Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I think I could be infected help please!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I think I could be infected help please!!!

Unread postby rmrrar » April 15th, 2016, 8:59 am

I got an email from at&t that reads as follows.

Dear SBC customer,
AT&T has received information indicating that one or more devices using your Internet connection may be infected with malicious software. Internet traffic consistent with a malware infection (“bedep”) was observed on Apr 11, 2016 at 10:40 PM EDT from the IP address 108.207.169.142. Our records indicate that this IP address was assigned to you at this time.

Infected computers are often used as part of a zombie computer network (“botnet”). Botnets are networks of computers which have been infected with malware and placed under the control of a hacker or group of hackers. They are often used for attacks on websites, spamming, fraud, and distribution of additional malware.

Because malware is designed to run in secret, an infected computer may display no obvious symptoms.

To address this matter we ask that you take the following actions. If your computer(s) are managed by an Information Technology (IT) group at your place of work, please pass this information on to them.
If you use a wireless network, an infected computer may be using your Internet connection without your knowledge. Ensure that your wireless router is password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not available). Check the connections to the router and ensure that you recognize all connected devices.
Ensure your firewall settings and anti-virus software are up-to-date, and install any necessary service packs or patches. Scan all systems for viruses and other malware.
Additional tools and information:

Tools for removing rootkits, bots, and other crimeware:
Norton Power Eraser: https://security.symantec.com/nbrt/npe.aspx (Windows)
McAfee Rootkit Remover: http://www.mcafee.com/us/downloads/free ... mover.aspx (Windows)
Tools for general virus and malware removal:
Microsoft Safety & Security Center: http://www.microsoft.com/security/ (Windows)
Malwarebytes Anti-Malware: http://malwarebytes.org/ (Windows, Android)
Spybot +AV: http://www.safer-networking.org/ (Windows)
OS X Gatekeeper: http://support.apple.com/kb/HT5290 (OS X)
AT&T Malware and Network Security analysts gather weekly to give you the information that you need to know about the latest security news and trends. Visit AT&T ThreatTraq at http://techchannel.att.com/showpage.cfm?ThreatTraq
Regards, AT&T Internet Services Security Center

Incident details for 108.207.169.142

Type: bedep
Source port: 52074
Destination IP: 208.xx.xx.234
Hostname: dcthrgaeqgjjbbea.com
Destination port: 80
For security reasons, the destination IP is partially obscured.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by ROBERT (administrator) on ROBSHP (15-04-2016 07:48:04)
Running from C:\Users\ROBERT\Downloads
Loaded Profiles: ROBERT (Available Profiles: ROBERT)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-09-16] (Realtek Semiconductor)
HKU\S-1-5-21-340307169-1632282712-3976785497-1002\...\MountPoints2: {64370cf0-d08d-11e5-8299-3ca82aa73734} - "F:\LaunchU3.exe" -a
HKU\S-1-5-21-340307169-1632282712-3976785497-1002\...\MountPoints2: {daaa1817-bb52-11e5-8296-3ca82aa73734} - "F:\HTC_Sync_Manager_PC.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{34929e00-4ccd-46ce-8368-4b185ea1c53a}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{85f1380a-f2c5-40f2-b3f8-79868419940b}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-340307169-1632282712-3976785497-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-12-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-21] (Foxit Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-03-06] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR Profile: C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-02]
CHR Extension: (Google Docs) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-02]
CHR Extension: (Google Drive) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-02]
CHR Extension: (Google Docs Offline) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\ROBERT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-10-07] () [File not signed]
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-10-07] (Advanced Micro Devices, Inc.) [File not signed]
S2 amdacpusrsvc; C:\AMD\amdacpusrsvc.exe [82432 2014-10-07] () [File not signed]
S4 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [98816 2014-10-11] () [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-02-09] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [103424 2015-01-30] (Softex Inc.) [File not signed]
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-09-16] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2015-01-26] (Advanced Micro Devices, INC.)
R2 AODDriver4.3; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
S3 aswTap; C:\Windows\System32\drivers\aswTap.sys [44640 2014-09-05] (The OpenVPN Project)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-09-20] (Realtek )
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [624424 2015-11-16] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4619520 2015-09-16] (Realtek Semiconductor Corporation )
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [214832 2015-12-08] (DEVGURU Co., LTD.(www.devguru.co.kr))
R5 SynTP; C:\Windows\System32\Drivers\SynTP.sys [862840 2015-12-09] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 SmbDrv; \SystemRoot\system32\DRIVERS\Smb_driver_AMDASF.sys [X]
S3 SmbDrvI; \SystemRoot\System32\drivers\Smb_driver_Intel.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-15 07:48 - 2016-04-15 07:48 - 00013315 _____ C:\Users\ROBERT\Downloads\FRST.txt
2016-04-15 07:47 - 2016-04-15 07:48 - 00000000 ____D C:\FRST
2016-04-15 07:42 - 2016-04-15 07:47 - 02375168 _____ (Farbar) C:\Users\ROBERT\Downloads\FRST64.exe
2016-04-13 11:50 - 2016-04-13 11:50 - 00000000 ____D C:\Users\ROBERT\AppData\Local\MediaShow
2016-04-13 10:07 - 2016-04-13 10:07 - 00000000 ____D C:\Users\ROBERT\Documents\CyberLink
2016-04-12 11:21 - 2016-04-12 11:21 - 00304317 _____ C:\Users\ROBERT\Downloads\CN201184433Y.pdf
2016-04-08 09:41 - 2016-04-08 09:41 - 00028812 _____ C:\Users\ROBERT\Downloads\EStatement-2014-06-04-34878.pdf
2016-04-08 09:40 - 2016-04-08 09:40 - 00012627 _____ C:\Users\ROBERT\Downloads\EStatement-2014-12-03-34850.pdf
2016-04-08 09:40 - 2016-04-08 09:40 - 00007507 _____ C:\Users\ROBERT\Downloads\EStatement-2014-07-07-34832.pdf
2016-04-08 09:39 - 2016-04-08 09:39 - 00040442 _____ C:\Users\ROBERT\Downloads\EStatement-2014-09-04-34737.pdf
2016-04-08 09:39 - 2016-04-08 09:39 - 00029159 _____ C:\Users\ROBERT\Downloads\EStatement-2014-08-05-34777.pdf
2016-04-08 09:37 - 2016-04-08 09:37 - 00018690 _____ C:\Users\ROBERT\Downloads\EStatement-2014-10-06-34662.pdf
2016-04-08 09:30 - 2016-04-08 09:30 - 00000910 _____ C:\Users\ROBERT\Downloads\TransactionList-2016-04-08-34252.pdf
2016-03-31 12:50 - 2016-03-31 12:50 - 00002254 _____ C:\Users\ROBERT\Desktop\%2Fussplex%2Fdata%2Fappsprd%2FIRPA%2Fpdf_files%2Firpa160331153CDCB253ED1A30.pdf
2016-03-29 22:49 - 2016-03-29 22:49 - 00638851 _____ C:\Users\ROBERT\Downloads\getimage (19).tif
2016-03-27 00:30 - 2016-03-27 00:30 - 00001293 _____ C:\AdwCleaner[C3].txt
2016-03-27 00:29 - 2016-03-27 00:30 - 00001127 _____ C:\AdwCleaner[S3].txt
2016-03-27 00:28 - 2016-03-27 00:28 - 00000000 ____D C:\Program Files (x86)\ESET
2016-03-24 21:39 - 2016-03-24 21:50 - 00007608 _____ C:\Users\ROBERT\AppData\Local\resmon.resmoncfg
2016-03-24 21:19 - 2016-03-24 21:19 - 00000000 ____H C:\Users\ROBERT\Documents\Default.rdp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-15 07:10 - 2015-11-16 04:28 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-15 07:10 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-15 07:00 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-14 01:58 - 2015-08-02 07:29 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-14 01:37 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-14 01:37 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-14 01:37 - 2015-07-31 03:17 - 00000000 ____D C:\Users\ROBERT\AppData\Local\Packages
2016-04-13 18:45 - 2015-07-31 12:08 - 00453280 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-13 10:10 - 2015-05-22 17:28 - 00000000 ____D C:\ProgramData\CyberLink
2016-04-13 10:07 - 2015-12-29 13:35 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\CyberLink
2016-04-13 10:07 - 2015-05-22 18:22 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2016-04-12 06:26 - 2015-07-31 03:22 - 00000000 ____D C:\Users\ROBERT\Documents\Youcam
2016-04-12 02:50 - 2015-08-02 07:32 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-12 02:50 - 2015-08-02 07:32 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-10 16:37 - 2015-09-20 10:46 - 00003246 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForROBERT
2016-04-10 16:37 - 2015-09-20 10:46 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForROBERT.job
2016-04-08 09:28 - 2015-11-16 04:29 - 00000000 ____D C:\Users\ROBERT
2016-04-07 16:26 - 2015-11-16 04:25 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-04-07 16:24 - 2015-05-22 17:26 - 00000000 ____D C:\Program Files\CyberLink
2016-04-07 16:24 - 2015-03-06 05:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-07 16:23 - 2015-01-29 11:54 - 00000000 ____D C:\SWSetup
2016-04-07 15:57 - 2015-08-12 08:33 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\Kingsoft
2016-04-07 15:57 - 2015-08-12 08:33 - 00000000 ____D C:\Users\ROBERT\AppData\Local\Kingsoft
2016-04-07 15:57 - 2015-05-22 17:37 - 00000000 ____D C:\ProgramData\Kingsoft
2016-04-07 15:57 - 2015-05-22 17:36 - 00000000 ____D C:\Program Files (x86)\Kingsoft
2016-04-07 15:56 - 2015-07-31 03:17 - 00000000 ____D C:\Users\ROBERT\AppData\Roaming\Synaptics
2016-04-07 15:45 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-07 15:31 - 2015-11-16 04:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-07 15:31 - 2015-11-16 04:26 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-04-07 15:31 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-01 17:09 - 2015-08-07 08:47 - 00000000 ____D C:\Users\ROBERT\AppData\Local\ElevatedDiagnostics
2016-03-27 00:35 - 2015-11-03 04:34 - 00001344 _____ C:\Users\ROBERT\Desktop\Revo Uninstaller.lnk
2016-03-24 07:16 - 2015-08-14 21:13 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

