.0831 0x0e44  [ 89666F21479E55D48198282DA724E7CF, 15A32633E5B9D927CC0FC172DFE745FBC268B1452325A5BEED879EAC948163E0 ] C:\Program Files\Athan\Athan.exe
20:57:50.0898 0x0e44  Athan - ok
20:57:50.0929 0x0e44  [ 25550E7DB114579EB50BC98A8DFD8B9F, 11F81387B6EE44FBE4DCF251A0D4AFF3E84C550BACCA39B71B41B452D512628B ] C:\Program Files\ControlCenter4\BrCcBoot.exe
20:57:50.0937 0x0e44  ControlCenter4 - ok
20:57:51.0134 0x0e44  [ A6DD3DA24E8E22FAEF318C2A10F550F5, 9436DFD4CCBE551FCEA02515C31A4E17F5EA7C9CDBE64010A907D18C2DFCA403 ] C:\Program Files\SoftEther VPN Client\vpnclient.exe
20:57:51.0321 0x0e44  SoftEther VPN Client UI Helper - ok
20:57:51.0389 0x0e44  [ 8DD6F98101EBBA3FC92C8092333A6B32, 80FE7E4433731614B92F8C0256EA5440508C535EBDA45188D1225BFEDA6F0F67 ] C:\Program Files\AVAST Software\Avast\AvLaunch.exe
20:57:51.0399 0x0e44  AvastUI.exe - ok
20:57:51.0557 0x0e44  [ A6A21A7D544675E98C040DA18904CF50, AACB578C297C7AC9FEBDAB4AD20235E5CFF6E3F260E76E6AE18D43DC57D69672 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
20:57:51.0723 0x0e44  Malwarebytes TrayApp - ok
20:57:51.0875 0x0e44  [ 8FE651ACBA3344E645CFEB6286FFF6B8, ECE4DFFEB7EB0B19B6790FD0F619A5C4B23CA0BA9CC3F25924925F8EA07264B6 ] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
20:57:51.0919 0x0e44  AdobeCS6ServiceManager - ok
20:57:52.0017 0x0e44  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:57:52.0084 0x0e44  Sidebar - ok
20:57:52.0112 0x0e44  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:57:52.0123 0x0e44  mctadmin - ok
20:57:52.0179 0x0e44  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:57:52.0220 0x0e44  Sidebar - ok
20:57:52.0236 0x0e44  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:57:52.0246 0x0e44  mctadmin - ok
20:57:52.0420 0x0e44  [ E7268F78AC083DD6FFAB8173C9B4265D, 91BEA3BBF5A4D6314E1BF6AE1A1ABE2F98CA69F4978E74D4990CBEA494AD01AB ] C:\Program Files\FreeAlarmClock\FreeAlarmClock.exe
20:57:52.0603 0x0e44  FreeAC - ok
20:57:55.0014 0x0e44  [ 21F2E6381643E9354B3741749E56C10C, 8890489668A072EB9389EB7F556ECCB4E510F6DC907D4B5EE0C40C0757B8EABD ] C:\Program Files\Internet Download Manager\IDMan.exe
20:57:55.0253 0x0e44  IDMan - ok
20:57:55.0272 0x0e44  Waiting for KSN requests completion. In queue: 128
20:57:56.0272 0x0e44  Waiting for KSN requests completion. In queue: 128
20:57:57.0272 0x0e44  Waiting for KSN requests completion. In queue: 127
20:57:58.0499 0x0e44  AV detected via SS2: Avast Antivirus, C:\Program Files\AVAST Software\Avast\wsc_proxy.exe ( 17.4.3482.0 ), 0x41000 ( enabled : updated )
20:57:58.0528 0x0e44  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.143 ), 0x60000 ( disabled : updated )
20:57:58.0532 0x0e44  FW detected via SS2: Avast Antivirus, C:\Program Files\AVAST Software\Avast\wsc_proxy.exe ( 17.4.3482.0 ), 0x41010 ( enabled )
20:58:00.0127 0x0e44  ============================================================
20:58:00.0127 0x0e44  Scan finished
20:58:00.0127 0x0e44  ============================================================
20:58:00.0145 0x04d8  Detected object count: 0
20:58:00.0145 0x04d8  Actual detected object count: 0
21:00:20.0256 0x11ac  Deinitialize success
 
 
 
 
 
 
 
 
 
 
 