==================== Files in the root of some directories =======

2016-03-24 21:39 - 2016-03-24 21:50 - 0007608 _____ () C:\Users\ROBERT\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\ROBERT\AppData\Local\Temp\COMAP.EXE
C:\Users\ROBERT\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-10 19:55

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by ROBERT (2016-04-15 07:49:50)
Running from C:\Users\ROBERT\Downloads
Windows 10 Home Version 1511 (X64) (2015-11-16 09:49:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-340307169-1632282712-3976785497-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-340307169-1632282712-3976785497-503 - Limited - Disabled)
Guest (S-1-5-21-340307169-1632282712-3976785497-501 - Limited - Disabled)
ROBERT (S-1-5-21-340307169-1632282712-3976785497-1002 - Administrator - Enabled) => C:\Users\ROBERT

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{B779ADE0-6AC6-69FE-3BD8-07CA318BC267}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-340307169-1632282712-3976785497-1002\...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
Coyote The Outlander (x32 Version: 3.0.2.59 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6618 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.5.6618 - CyberLink Corp.) Hidden
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5011 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink PowerBackup 2.6 (HKLM-x32\...\InstallShield_{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.6.2.1307 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.3.3812 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.3.3812 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.4930 - CyberLink Corp.)
Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.3.0 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Foxit PhantomPDF (HKLM-x32\...\{00AB67E6-7A15-4357-95AA-F06A6950EA7C}) (Version: 7.0.39.113 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hidden Odyssey 2 in 1 Pack (x32 Version: 3.0.2.59 - WildTangent) Hidden
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{59661A32-F6FF-47EA-9276-0F882DC3BC9E}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7960.5089 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.39 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.2.8.17 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden
Insane Cold: Back to the Ice Age (x32 Version: 3.0.2.59 - WildTangent) Hidden
Inst5675 (Version: 8.01.39 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.39 - Softex Inc.) Hidden
Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mystery Expedition: Prisoners of Ice (x32 Version: 3.0.2.59 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.27 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.70 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.59 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rory's Restaurant (x32 Version: 3.0.2.59 - WildTangent) Hidden
Royal Envoy Double Pack (x32 Version: 3.0.2.59 - WildTangent) Hidden
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden
Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
UFR II Printer Driver Uninstaller (HKLM\...\Canon UFR II Printer Driver) (Version: 6, 3, 1, 0 - Canon Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.14 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-340307169-1632282712-3976785497-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ROBERT\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BF60D26-7003-4F64-9F79-7D51CAB84BDF} - System32\Tasks\HPCeeScheduleForROBERT => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {0E7B2656-CB0A-43E4-980B-C4E1B5D46155} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {1EA7C78E-DC18-42F0-A6D5-8D301A7C5F97} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-06-01] (McAfee, Inc.)
Task: {1FCF9ACA-9AE5-4AE3-B452-7AFD7E75483B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2BF4C591-6971-4D5F-AEF0-C1C6A0143220} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-11] (Hewlett-Packard)
Task: {365F382E-7164-472C-B372-4E8324C96C1B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3760FEFD-6640-4630-97AC-929516C5652E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02] (Google Inc.)
Task: {5E0BF44D-7B5A-4458-91F5-478307CC8896} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {5ED60A27-01B1-4914-B40D-80422F38420E} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-01-30] (Hewlett-Packard)
Task: {60BC5BAD-6C60-4483-9783-59D55D2B871F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {717BB70A-88AB-4973-8EC4-787A130EEC52} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {77849D8C-63D7-45E3-AFB0-324BA0D6457A} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-01-30] (Hewlett-Packard)
Task: {798C021C-E76C-4601-8082-028089682C83} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-01-30] (Hewlett-Packard)
Task: {7EDCA12E-466D-4B31-A207-F73E92EC6D89} - System32\Tasks\YCMServiceAgent => c:\Program Files (x86)\Cyberlink\YouCam\YouCamService.exe [2015-01-29] (CyberLink Corp.)
Task: {809A2445-A756-4D3B-8FAC-D3394E3F3496} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {9F47CEC6-B388-4C3E-AAA4-0B55D7D81E65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {AD8F8D81-8780-4A4D-B0B2-F9DFCFFEAEF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02] (Google Inc.)
Task: {C87491A6-14DE-4FF9-BB97-790B90D84D70} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DEFA174E-87B5-4A58-AF29-2DAD5D5CE6AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {DF4A6770-6166-495F-A910-0CEEF661BA56} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F5AF1913-9528-4CD2-8D36-66C769A51178} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForROBERT.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-10-07 02:59 - 2014-10-07 02:59 - 00127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-10-07 02:59 - 2014-10-07 02:59 - 00140288 _____ () c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-03 17:13 - 2016-02-23 06:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-03 17:13 - 2016-02-23 06:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-12 20:27 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-03 17:13 - 2016-02-23 03:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-03-03 17:12 - 2016-02-23 03:38 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-01-30 22:09 - 2015-01-30 22:09 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-01-30 22:07 - 2015-01-30 22:07 - 02169344 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2015-01-30 22:05 - 2015-01-30 22:05 - 00035840 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2015-01-30 22:05 - 2015-01-30 22:05 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2016-01-12 20:28 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 20:27 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 01:19 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 01:19 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-29 06:30 - 2016-03-29 06:31 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-29 06:30 - 2016-03-29 06:31 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-04-12 02:50 - 2016-04-06 05:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-12 02:50 - 2016-04-06 05:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-340307169-1632282712-3976785497-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\hewlett-packard backgrounds\backgrounddefault.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Kingsoft_WPS_UpdateService => 2
MSCONFIG\Services: RichVideo64 => 2
HKU\S-1-5-21-340307169-1632282712-3976785497-1002\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1CA96C3C-3894-4E31-B93E-6B377E493805}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{ABB7347A-66B9-40D6-83AE-5CE6FE917E7C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{7ACFE290-6AAB-4927-B0ED-1C62BAF6A769}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{17201987-1383-42C3-8FC0-B398497F43C6}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{651DE1A4-9E93-4130-B0D6-3718A60F1477}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{00B69E50-D203-481C-B840-95C2CDEAEEA3}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{63B3EB53-E502-42FE-BA29-FA51984EE291}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{FDD5BBF1-09BB-4A21-A2BE-4986858AF6E0}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{BEC026BA-84B7-4041-80FD-FDC25F3F045E}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{4F7F7531-8A1B-4556-95FD-E33978F33434}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{6FDEAE9C-DF18-434F-80F9-488352B1D6A8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

27-03-2016 00:24:03 JRT Pre-Junkware Removal
31-03-2016 14:42:03 Removed 7-Zip 9.20 (x64 edition)
05-04-2016 21:04:24 Windows Update
07-04-2016 16:01:10 HPSF Applying updates

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2016 06:24:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ClientCore.exe, version: 8.0.1.39, time stamp: 0x54cb8a33
Faulting module name: autheng.dll, version: 0.0.0.0, time stamp: 0x54cb890a
Exception code: 0xc0000005
Fault offset: 0x0000000000037287
Faulting process id: 0x554
Faulting application start time: 0xClientCore.exe0
Faulting application path: ClientCore.exe1
Faulting module path: ClientCore.exe2
Report Id: ClientCore.exe3
Faulting package full name: ClientCore.exe4
Faulting package-relative application ID: ClientCore.exe5

Error: (04/12/2016 01:23:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ClientCore.exe, version: 8.0.1.39, time stamp: 0x54cb8a33
Faulting module name: autheng.dll, version: 0.0.0.0, time stamp: 0x54cb890a
Exception code: 0xc0000005
Fault offset: 0x0000000000037287
Faulting process id: 0x1088
Faulting application start time: 0xClientCore.exe0
Faulting application path: ClientCore.exe1
Faulting module path: ClientCore.exe2
Report Id: ClientCore.exe3
Faulting package full name: ClientCore.exe4
Faulting package-relative application ID: ClientCore.exe5

Error: (04/10/2016 07:11:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ClientCore.exe, version: 8.0.1.39, time stamp: 0x54cb8a33
Faulting module name: autheng.dll, version: 0.0.0.0, time stamp: 0x54cb890a
Exception code: 0xc0000005
Fault offset: 0x0000000000037287
Faulting process id: 0x1d90
Faulting application start time: 0xClientCore.exe0
Faulting application path: ClientCore.exe1
Faulting module path: ClientCore.exe2
Report Id: ClientCore.exe3
Faulting package full name: ClientCore.exe4
Faulting package-relative application ID: ClientCore.exe5

Error: (04/10/2016 04:31:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ClientCore.exe, version: 8.0.1.39, time stamp: 0x54cb8a33
Faulting module name: autheng.dll, version: 0.0.0.0, time stamp: 0x54cb890a
Exception code: 0xc0000005
Fault offset: 0x0000000000037287
Faulting process id: 0x10cc
Faulting application start time: 0xClientCore.exe0
Faulting application path: ClientCore.exe1
Faulting module path: ClientCore.exe2
Report Id: ClientCore.exe3
Faulting package full name: ClientCore.exe4
Faulting package-relative application ID: ClientCore.exe5

Error: (04/08/2016 12:12:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ClientCore.exe, version: 8.0.1.39, time stamp: 0x54cb8a33
Faulting module name: autheng.dll, version: 0.0.0.0, time stamp: 0x54cb890a
Exception code: 0xc0000005
Fault offset: 0x0000000000037287
Faulting process id: 0xac
Faulting application start time: 0xClientCore.exe0
Faulting application path: ClientCore.exe1
Faulting module path: ClientCore.exe2
Report Id: ClientCore.exe3
Faulting package full name: ClientCore.exe4
Faulting package-relative application ID: ClientCore.exe5

Error: (04/08/2016 09:28:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ClientCore.exe, version: 8.0.1.39, time stamp: 0x54cb8a33
Faulting module name: autheng.dll, version: 0.0.0.0, time stamp: 0x54cb890a
Exception code: 0xc0000005
Fault offset: 0x0000000000037287
Faulting process id: 0x1638
Faulting application start time: 0xClientCore.exe0
Faulting application path: ClientCore.exe1
Faulting module path: ClientCore.exe2
Report Id: ClientCore.exe3
Faulting package full name: ClientCore.exe4
Faulting package-relative application ID: ClientCore.exe5

Error: (04/07/2016 04:01:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Synaptics TouchPad Driver.

System Error:
The system cannot find the file specified.
.

Error: (04/07/2016 04:01:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/07/2016 03:37:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/07/2016 03:32:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ClientCore.exe, version: 8.0.1.39, time stamp: 0x54cb8a33
Faulting module name: autheng.dll, version: 0.0.0.0, time stamp: 0x54cb890a
Exception code: 0xc0000005
Fault offset: 0x0000000000037287
Faulting process id: 0xc74
Faulting application start time: 0xClientCore.exe0
Faulting application path: ClientCore.exe1
Faulting module path: ClientCore.exe2
Report Id: ClientCore.exe3
Faulting package full name: ClientCore.exe4
Faulting package-relative application ID: ClientCore.exe5


System errors:
=============
Error: (04/15/2016 07:01:55 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (04/15/2016 01:12:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/15/2016 12:58:36 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (04/14/2016 02:03:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/14/2016 01:34:59 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (04/14/2016 01:31:21 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (04/13/2016 12:13:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/13/2016 12:04:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (04/13/2016 11:59:01 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (04/13/2016 10:07:04 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}


CodeIntegrity:
===================================
Date: 2016-04-07 15:42:01.050
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-04-07 10:22:20.207
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-31 13:00:00.876
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-25 11:57:14.443
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-24 22:11:48.235
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-22 11:53:59.087
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-15 19:55:42.874
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-15 18:23:26.136
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-10 14:18:11.652
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-03-10 08:18:59.599
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A8-7050 Radeon R5, 6 Compute Cores 2C+4G
Percentage of memory in use: 41%
Total physical RAM: 7117.97 MB
Available physical RAM: 4129.1 MB
Total Virtual: 8269.97 MB
Available Virtual: 4454.06 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:902.72 GB) (Free:836.37 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:26.97 GB) (Free:3.01 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (MOT) (Removable) (Total:7.39 GB) (Free:7.36 GB) FAT32
Drive z: () (Fixed) (Total:0.25 GB) (Free:0.15 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BCA63D46)

Partition: GPT.

========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am
Advertisement
Register to Remove

Re: I think I could be infected help please!!!

Unread postby Gary R » April 18th, 2016, 4:50 pm

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: I think I could be infected help please!!!

Unread postby Gary R » April 18th, 2016, 5:05 pm

No obvious signs of infection leaping out at me from your FRST logs, there are one or two things that need checking out, but I think we need to run some further checks before we can say your machine is clean.

First ...

I'd like you to check some files for Viruses.
c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\AMD\amdacpusrsvc.exe
C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe

  • Browse to the first file in the quote box above.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Note details of any viruses found.
  • Repeat for all files on the list, and post me the details please.

Next ...

I'd like you to run an online scan for me ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Finally ...

Download TDSSKiller.exe to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • When prompted by UAC allow the prompt.
  • Accept the EULA from TDSSKiller.
  • Accept the KSN Statement.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Copy/Paste the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING THAT IT FINDS AT THIS POINT DOING SO COULD LEAVE YOU WITH AN UNBOOTABLE COMPUTER

Summary of the logs I need from you in your next post:
  • Results from VirusTotal or Jotti's
  • ESET.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: I think I could be infected help please!!!

Unread postby rmrrar » April 19th, 2016, 8:21 pm

hello do I copy the logs into the virius total choose box?
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: I think I could be infected help please!!!

Unread postby Gary R » April 20th, 2016, 1:28 am

No, you go to VirusTotal using the link I provided, you click on Choose File, a file browser will open, and you browse to c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe then click Scan It

VirusTotal will scan the file and then issue a report. Look through the report and note down if there are any positive hits.

When that's finished, repeat with the second file ... c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

Continue till you've worked your way through all the files I listed to be checked.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: I think I could be infected help please!!!

Unread postby rmrrar » April 20th, 2016, 2:59 am

Ok,
there weren't any results from virustotal or from eset. Here are the txt from tdskiller . I also recieved another email from at&t saying the same thing now the 2nd one