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2017-06-18 21:01:07
-----------------------------
21:01:07.610    OS Version: Windows 6.1.7601 Service Pack 1
21:01:07.610    Number of processors: 4 586 0x3703
21:01:07.615    ComputerName: RAYMAN-PC  UserName: rayman
21:01:32.522    Initialize success
21:01:32.607    VM: initialized successfully
21:01:32.612    VM: Intel CPU supported 
21:01:43.463    VM: supported disk I/O ataport.SYS
21:01:52.785    AVAST engine defs: 17061800
21:01:57.702    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:01:57.707    Disk 0 Vendor: WDC_WD5000LPVX-22V0TT0 01.01A01 Size: 476940MB BusType: 11
21:01:57.978    VM: Disk 0 MBR read successfully
21:01:57.983    Disk 0 MBR scan
21:01:57.991    Disk 0 Windows 7 default MBR code
21:01:58.039    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1905 MB offset 2048
21:01:58.050    Disk 0 Boot: NTFS     code=1
21:01:58.058    Disk 0 Partition - 00     0F Extended LBA            120001 MB offset 3903488
21:01:58.081    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       155030 MB offset 249666168
21:01:58.101    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       200000 MB offset 567169024
21:01:58.157    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       120000 MB offset 3905536
21:01:58.173    Disk 0 scanning sectors +976769024
21:01:58.348    Disk 0 scanning C:\Windows\system32\drivers
21:02:11.221    Service scanning
21:02:44.443    Modules scanning
21:02:44.456    Disk 0 trace - called modules:
21:02:44.513    ntkrnlpa.exe CLASSPNP.SYS disk.sys aswSP.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys 
21:02:44.523    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86159030]
21:02:44.533    3 aswSP.sys[8f65b565] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85fd0908]
21:02:44.908    AVAST engine scan C:\Windows
21:02:47.322    AVAST engine scan C:\Windows\system32
21:06:31.511    AVAST engine scan C:\Windows\system32\drivers
21:06:47.784    AVAST engine scan C:\Users\rayman
21:10:33.810    Disk 0 MBR has been saved successfully to "C:\Users\rayman\Downloads\Cleaner\MBR.dat"
21:10:33.813    The log file has been saved successfully to "C:\Users\rayman\Downloads\Cleaner\aswMBR.txt"
 
 

 

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:37 PM

Posted 18 June 2017 - 01:14 PM

lAST LOGS ARE CLEAN.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#13 Eromanga

Eromanga
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 19 June 2017 - 02:35 AM

it dons't change much IE is still running and its to long to load when shutting down or turning on.. but I'm observing the desktoplayer.exe if still recreate its self

here is your request..

 

 

 

 
Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by rayman on Mon 06/19/2017 at  3:56:44.25.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\rayman\Downloads\Cleaner\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
6/19/2017 4:57:11 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\BlueStacksSetup deleted successfully
C:\PROGRA~2\IDM deleted successfully
C:\PROGRA~2\Stardock deleted successfully
C:\Users\rayman\AppData\Roaming\LibrariIcon deleted successfully
C:\Users\rayman\AppData\Roaming\QuickScan deleted successfully
C:\Users\rayman\AppData\Roaming\Stardock deleted successfully
C:\Users\rayman\AppData\Roaming\Update deleted successfully
C:\Users\rayman\AppData\Local\Facebook deleted successfully
C:\Users\rayman\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Users\rayman\AppData\Roaming\PSO2 Tweaker deleted
C:\PROGRA~2\GarenaMessenger deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\rayman\AppData\Local\HWVendorDetection.log deleted
C:\Windows\System32\AI_RecycleBin deleted
"C:\ProgramData\mntemp" deleted
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
ngpampappnmepgilojfohadhhmbhlaek - C:\Program Files\Internet Download Manager\IDMGCExt.crx[06/09/2017 12:58 AM]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
dhdgffkkebhmkfjojejmpbldmpobfkfo - No path found[]
 
One Piece logo - rayman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghhlbpnfjpoclfaecoabciimllecbbob
Grammarly for Chrome - rayman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
IDM Integration Module - rayman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek
Chrome Media Router - rayman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== Reset Google Chrome ======================
 
C:\Users\rayman\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\rayman\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\rayman\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\rayman\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Amworks deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Azan Player deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLLSuite2016 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS Cleanup deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ettion deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fences deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Find deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run deleted successfully
 
==== Empty IE Cache ======================
 
C:\Users\rayman\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\rayman\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=18 folders=47 13230161 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\rayman\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\rayman\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Mon 06/19/2017 at  6:41:43.26 ======================
 

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,540 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:37 PM

Posted 19 June 2017 - 07:39 AM


Have a look at this page.
http://www.freefixer.com/library/file/desktoplayer.exe-204517/

Please download and run the Bitdefender removal tool.
https://www.bitdefender.com/uninstall/

Delete the desktoplayer.exe if present.

===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===


Restart the computer normally and let me know if the file is re-created.

#15 Eromanga

Eromanga
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:37 AM

Posted 19 June 2017 - 11:18 PM

Hi Nasdaq thank you for everything and for helping me but i think ill just reinstall my os. thanks






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users