01:35:08.0039 0x1c78 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
01:35:08.0039 0x1c78 UEFI system
01:35:25.0202 0x1c78 ============================================================
01:35:25.0202 0x1c78 Current date / time: 2016/04/20 01:35:25.0202
01:35:25.0202 0x1c78 SystemInfo:
01:35:25.0203 0x1c78
01:35:25.0203 0x1c78 OS Version: 10.0.10586 ServicePack: 0.0
01:35:25.0203 0x1c78 Product type: Workstation
01:35:25.0203 0x1c78 ComputerName: ROBSHP
01:35:25.0203 0x1c78 UserName: ROBERT
01:35:25.0203 0x1c78 Windows directory: C:\WINDOWS
01:35:25.0203 0x1c78 System windows directory: C:\WINDOWS
01:35:25.0204 0x1c78 Running under WOW64
01:35:25.0204 0x1c78 Processor architecture: Intel x64
01:35:25.0204 0x1c78 Number of processors: 2
01:35:25.0204 0x1c78 Page size: 0x1000
01:35:25.0204 0x1c78 Boot type: Normal boot
01:35:25.0204 0x1c78 ============================================================
01:35:25.0608 0x1c78 KLMD registered as C:\WINDOWS\system32\drivers\19452046.sys
01:35:27.0619 0x1c78 System UUID: {F0DBB622-EB60-6D9C-449E-2DF7B9E0CFEE}
01:35:28.0402 0x1c78 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:35:28.0407 0x1c78 ============================================================
01:35:28.0408 0x1c78 \Device\Harddisk0\DR0:
01:35:28.0408 0x1c78 GPT partitions:
01:35:28.0408 0x1c78 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {73DD3734-D243-4AC5-B479-936F4BCEE8C8}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x145000
01:35:28.0408 0x1c78 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {A65BE519-2357-459F-B5E5-F1781DA6EDE5}, Name: EFI system partition, StartLBA 0x145800, BlocksNum 0x82000
01:35:28.0408 0x1c78 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {81637EF5-C902-44A3-9F20-CEFB1F79E629}, Name: Microsoft reserved partition, StartLBA 0x1C7800, BlocksNum 0x40000
01:35:28.0409 0x1c78 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {1C7EA4D0-82EC-4B9B-8FEA-D093233440F8}, Name: Basic data partition, StartLBA 0x207800, BlocksNum 0x70D71CA9
01:35:28.0409 0x1c78 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {AB1D459C-0DD0-45BD-89DB-CF171D6F53B4}, Name: , StartLBA 0x70F79800, BlocksNum 0x197800
01:35:28.0409 0x1c78 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A30A87E8-CBA6-4144-83A2-B80937816DF4}, Name: Basic data partition, StartLBA 0x71111000, BlocksNum 0x35F3000
01:35:28.0409 0x1c78 MBR partitions:
01:35:28.0409 0x1c78 ============================================================
01:35:28.0435 0x1c78 C: <-> \Device\Harddisk0\DR0\Partition4
01:35:28.0483 0x1c78 D: <-> \Device\Harddisk0\DR0\Partition6
01:35:28.0484 0x1c78 ============================================================
01:35:28.0484 0x1c78 Initialize success
01:35:28.0484 0x1c78 ============================================================
01:35:42.0718 0x12d8 ============================================================
01:35:42.0719 0x12d8 Scan started
01:35:42.0719 0x12d8 Mode: Manual;
01:35:42.0719 0x12d8 ============================================================
01:35:42.0719 0x12d8 KSN ping started
01:35:43.0914 0x12d8 KSN ping finished: true
01:35:46.0926 0x12d8 ================ Scan system memory ========================
01:35:46.0926 0x12d8 System memory - ok
01:35:46.0927 0x12d8 ================ Scan services =============================
01:35:47.0099 0x12d8 [ DF1C3D7E6C7929AD83BE22852B5B08CB, 9ECF6211CCD30273A23247E87C31B3A2ACDA623133CEF6E9B3243463C0609C5F ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
01:35:47.0114 0x12d8 1394ohci - ok
01:35:47.0152 0x12d8 [ 2C5B3035B86770ADD2FE9BFBAF5B35A4, 19E16F9144FE3E33B5FF248CF0040AB079ACAE22290B1369CC72AE4CB5FE3A90 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
01:35:47.0160 0x12d8 3ware - ok
01:35:47.0222 0x12d8 [ 469441BAE3FF8A16826FC62C51EF5E18, E1204677B87F47222D05F670F8DF3DB65EA0881782A8DCFBE0103478ED71187C ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
01:35:47.0253 0x12d8 ACPI - ok
01:35:47.0281 0x12d8 [ 7EADED8087C392876521F7EBCE846EF4, 99BF1BD948F97C1ECBC049C7F949B71D73D0B41FB505B2F75B208E655F7DC8A3 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
01:35:47.0289 0x12d8 acpiex - ok
01:35:47.0313 0x12d8 [ C498887123327CDFD73A05E7A2780920, B45392C46254FCB8D79B6C3A82C8D894063199E6167D8E5F7EA7D60C75CD16EA ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
01:35:47.0317 0x12d8 acpipagr - ok
01:35:47.0349 0x12d8 [ C8DBE6EFFCF014CAA010B9BDDAC833EC, 96FC29340C62A6B0910DCCBF8945F32089FC300F45B451A540B8854D53734298 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
01:35:47.0352 0x12d8 AcpiPmi - ok
01:35:47.0374 0x12d8 [ 17039DBEB3B7B9ADCDB4B4533AA9771F, A4D38B144639A20B8B31E4F35FB776A028DB502FAC849FC73EECEB3CCD91830B ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
01:35:47.0377 0x12d8 acpitime - ok
01:35:47.0439 0x12d8 [ 9CB75F483435D051A7C028912892D6A2, 95C131880A7624A6205AFA03755BD9DB328527DC6186C4E241E8829FC7C845F7 ] AdaptiveSleepService c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
01:35:47.0448 0x12d8 AdaptiveSleepService - ok
01:35:47.0554 0x12d8 [ F7D0CD345D2DA42E7042ABCD73662403, 03183F90A994D69066F15C3DFC1D7D7514AEAF46A5AAC059B1FB327F8C30A35C ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS
01:35:47.0643 0x12d8 ADP80XX - ok
01:35:47.0710 0x12d8 [ 70148EFA9A562E7185B75BBE7D376BF7, 8200E3349A1AFA1040B3D956A17BAF3CDC784A1A3CA396125E7872B36C03D84A ] AFD C:\WINDOWS\system32\drivers\afd.sys
01:35:47.0739 0x12d8 AFD - ok
01:35:47.0768 0x12d8 [ 870F1A2C936F92B5D053DF7EC75B352F, D617524FD5886D6D3BC2EFBBB5EA310E906454CD7CA7257C3D7BDEA8C4F2DA71 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
01:35:47.0773 0x12d8 agp440 - ok
01:35:47.0810 0x12d8 [ 3DF7751D5DC6525E7DC6617FBB45054F, 8E6D4C809DB3B66E7558C4829E01F5C227EE614AC82F33FD99DCC629770D1BE3 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys
01:35:47.0823 0x12d8 ahcache - ok
01:35:47.0851 0x12d8 [ 19707ECBCEA71080A85DB2336580DB39, A09AE69C9DE2F3765417F212453B6927C317A94801AE68FBA6A8E8A7CB16CED7 ] AJRouter C:\WINDOWS\System32\AJRouter.dll
01:35:47.0855 0x12d8 AJRouter - ok
01:35:47.0893 0x12d8 [ AA91A5E156D0364ABA7B01658C2EB014, F61055D581745023939C741CAB3370074D1416BB5A0BE0BD47642D5A75669E12 ] ALG C:\WINDOWS\System32\alg.exe
01:35:47.0901 0x12d8 ALG - ok
01:35:47.0938 0x12d8 [ 23D869881D465D75D28F05911B73B573, B21E5D7396E2C69D4334D40A3CC1831D3F899AE332E6D358BCF8FC69030BDD6B ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
01:35:47.0954 0x12d8 AMD External Events Utility - ok
01:35:47.0981 0x12d8 AMD FUEL Service - ok
01:35:48.0010 0x12d8 [ DCB910BC0B6C60791CB592BEE3E10206, B5CAE346AD25C3F2CEF58EAA6E8C74BDC28DF2F1CE265673500F9A4C0DE31215 ] amdacpusrsvc C:\AMD\amdacpusrsvc.exe
01:35:48.0076 0x12d8 amdacpusrsvc - ok
01:35:48.0100 0x12d8 [ C3E8F88B4D196110673DA03E2E95D83B, E4F80DCAD69BCF6D0821AB27BA3BBAEB3C5A9C3CB089BC86B6FAE78B7A441EA1 ] AmdAS4 C:\WINDOWS\System32\drivers\AmdAS4.sys
01:35:48.0103 0x12d8 AmdAS4 - ok
01:35:48.0133 0x12d8 [ B70F0F2F54B4A4DB6E9C830454752F5A, C882DEAC30812E5FA4479A8CB688603C6AF269EF08236688F4C5E7EBED1D4572 ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
01:35:48.0142 0x12d8 AmdK8 - ok
01:35:48.0153 0x12d8 amdkmdag - ok
01:35:48.0232 0x12d8 [ DA82A3CAB7083267BBF0F0066354055C, CC676BC80E29B5EFC0C79D523869C903CB60E7F759C0400BE8094354FD034AA6 ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
01:35:48.0270 0x12d8 amdkmdap - ok
01:35:48.0319 0x12d8 [ 35E890482C9728DD5C552B85DA8A5AB2, 1E0EB7D902AB4C38E23CAFC0BEA250E7F6E180E8814385B4F29730BFC373A191 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
01:35:48.0327 0x12d8 AmdPPM - ok
01:35:48.0355 0x12d8 [ 5B30BCFE6E02E45D3EE268FF001BC5E0, 9901DB728885CE36911F79998629B2DD42D56AF9633B5277834F498CC59B0346 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
01:35:48.0360 0x12d8 amdsata - ok
01:35:48.0402 0x12d8 [ F20B30F35A5C7888441B4DCA001ECF8E, 695A5BC1F18B65992EB06A202AD3CBFA17228E76DDFD1AE6977FD315724F75C2 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
01:35:48.0417 0x12d8 amdsbs - ok
01:35:48.0441 0x12d8 [ AFE838D7576C581D6483529621AB10CC, 14476A04CC64E7A0F1BBFDACCBD7A87F384BE1877C27656DBB973AF3975D4AE2 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
01:35:48.0444 0x12d8 amdxata - ok
01:35:48.0478 0x12d8 [ 10378ADFA7F832B68616C3B8C6470DBB, 4738F81C40BF3B75612E983AC0DADCA8B4A7D3A5B3FBB5058B93D421A32979AC ] AODDriver4.3 c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
01:35:48.0482 0x12d8 AODDriver4.3 - ok
01:35:48.0543 0x12d8 [ ADFFD587A8CBDCEB0566521ACEF707DB, 17CF539B17FAAF4CC4306B6D2BBD36D80C93FB49A614293D7351A92445C6C1D0 ] AppHostSvc C:\WINDOWS\system32\inetsrv\apphostsvc.dll
01:35:48.0548 0x12d8 AppHostSvc - ok
01:35:48.0599 0x12d8 [ EDDB0D726DBECDFC1DBCC6DB464E5A13, 98D128D1E6FA270ED9ADBFE50078F68A794C00D4CBB86E28EC6161FFAD0CA8FF ] AppID C:\WINDOWS\system32\drivers\appid.sys
01:35:48.0608 0x12d8 AppID - ok
01:35:48.0632 0x12d8 [ 7A55F9237F726D1667073A47B0D1B90F, 7C2D9AA84F1D4CC6C1FAF6848DF9479A534E01029C4387E8C0647745F1E74603 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
01:35:48.0636 0x12d8 AppIDSvc - ok
01:35:48.0661 0x12d8 [ 56E219DF92BE16F62308F884739BE022, FE189EE8A52BC5A0E6B76C632021F84F60307A182F2A67C0C0C7CAA72DEFC723 ] Appinfo C:\WINDOWS\System32\appinfo.dll
01:35:48.0667 0x12d8 Appinfo - ok
01:35:48.0724 0x12d8 [ 610499A73DF3599608EBB6B3F9929052, A9CA49C4A39A825916AB3791090BCFC7044FDB6B2C3538E01F0CFBC2A9931152 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll
01:35:48.0753 0x12d8 AppReadiness - ok
01:35:48.0918 0x12d8 [ 0F3C165B71F8140F50A1DB5DE3E6D695, 7AD0F130088B3A964739C3194CF09E79B6B5D761B064071B9AC11D9B65F5D523 ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll
01:35:49.0055 0x12d8 AppXSvc - ok
01:35:49.0089 0x12d8 [ E3FE8F610B1CC12BC3B2E6BC43DC97E2, 0E18542CF2095A9ADA1759AB8F986E78B0A50A3C6B2AD4EACD80A23D832A2C6D ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
01:35:49.0100 0x12d8 arcsas - ok
01:35:49.0214 0x12d8 [ 00B0FDD484914F388B5441285FDE24CB, 90AA8A12BB235BFC3A924F0E23BCEE8742817E3BC5A85E49D8AF8B52E8158ECB ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:35:49.0230 0x12d8 aspnet_state - ok
01:35:49.0261 0x12d8 [ E4ABC023E251D2BB6B98C9FCAF5CF16D, 2A94320A3EF16E641B693BF6EABABB57C891B914B00F73ACD7ADB8CA5089EC40 ] aswTap C:\WINDOWS\System32\drivers\aswTap.sys
01:35:49.0265 0x12d8 aswTap - ok
01:35:49.0294 0x12d8 [ 5E00748A1AD246CAECBBB7553BED36CC, DAD2C93F0894E7BB5E5D8D767D8286A909086B49172C504A01097C3A180998C6 ] AsyncMac C:\WINDOWS\System32\drivers\asyncmac.sys
01:35:49.0296 0x12d8 AsyncMac - ok
01:35:49.0322 0x12d8 [ 492B99D2E3D5D7BFD5F0AE1BE7BD37DD, A3F6BFC4FDC1933FBF3145019B118689A414108B04F43E2563946B2673C89324 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
01:35:49.0325 0x12d8 atapi - ok
01:35:49.0379 0x12d8 [ 0966FD5BAB1F9BE200875E9EED0A0A13, F4BE70C0581B51ED6DAE6412A5FF74AE310BF88DE89C5A5E5880BEED543B01D7 ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWT6.sys
01:35:49.0385 0x12d8 AtiHDAudioService - ok
01:35:49.0445 0x12d8 [ 42BF7FA295F453618104B5A50BEE105B, AB44BA2AD2FC5AF3B6BE4489C444C03FD1AB02C22109BF5F39BE459294C4CB18 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
01:35:49.0462 0x12d8 AudioEndpointBuilder - ok
01:35:49.0558 0x12d8 [ 2A2C0983B6FE62F02E7183335B1F5C20, 07845269FE72894D31D3FC927EECE26333AE9A2149A995DA4AE007276B05C647 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
01:35:49.0645 0x12d8 Audiosrv - ok
01:35:49.0690 0x12d8 [ 7062CE507814D5306DCA5D6A15B7B6B6, 9D60506003A66C2E516B1FCB70CC5B26FB3A9948B95D97C828DD0328E76F2C91 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
01:35:49.0699 0x12d8 AxInstSV - ok
01:35:49.0771 0x12d8 [ 6447BA6FA709514B6C803D159B4C7D1E, 549DDCEAD93DF333F6BBD56A9258A867E4DA219741C00D48C68F8F230A87B11A ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
01:35:49.0799 0x12d8 b06bdrv - ok
01:35:49.0835 0x12d8 [ B4AC08B1D04D0CE085435E5CD0E663C5, 61E641388E5692B2EB351E44BA1DB86B5305DD105EE56865D59072CA9407C8AC ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
01:35:49.0842 0x12d8 BasicDisplay - ok
01:35:49.0864 0x12d8 [ 25B5BB369DEE2BAE4BF459C978FF9035, DBC2157B2AC0BC92B4011CE5E01F2DCDAAE71E37D9D21102503C6455FAAC4DCA ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
01:35:49.0867 0x12d8 BasicRender - ok
01:35:49.0893 0x12d8 [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn C:\WINDOWS\System32\drivers\bcmfn.sys
01:35:49.0896 0x12d8 bcmfn - ok
01:35:49.0915 0x12d8 [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
01:35:49.0917 0x12d8 bcmfn2 - ok
01:35:49.0974 0x12d8 [ F374C27099807E99A156953F8416D34A, D267B8CD837290F9FC6B4FFD2DB8F54867D808FB155698FC7713BCAB3AE475B5 ] BDESVC C:\WINDOWS\System32\bdesvc.dll
01:35:49.0994 0x12d8 BDESVC - ok
01:35:50.0030 0x12d8 [ 5A88834AEE15D97695FAE0837B73B3E4, 03035FB51DE218B8EDB15129A0376DDED0C7E7B6DA58DD95B12E4E5C8D852ED8 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
01:35:50.0032 0x12d8 Beep - ok
01:35:50.0115 0x12d8 [ 37F5E2385CB4D10AB42186974B9C241A, D38FA2B8CE19AC32056060F04B04D031F1621C07528DEDCCD5A8C01AB0A35995 ] BFE C:\WINDOWS\System32\bfe.dll
01:35:50.0156 0x12d8 BFE - ok
01:35:50.0257 0x12d8 [ 64582C924C48175D52AED0D0E64AB413, 75DC6BC01D26A4BABEDB8013F0C106780F0991CA63075798C7C24B66022F58E3 ] BITS C:\WINDOWS\System32\qmgr.dll
01:35:50.0325 0x12d8 BITS - ok
01:35:50.0358 0x12d8 [ DA2C6F7ACE392193C424FEA975C5BFFB, 668F91F3E5F8EA170C10823D6959E0EDB32434C51FAA68BEA782EDDF5618690E ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
01:35:50.0364 0x12d8 bowser - ok
01:35:50.0430 0x12d8 [ 492FB85E61768950CDD27C87AED6E8FA, 1BFF11D899581E406D1AB5F2C66C9D816161ECF4B81AAACCCA3663875E86C0A5 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
01:35:50.0461 0x12d8 BrokerInfrastructure - ok
01:35:50.0496 0x12d8 [ A617BE5E429A035A1CA8217C1B16F0BB, 197EE6C6EB22FF8A626540886F5A2163CC4CB177504C5423856F54BF01EB0FF1 ] Browser C:\WINDOWS\System32\browser.dll
01:35:50.0504 0x12d8 Browser - ok
01:35:50.0598 0x12d8 [ 8930614CCA26B8AEE8B8160C44DC2458, F687C1B7EBAAB1127D03436BBDBE9964D7385E7BBC921B8DF44B9C62E2B99D25 ] BTDevManager C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
01:35:50.0658 0x12d8 BTDevManager - ok
01:35:50.0689 0x12d8 [ CAEC7BC11AF69A181AF7932E636E09E4, 503C69045F1E025CBEE2405043BB71CC58478985ECAF6587F73FCB57860F5709 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
01:35:50.0694 0x12d8 BthAvrcpTg - ok
01:35:50.0717 0x12d8 [ 5F2B4B32E986C058525D3BA2A475A16C, CEC5BB0B025DD9525CFBBEDF6EB6F63336534798495A4F95763CE112DF915088 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
01:35:50.0722 0x12d8 BthHFEnum - ok
01:35:50.0773 0x12d8 [ 5406289E8AE2CB52FC408154E0A64BA7, 0A3795F2E6E2B51198452CF69A99159D8E11650E95F41DF0B575CB72F9C6C6B5 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
01:35:50.0776 0x12d8 bthhfhid - ok
01:35:50.0836 0x12d8 [ BAB101E7826BE287F79C4BA721621989, E6DD25C89267FE87253B8226292F2894F5E702075D3B23B09339D3B28744C060 ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
01:35:50.0856 0x12d8 BthHFSrv - ok
01:35:50.0881 0x12d8 [ A76F20CCCA31895A1DA78A875E50F946, ECD4B3670DA5984AA24F4354457B4E45983938A89FF6DB03B556A633B4B37E3C ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
01:35:50.0886 0x12d8 BTHMODEM - ok
01:35:50.0971 0x12d8 [ 2A0EF9AF5FD3FCCC25E17C47198D6E25, 4B548DD7235EF5EEC36AC443F9F44A042332BA01CB38B3D2E804618F2DC31813 ] BTHPORT C:\WINDOWS\System32\drivers\BTHport.sys
01:35:51.0022 0x12d8 BTHPORT - ok
01:35:51.0071 0x12d8 [ 7A177E18AA6A6A6365E6351C2BF8EDAE, A35224A20014B1215A6824AE5E17B8869A775EA272EF7F25EAFFA18733F8D09D ] bthserv C:\WINDOWS\system32\bthserv.dll
01:35:51.0078 0x12d8 bthserv - ok
01:35:51.0121 0x12d8 [ B13CB5CCEE91ACA77C985B8E0D53A7D4, 1DB76A52E30B3DCC0FAF8579A7D5A24AD010ACA7613FB00B541FDDED7BE3F08E ] BTHUSB C:\WINDOWS\System32\drivers\BTHUSB.sys
01:35:51.0127 0x12d8 BTHUSB - ok
01:35:51.0142 0x12d8 [ BF89BDBA5D3A0B4256D3F6FC8D31880D, 940F3BF55B88261C9E9A951A092331559FC5B24FE3BA0F1E1AB3450D2CA364C1 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
01:35:51.0146 0x12d8 buttonconverter - ok
01:35:51.0186 0x12d8 [ C24C27FDF93B85A4EFCF25F830253AA2, 35C87518BB59663B57C2361A13AD4E57E37392598F1EB9F07F86CA5A6321AF5A ] CapImg C:\WINDOWS\System32\drivers\capimg.sys
01:35:51.0227 0x12d8 CapImg - ok
01:35:51.0246 0x12d8 [ 7F9C7226D743B232907ED2537B8A574F, 2211AFC30E8F8FA03020DB48EE14914CD31E50BB6A63FF20AC7C6FA481E72C18 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
01:35:51.0252 0x12d8 cdfs - ok
01:35:51.0321 0x12d8 [ 0A92DC116CFC7F6BE8167DD25CB925CC, 50CAC7BE14FF69B10C029E049F7C441A5572540F027F95F940B185C76C689409 ] CDPSvc C:\WINDOWS\System32\CDPSvc.dll
01:35:51.0337 0x12d8 CDPSvc - ok
01:35:51.0367 0x12d8 [ 82D97776BF982AA143BDC7DFB5054EA8, 954F56728371E6B3514586DCEAF15C4727BAED6CAFBF788654C4E03BD702942C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
01:35:51.0378 0x12d8 cdrom - ok
01:35:51.0415 0x12d8 [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] CertPropSvc C:\WINDOWS\System32\certprop.dll
01:35:51.0427 0x12d8 CertPropSvc - ok
01:35:51.0461 0x12d8 [ 0505C1D991D0F9D47F3353BB98597C7E, 3B801CCF4980256327A4A9FBD98007DA1E3ACE9C94E5A4C23AB21303B46E8B5A ] circlass C:\WINDOWS\System32\drivers\circlass.sys
01:35:51.0465 0x12d8 circlass - ok
01:35:51.0509 0x12d8 [ 8B4B39C507ABA09AAFE8E3932D1B392C, 734700155A658BC08FC96E8F99A01DE7F7251D7DDEFA79D258B2EEB370BA7AA8 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
01:35:51.0528 0x12d8 CLFS - ok
01:35:51.0600 0x12d8 [ F7526C133AC265F283012E9CD751F873, 6AABDD92FD880F49F63C1CC478C3D8291AF670802CEC58B32730E7675D858D88 ] ClipSVC C:\WINDOWS\System32\ClipSVC.dll
01:35:51.0635 0x12d8 ClipSVC - ok
01:35:51.0686 0x12d8 [ 5C646CAC91E086F7FF53C7F2E857F263, 67AF6FBF88B7EE530A9BA53833EAFCC78BF8362E82BF81180858F1D17DFC73E6 ] CLVirtualDrive C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys
01:35:51.0693 0x12d8 CLVirtualDrive - ok
01:35:51.0730 0x12d8 [ 9731DAFDC7B690B2C7752FDFF045BFD8, 9DDBDC4FE519AF38993EAB2F16602B2B71CF8675BDD1F651F22DFA8C5C2C80F7 ] clwvd C:\WINDOWS\system32\DRIVERS\clwvd.sys
01:35:51.0734 0x12d8 clwvd - ok
01:35:51.0766 0x12d8 [ 95832B049E2833B9F5189823CDF946C7, 72773A42A89220B4A6AC72D1633B16F11191A44D876A44FAB5CEFB717CE3223D ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
01:35:51.0769 0x12d8 CmBatt - ok
01:35:51.0837 0x12d8 [ 3B866F8CB10719A5AF9E410B1B149714, B0A32B526290ED8E1DD93C70AB49DD417B82CA23D6B815163131247091D61DBA ] CNG C:\WINDOWS\system32\Drivers\cng.sys
01:35:51.0869 0x12d8 CNG - ok
01:35:51.0904 0x12d8 [ 58D640BC2294C71BDE0953F12D4B432F, 0B3B7659FCB97791A2A1F895C8E6F9078F855C94C13EB47464492588C4B02B85 ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
01:35:51.0907 0x12d8 cnghwassist - ok
01:35:51.0987 0x12d8 [ 14F9883588398A1BDE49C75098C75DE6, D9D82DE89FAFE60BC902683BC44C7555533A030150FD5E5A35A24542FACC5CAD ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
01:35:51.0990 0x12d8 CompositeBus - ok
01:35:52.0001 0x12d8 COMSysApp - ok
01:35:52.0029 0x12d8 [ 02B8E49148DE5E0A2F6FDF28CE94A6AC, EEA405823F441CA604BEAA44EB71A1D20BC80E124FF7B27380D0201AAF2E0849 ] condrv C:\WINDOWS\system32\drivers\condrv.sys
01:35:52.0032 0x12d8 condrv - ok
01:35:52.0110 0x12d8 [ DE6DF2C34718EADCFF8776E597F2104D, 35D03E95853CEAC69F674FB09C819A4698EBEDFD8AC0474F0ADF02741492401E ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
01:35:52.0153 0x12d8 CoreMessagingRegistrar - ok
01:35:52.0204 0x12d8 [ 2CE0D74AED86A372997E9D77AE10B9F5, 1AFAA22C68FD0B81F73CE0EB763AD77AB97E78916752843A5056E1352F0FEA82 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
01:35:52.0211 0x12d8 CryptSvc - ok
01:35:52.0237 0x12d8 [ 2619DC483579DB9FE804044C1ADFFD1A, 23A5420288735A980917091532BE7BB36EB51660AA4555C615AF736357EB02EC ] dam C:\WINDOWS\system32\drivers\dam.sys
01:35:52.0242 0x12d8 dam - ok
01:35:52.0322 0x12d8 [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
01:35:52.0373 0x12d8 DcomLaunch - ok
01:35:52.0416 0x12d8 [ 620921E77351FB651632322AD2C195C4, 5A98971995D7A2B5AE6BEA69344FCC6687B582FEF74BDA206D32FB2E6CEB0478 ] DcpSvc C:\WINDOWS\system32\dcpsvc.dll
01:35:52.0427 0x12d8 DcpSvc - ok
01:35:52.0484 0x12d8 [ 6129EA4294C5C69E4665801E95B16AB2, CE419186CF0F57434426FF925A09F13BE87639679CBB5F2074B0E1A243349D27 ] defragsvc C:\WINDOWS\System32\defragsvc.dll
01:35:52.0513 0x12d8 defragsvc - ok
01:35:52.0561 0x12d8 [ D12B9B6A6C4885824876422AACC89954, 5853ED5CAF84B7AAFF3EDC5C71FE23EB121DB681D81267D77118424BA9AB6F88 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
01:35:52.0585 0x12d8 DeviceAssociationService - ok
01:35:52.0616 0x12d8 [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
01:35:52.0628 0x12d8 DeviceInstall - ok
01:35:52.0647 0x12d8 [ 5BF8BD9B19D665452494C8D56DF4B28D, E5FC649207EF42C04B6737D442FECD3383E82F8998B140319FF400773F1D0978 ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
01:35:52.0651 0x12d8 DevQueryBroker - ok
01:35:52.0691 0x12d8 [ 935823F79CBEDB91637B63D37E3A5A36, BE9A46F1CA631B9252C71758901D55456DC3C143053003D9FA7D67811A1E5026 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
01:35:52.0700 0x12d8 Dfsc - ok
01:35:52.0738 0x12d8 [ 85137571AEC8AC757D497B9DD30D544D, 6E15C9FB4010B26A8E5AFD4E85F7362B2616EB8503ACCE28EC31AC1E7D18566F ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
01:35:52.0799 0x12d8 dg_ssudbus - ok
01:35:52.0842 0x12d8 [ 5841A361D28069DFC82E1E98040FDC3F, 3A48DB7ADE90654242CB54DAD07F5FF0CD5CABF372C50D5B2C4D7AED068986E1 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
01:35:52.0861 0x12d8 Dhcp - ok
01:35:52.0900 0x12d8 [ 9F5AC03F5A0000DD96FA29CD68A6605B, 6964E077635E65DA902CA6C69E704A9DCD5856D22BA75E1CF823E63E62266AF7 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
01:35:52.0903 0x12d8 diagnosticshub.standardcollector.service - ok
01:35:53.0046 0x12d8 [ 15D174719872A30F2FDD6B5B1B8BA5D9, B0E6FF6FC47B731C204F110D4B768231906B144B31F602ECE8EAC24D70BA880D ] DiagTrack C:\WINDOWS\system32\diagtrack.dll
01:35:53.0129 0x12d8 DiagTrack - ok
01:35:53.0172 0x12d8 [ 4904B152E4942BF700F2D73228B4D477, 0E5646DCA05A24C71F057C9F9F64AE992D338DA72DF3126175C2FA178854C30F ] disk C:\WINDOWS\system32\drivers\disk.sys
01:35:53.0179 0x12d8 disk - ok
01:35:53.0223 0x12d8 [ 49F069E2D22F33955A69D44DFD1B5179, 739C52C7B961BA683E8C7CCDB0E95423C17561B2F1F506BAE923DC53DB96B067 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
01:35:53.0243 0x12d8 DmEnrollmentSvc - ok
01:35:53.0264 0x12d8 [ 0197AE4B9790A4E73751CACFAA480126, 86BBB398F1A93754B2C329271F13A88FD2F285F30225C38F068F565CCA14EB9F ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
01:35:53.0267 0x12d8 dmvsc - ok
01:35:53.0304 0x12d8 [ 5EF8EC71A7A91F3DF7798BEFE6786B0E, A3A56B43C72926881C66B7A17C9EAA35C2D9603C8D3849438838536BCD3F4633 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
01:35:53.0310 0x12d8 dmwappushservice - ok
01:35:53.0353 0x12d8 [ 5839A317C25F70979433E0905DFABB1B, 7F1CD50C77A33A10259D8A208A355BE7ECAFEA69F810AD908EF8878A792741AF ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
01:35:53.0370 0x12d8 Dnscache - ok
01:35:53.0408 0x12d8 [ 1B15297A3A2CAB6BD586676154F389D8, 623D5F5FC8622B7D9AEEEB1787E6846C1570F0EEF94341239440B616D09D672A ] dot3svc C:\WINDOWS\System32\dot3svc.dll
01:35:53.0423 0x12d8 dot3svc - ok
01:35:53.0455 0x12d8 [ 316C2D8B8E3C0727969F1C3790EF7193, 631F8578FDB26578C8436E4B9C4DF21E1F58FCFE6DA66E5769AAC3739005D465 ] DPS C:\WINDOWS\system32\dps.dll
01:35:53.0466 0x12d8 DPS - ok
01:35:53.0492 0x12d8 [ 25FA06D3B49D6ADF8E874FFCDCD76B50, 9AF09B96ED79D94EA36581ABE6CC73313A72891779774B15860D018BEA2BBA0F ] drmkaud C:\WINDOWS\System32\drivers\drmkaud.sys
01:35:53.0494 0x12d8 drmkaud - ok
01:35:53.0531 0x12d8 [ 16EE6701115BECF8C657D9D6E123F6A1, 16E115B5245C3C988F8B58B90D30F183021C7C7792D3D1C74BEC606E49672B2A ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
01:35:53.0543 0x12d8 DsmSvc - ok
01:35:53.0582 0x12d8 [ FBC8C56814642A7CA88ACBCA8DD1121F, 108690704A359991C3D6577477E232F5F2F46B36DF6B4B0738A893EF05D7D4EB ] DsSvc C:\WINDOWS\System32\DsSvc.dll
01:35:53.0592 0x12d8 DsSvc - ok
01:35:53.0740 0x12d8 [ F45665E77D11F3C1552EDBEAD1559DC8, C7C4B493CB36A1A35B8CA33C044BA0ED273CDA80E36F48BFF7CE3A0356246838 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
01:35:53.0841 0x12d8 DXGKrnl - ok
01:35:53.0887 0x12d8 [ 0CDF6B61D7F7FFCD195AF0113B9B2C16, 828D3FA31742B54075EAED2E67BBB5166D2EF4F84B791077E96DC0BD5557F11E ] Eaphost C:\WINDOWS\System32\eapsvc.dll
01:35:53.0896 0x12d8 Eaphost - ok
01:35:54.0131 0x12d8 [ 491275B864B704B54EC08168344E0F38, B4849400C3F819CF7809A2001EA2ECB527022483F7DFE31C3930F951EAFE50CE ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
01:35:54.0304 0x12d8 ebdrv - ok
01:35:54.0393 0x12d8 [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] EFS C:\WINDOWS\System32\lsass.exe
01:35:54.0400 0x12d8 EFS - ok
01:35:54.0428 0x12d8 [ CEF108FCE06892CFA5F1B49527D4BF49, FA337584024B6E6EE4AF519F57FFA4C0FCA19EDC148FF309336C4CCA8F9C9CE8 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
01:35:54.0434 0x12d8 EhStorClass - ok
01:35:54.0464 0x12d8 [ 5B1EAAE3001A7A320C106FC3859F4111, 700BA2C7D4DFAFFEB78D3804B310A4EE5B4295C84600442665693FF661673951 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
01:35:54.0472 0x12d8 EhStorTcgDrv - ok
01:35:54.0512 0x12d8 [ E34DEFC09F2843C2C24C2248F1ABE6D8, 1FD67EB5820A1D2F4402DE9D95DE288DB69D421A8473074FF23491D7CA8B5ACE ] embeddedmode C:\WINDOWS\System32\embeddedmodesvc.dll
01:35:54.0521 0x12d8 embeddedmode - ok
01:35:54.0558 0x12d8 [ 062152DD5B225518A991DFCD8536770C, 5C8EF4E0C7DE3B24387FF239A8D0CDA39C2376826F16EAFF09739A6C7EDA01E0 ] EntAppSvc C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
01:35:54.0576 0x12d8 EntAppSvc - ok
01:35:54.0593 0x12d8 [ 7A2705148A4BB3CA255F81624338B461, 68AC8F8D2DD8AA4E8F2224A0054DE2AF67EA199217E87CD3C7299B021048F14F ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
01:35:54.0596 0x12d8 ErrDev - ok
01:35:54.0659 0x12d8 [ 17BE4A35829B37C742084DC02D48E5F0, 7FDA62B56DF585C3F2C6FFB10AC7C0D8F70FA921C4DEA47B2789745CFE2618CE ] EventSystem C:\WINDOWS\system32\es.dll
01:35:54.0686 0x12d8 EventSystem - ok
01:35:54.0730 0x12d8 [ DFE8A33FBCF6F38182631A4D6097B92D, F9D06780830E74FD5309E6DC5C3EEDB9334A8AE284F381FA91EF2729297F8632 ] exfat C:\WINDOWS\system32\drivers\exfat.sys
01:35:54.0747 0x12d8 exfat - ok
01:35:54.0787 0x12d8 [ 03DE0EC072C5EBD5B018CAD83F1E522A, 9D0B30A2870FBA20B95017CE3A4205F2DD53FE169A0D16715E962D83DE040FB3 ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
01:35:54.0805 0x12d8 fastfat - ok
01:35:54.0874 0x12d8 [ 952F10D2116B91BA433842D07879AE7A, 9E1EC0C719877EF198AA4DDBE896E9DDEAD360AAC1FC6DF305E7C5C73C7A761D ] Fax C:\WINDOWS\system32\fxssvc.exe
01:35:54.0909 0x12d8 Fax - ok
01:35:54.0930 0x12d8 [ 9D299AE86D671488926126A84DF77BFD, C076EEDD0524B7D88BC56C97089E0A836CC1AD725E1A544CC4F8DDBB6670C366 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
01:35:54.0934 0x12d8 fdc - ok
01:35:54.0966 0x12d8 [ 47D09B8C312658ACE433E46DDF51C3A5, E76948DA0F51C7DC6D69B7E36D63CE6E98FDE619FA30E91637F75B5084107D22 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
01:35:54.0970 0x12d8 fdPHost - ok
01:35:54.0985 0x12d8 [ 177AC945B20C81400A1525ED7B49A425, FD215A2E718EA38A95D985F53AB3DD44B50C2549AA67F44BA98C4709E492051F ] FDResPub C:\WINDOWS\system32\fdrespub.dll
01:35:54.0991 0x12d8 FDResPub - ok
01:35:55.0021 0x12d8 [ 3E78BEC276DA5A062E4D55F3291B3463, 62983457F506C70D1F89F527AB61C1C0F4D1B002631256A2708F9AF092A8C95E ] fhsvc C:\WINDOWS\system32\fhsvc.dll
01:35:55.0030 0x12d8 fhsvc - ok
01:35:55.0073 0x12d8 [ 8F12AB59336143B680F71B217B495AD2, A28F62F065C68CC1A7EEF0CA52F83C3284B001565D8E154BF8568DE4A525104E ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
01:35:55.0078 0x12d8 FileCrypt - ok
01:35:55.0114 0x12d8 [ 92ECCFA58C8195B8EA33ED942469D4E6, 8DB12E8CF80ECA22182F9A1F4CA922336A430297F1F596F204ECF4D9D19F30D9 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
01:35:55.0119 0x12d8 FileInfo - ok
01:35:55.0157 0x12d8 [ 87C51FDD50C17882BA93E28BBABB9847, 8987D80FB77D1D3F9E89B491B1287B027DA26FFC4E4BA7B01E07D4D4FC69E236 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
01:35:55.0160 0x12d8 Filetrace - ok
01:35:55.0174 0x12d8 [ E99261DD76D1C9E05AF575939CAE5AC5, A789724FD2E22AFB2F921836F5C19A21D17F4BBD604771E2908C2651BD31989C ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
01:35:55.0177 0x12d8 flpydisk - ok
01:35:55.0226 0x12d8 [ 25D7A58625E1453E40D36825DE74E4F1, 74119803D35E3C3CC349B44C6CD9EDF6B797F88584B847F0BF9EED542719B86B ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
01:35:55.0246 0x12d8 FltMgr - ok
01:35:55.0370 0x12d8 [ 4387DE200BF8DD0E2EE828E655434B9A, 9148D65E54663EEC139E754091F47ABF439A637BEA83F600D30736522DAA845D ] FontCache C:\WINDOWS\system32\FntCache.dll
01:35:55.0456 0x12d8 FontCache - ok
01:35:55.0507 0x12d8 [ E79DAC43A5E191FC4DDB04197A704BFA, 2FA6C8B5B2DFE66C05828E3F55DFD6268A8210E9BD083F2D09367AD59AF1C6C1 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:35:55.0511 0x12d8 FontCache3.0.0.0 - ok
01:35:55.0536 0x12d8 [ B4175E8BE60B099686FF55CA7D692316, 3158FC5B4D1A2F1FC1346754392AE24AE58999B9061B1CE78A65E785BFFADD52 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
01:35:55.0541 0x12d8 FsDepends - ok
01:35:55.0561 0x12d8 [ CC71372CEB811A72F1DC99089C5CBF53, BB9DDE74D60E534A6F8A51B63DDBB441245F06A00A0AFD37DBBE86255690946D ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:35:55.0563 0x12d8 Fs_Rec - ok
01:35:55.0621 0x12d8 [ 421497634C86EF4B8F86D0EBC076728F, E0D1449555D8849364E00AA747DBC820EF914A9F5B796E35070072FCBC532ADE ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
01:35:55.0655 0x12d8 fvevol - ok
01:35:55.0678 0x12d8 [ B9981A4CB9F728B3312A3885BFAA7204, 12FB2EB2E5D2A912769823DD9C1B33DB358CD0B7FBFC788529EF83DD584334F8 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
01:35:55.0683 0x12d8 gagp30kx - ok
01:35:55.0752 0x12d8 [ EC12EA431C2535FB303B7CA11A944AE4, 59B8F7404A73DBA546F67B3DE26323980871A2156B2939C93254E34279886F3B ] GamesAppIntegrationService C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
01:35:55.0772 0x12d8 GamesAppIntegrationService - ok
01:35:55.0802 0x12d8 [ C23410A44ADDF0E1A9B4BA42A5DD5EA7, 384382D16D09A17E29D8348E1CF8DD7E377607DB3472AB8888EF8E83671B772C ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
01:35:55.0819 0x12d8 GamesAppService - ok
01:35:55.0848 0x12d8 [ 77555B11B264991DDC26872FFCF1AB97, D5F230EEF74EB869F771F8A4AB19C1E6C845BB0EF4A1234882EBDA4FDC431E44 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
01:35:55.0851 0x12d8 gencounter - ok
01:35:55.0878 0x12d8 [ F3AC9652D88BF87BA6596CBEA28CE10F, 115F3C0A5B9903B17ADEA80E1825FE927B7361F5BDDF80CE3685EF2D327EDF4F ] genericusbfn C:\WINDOWS\System32\drivers\genericusbfn.sys
01:35:55.0881 0x12d8 genericusbfn - ok
01:35:55.0916 0x12d8 [ F802FBABF0C4DF1BAA733187B2E476F5, E2533284CEBBB872196B013DD1FBBCA794DB1CAAA37D64849BD9264ECDD2CEE6 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
01:35:55.0926 0x12d8 GPIOClx0101 - ok
01:35:56.0025 0x12d8 [ B55458A83395A2CFD4E745E9EC4AB5F2, EAB06B089D8A7DBC9AE2A1C919B489911690D341013A5F8F906819C68431CA85 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
01:35:56.0096 0x12d8 gpsvc - ok
01:35:56.0125 0x12d8 [ D011B0ADB15F4815310CE1BF4780B33E, 3860630917F83A89FE7A6407CC544505FA4BD754619CF273DD630ABFBAAE42EE ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
01:35:56.0127 0x12d8 GpuEnergyDrv - ok
01:35:56.0169 0x12d8 [ C6FF00DA1605982E616C03BE809FFE2D, 4D9C86B9FF2FA291DC320677D28DF00C26834409F7AD94D6C07D2233ED746B19 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:35:56.0179 0x12d8 gupdate - ok
01:35:56.0195 0x12d8 [ C6FF00DA1605982E616C03BE809FFE2D, 4D9C86B9FF2FA291DC320677D28DF00C26834409F7AD94D6C07D2233ED746B19 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:35:56.0203 0x12d8 gupdatem - ok
01:35:56.0226 0x12d8 [ 84BC034B6BB763733C1949B7B9BAF976, 18C2C0F15BAFA46197F0BB629C4F585D893C2A78324CA198F88A04527D524F23 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
01:35:56.0232 0x12d8 HDAudBus - ok
01:35:56.0269 0x12d8 [ 6B8CB114B8E64C0636EB49F7B914D1FC, 1AD7A43CC5CD99DCEF60C61242B6843D4AD925CE93BA5D75CD8395C7125EF5A7 ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
01:35:56.0273 0x12d8 HidBatt - ok
01:35:56.0294 0x12d8 [ D1AD197CCDAAC0CB4819DA1D6EB17BAE, C370F974D0A1F7B60F47EAFF57B6CCABE82913187F8BFEE169B8237AE91247B1 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
01:35:56.0301 0x12d8 HidBth - ok
01:35:56.0326 0x12d8 [ 64909DECCFCC6FB5D9A5BAFDCCB31FEE, E19C91FD8D5102A8C4F6C6FF70CA058BB272FEC1B6E9CBA3A473C49948E6AC7E ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
01:35:56.0340 0x12d8 hidi2c - ok
01:35:56.0375 0x12d8 [ F510F7B7BF61DEAAC04E65C3B65E8D59, 11566086B06FB08B6A179E3068E022DA381C762DC8962D1E1D63DC646DD4D301 ] hidinterrupt C:\WINDOWS\System32\drivers\hidinterrupt.sys
01:35:56.0379 0x12d8 hidinterrupt - ok
01:35:56.0421 0x12d8 [ 90F3ED42D423C942BA5EA54E2FFE7AC7, BF7DE0C8141CD20A6235657BA897A019ABEFF6A01AA3FB202C73C33433CDEAF8 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
01:35:56.0426 0x12d8 HidIr - ok
01:35:56.0474 0x12d8 [ 46DE2EF6382DD9613CB506760648F262, 419555220794380134A64E1956B83B2FD1D1B6E403C5FC729A9107E14A12E968 ] hidserv C:\WINDOWS\system32\hidserv.dll
01:35:56.0479 0x12d8 hidserv - ok
01:35:56.0512 0x12d8 [ 128DEDDD61915DBA4D451D91D21F0513, 961A0DDA02B0879989300C15E4FF9022882A4CD895D65335C263AC0DD1918314 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
01:35:56.0516 0x12d8 HidUsb - ok
01:35:56.0567 0x12d8 [ 2FEF4D90C0CAED258C93CFF72A8FFD71, 56473D90E9FE52849067D080FD88B29C0BBE76E5266657E2ABD6366B7A4E9474 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
01:35:56.0584 0x12d8 HomeGroupListener - ok
01:35:56.0645 0x12d8 [ E2145534FB853921788F52701BED0CAB, DF71F842772FAC21DD8994C97F578A78AC43D06C5F26F752FB69B47DFE3BB112 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
01:35:56.0673 0x12d8 HomeGroupProvider - ok
01:35:56.0793 0x12d8 [ 7B7DE6B3DC30F3246958F42C67A6F7BB, 4B66B90CFEC2231B905B21DECC4EC7C6500E546F080A452EF67E724EDF37ADD9 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
01:35:56.0873 0x12d8 hpqwmiex - ok
01:35:56.0916 0x12d8 [ FF442DCDCE1F6E9FAA9C8AD0CD1D199B, A239414E97B310C9545995B0E723B5E792B08D71F651450EB006AD4D1765E4F7 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
01:35:56.0921 0x12d8 HpSAMD - ok
01:35:56.0969 0x12d8 [ 2C884CBC1CC8804B771C845CD683BA84, 4BDCD012AB9D2ED0A2831BB01F77DB47B83565527C4964CA7BE6FC66917AC265 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
01:35:56.0971 0x12d8 HPSupportSolutionsFrameworkService - ok
01:35:57.0055 0x12d8 [ E7F6B3C8F78B4A49E283DB4619B26841, 1653F2CE201A8794D64A5E60B257CB6691D9C4B61CCDA415E0355E56506DFA47 ] HPWMISVC c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
01:35:57.0088 0x12d8 HPWMISVC - ok
01:35:57.0191 0x12d8 [ 63C3F74DC398A1C1A77E39DFB9C312CA, 283A13899838B4313BFBC406E832042696C549640A1AB11E23C0B9E499289836 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
01:35:57.0248 0x12d8 HTTP - ok
01:35:57.0274 0x12d8 [ CBA5E88A0F0475B7F49653BB72150BEF, 0F03560D9C30E069D117A555AEE729C81E6BCAE443FA25172D0E9E6903695C67 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
01:35:57.0277 0x12d8 hwpolicy - ok
01:35:57.0298 0x12d8 [ D668FAB4B0397B426EE3D41683B9A1C0, 66F3E3B2ABC3C9B25A0DADBF09818547ED301230374AC5302B4794629A95DDF8 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
01:35:57.0300 0x12d8 hyperkbd - ok
01:35:57.0339 0x12d8 [ 53FDD9E69189E546DE4740F8C4D8AB2F, 45ED5B229ED5FD0CEE8BF52EFF88FD8B1889BF348ED7187926F290B3AD48A76D ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
01:35:57.0347 0x12d8 i8042prt - ok
01:35:57.0373 0x12d8 [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c C:\WINDOWS\System32\drivers\iai2c.sys
01:35:57.0379 0x12d8 iai2c - ok
01:35:57.0409 0x12d8 [ 59A20F5AD9F4AE54098154359519408E, E27B7389C9D123CDDA4EC9CBDB06C4AA5000012391F940EE1492419B593608FE ] iaLPSS2i_I2C C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
01:35:57.0419 0x12d8 iaLPSS2i_I2C - ok
01:35:57.0443 0x12d8 [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
01:35:57.0447 0x12d8 iaLPSSi_GPIO - ok
01:35:57.0475 0x12d8 [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
01:35:57.0482 0x12d8 iaLPSSi_I2C - ok
01:35:57.0543 0x12d8 [ 6B0029A0253098CCE28EACCFDB9E7208, E33AD69644E1683A971DA1169B704FBCFD9F715E9550816058E420BB5DE4D946 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys
01:35:57.0581 0x12d8 iaStorAV - ok
01:35:57.0632 0x12d8 [ 9652E1E35A92D8C75710C17A63B15796, 72F8C4A49B874226DEE9B7C9704F0E0A98DAA2DF4EAE2F2258E8324ACBD242E4 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
01:35:57.0655 0x12d8 iaStorV - ok
01:35:57.0705 0x12d8 [ FFADF691F7BF727AF5C863454A372723, FCF5A5595E8C9C937BE9F1C3AB5D9BD0EFE82DE1298D12085E0CCD84A186D2F2 ] ibbus C:\WINDOWS\System32\drivers\ibbus.sys
01:35:57.0727 0x12d8 ibbus - ok
01:35:57.0775 0x12d8 [ 80BF2990E01E774D64F6E13F30661942, ADFEA2280D29F2C7B0A556C61709301D6327C288064FF5A4D29358403DF41DCE ] icssvc C:\WINDOWS\System32\tetheringservice.dll
01:35:57.0789 0x12d8 icssvc - ok
01:35:57.0800 0x12d8 IEEtwCollectorService - ok
01:35:57.0894 0x12d8 [ 95A03F67830FDCB950E70261128D540D, D052CB703500E2871CF51E015E444F2A99FA9A7579AC422104F0E411F6107BD0 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
01:35:57.0946 0x12d8 IKEEXT - ok
01:35:58.0262 0x12d8 [ 09BA0096C574C5600B6A7A8D7049A7E4, 67133E54039EC45FCE154E4B940E30FE7523A39487C76AC5D090239CBA79ADCC ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
01:35:58.0545 0x12d8 IntcAzAudAddService - ok
01:35:58.0585 0x12d8 [ ECDB27420D3A98424666904525A8562A, BDA98C3C95F2AD79945EF8213D5C65064052C09C82DD36F0D6724E1D21DCC30A ] intelide C:\WINDOWS\system32\drivers\intelide.sys
01:35:58.0588 0x12d8 intelide - ok
01:35:58.0618 0x12d8 [ 8FF1978643EFD219C5BA49690191D701, 6FD78A8490107C80090D7125644B8C910855374BE1373D1D6B199307C79680BA ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys
01:35:58.0622 0x12d8 intelpep - ok
01:35:58.0656 0x12d8 [ B61B60F36E1C8022FA8166ABF0F66B07, 23161F1DA51D44D936329E62DF4C2DAEE3DDD4B3D62CC501A888C0E149788968 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
01:35:58.0665 0x12d8 intelppm - ok
01:35:58.0698 0x12d8 [ CA0D42029AFFC4514D295E1EF823D02D, F2A05CB2B2E8C843FD02DC37E86F23CF928A4B2F9044424A60DE4E82B87DF5C3 ] IoQos C:\WINDOWS\system32\drivers\ioqos.sys
01:35:58.0700 0x12d8 IoQos - ok
01:35:58.0724 0x12d8 [ 6E3F9D95235DFC9417384080A216F310, 6F13D72661038A91CFABB360621F4B169D78955C3EAD64956A7C825ABAEC5121 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:35:58.0729 0x12d8 IpFilterDriver - ok
01:35:58.0813 0x12d8 [ 6E75B731A8A7EFED0821327B08DAB46D, A77B746447824BD3C68B82D7329B82D62098B2409F8AEE4738FA23CB1561E629 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
01:35:58.0864 0x12d8 iphlpsvc - ok
01:35:58.0891 0x12d8 [ 4F527ECB5EAB47D8EAF34A469666C469, 8FFBEEF42515B6A7758BE579ED69E3911856CBF7710D9785011332C5E3DFE495 ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
01:35:58.0897 0x12d8 IPMIDRV - ok
01:35:58.0923 0x12d8 [ 9E5E8F2A1996F23B7E9687846AA81B01, 29E59384A4F92B3B4F2974942C91A12380113C13D3800900B5F44E2355D05455 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
01:35:58.0931 0x12d8 IPNAT - ok
01:35:58.0955 0x12d8 [ C317EB660138BC9CBFE37CCDE56351AE, F3AF6C573419D7F65C96A4841D4F056CA281CD5AFACDC7A5F586A390DC6E615B ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
01:35:58.0958 0x12d8 IRENUM - ok
01:35:58.0976 0x12d8 [ 531994A6D9399D9B74BE12B5BB58A81E, 6D5CF540C777F4828E1D4C5FE58EE41E6C2F5F399C554DC85F19D1E52229B094 ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
01:35:58.0979 0x12d8 isapnp - ok
01:35:59.0029 0x12d8 [ 68D5354A4A9692EEC24664C60F47D4A2, 92124E98B6E286B6127DC6D0BFACC9C6D293D58EAE2B47B45532714CE6A6D0CD ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
01:35:59.0047 0x12d8 iScsiPrt - ok
01:35:59.0084 0x12d8 [ 701D7DB13B0815E7076EF4CB4CE981F8, 02585661656C0069AC318B82DE83DAC660451A0B970FDBCA0F7A8B4CBF7D93A9 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
01:35:59.0090 0x12d8 kbdclass - ok
01:35:59.0112 0x12d8 [ 884EBBDDBF5968003B40185BD96FF0E6, E3934D0FF0BEDDF5526AF529F7D15BA8BE479383894975B1AF1A1818C394A6E3 ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
01:35:59.0117 0x12d8 kbdhid - ok
01:35:59.0140 0x12d8 [ 6B3A0C7902811E6372643447E41F7048, 30667B56A306CFD5D15BC46F8E7D9E167612E71B6C8F554406E706A6330F5B94 ] kdnic C:\WINDOWS\System32\drivers\kdnic.sys
01:35:59.0143 0x12d8 kdnic - ok
01:35:59.0164 0x12d8 [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] KeyIso C:\WINDOWS\system32\lsass.exe
01:35:59.0172 0x12d8 KeyIso - ok
01:35:59.0205 0x12d8 [ 982C795DE20CED7AEDD2E7899B5D9BC1, 9F4E7536DB253CD83AA2AB89E9F3311714CD70F13AFD16F9B4D4CD86A70FC164 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
01:35:59.0213 0x12d8 KSecDD - ok
01:35:59.0257 0x12d8 [ 7D8B9214692C4D0F1646215D9984E19A, DC73503A8CA67F4E167DEA69AADDEA5F2D756E1C1F4FF42B6ECEA7E637BB80AB ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
01:35:59.0266 0x12d8 KSecPkg - ok
01:35:59.0291 0x12d8 [ E9BB0023D730701BB5D9839B44F5E6B5, 19D4BAC09424D331922472CFD2D0E32BEFA9188A6AF194C8D1F93FD77CE36691 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
01:35:59.0294 0x12d8 ksthunk - ok
01:35:59.0344 0x12d8 [ 71DE1AD9B23661EEC4F2A6EAA5A7D33D, 3219AEF3D6AE5933AE669FD2ED9ED95A8780612E39F31DB3DB9ED6B6244C5F7B ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
01:35:59.0367 0x12d8 KtmRm - ok
01:35:59.0419 0x12d8 [ 8BBB2B4429AF340481520C20C17FC5B6, 9E32815349195FC4B1BE213600FD407F2EAEEC8368289EB3E6B769125A739C08 ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
01:35:59.0439 0x12d8 LanmanServer - ok
01:35:59.0477 0x12d8 [ 1F5D48B1DA1B812BD2411CA44D75DD32, D1BDB8142CB13E8C6DD6F42E07C9D19BBBF6410D5122A04C01B34B95B442DD95 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
01:35:59.0497 0x12d8 LanmanWorkstation - ok
01:35:59.0532 0x12d8 [ 02C54C5C7EBE371EC0C59795ED22213F, 712AFE0EDF40436124F3FD55ED9B5A3A33A8761A58F4D482BB65229741B1C270 ] lfsvc C:\WINDOWS\System32\lfsvc.dll
01:35:59.0537 0x12d8 lfsvc - ok
01:35:59.0557 0x12d8 [ 01BF128CC327A2E53898F732AF52B3DB, D62ACDA69D9942F9CEF400874DBB6EAF9811D9657CBFEF89174F88D76BB8D8EA ] LicenseManager C:\WINDOWS\system32\LicenseManagerSvc.dll
01:35:59.0561 0x12d8 LicenseManager - ok
01:35:59.0592 0x12d8 [ EC34EED89C34B27C292166B725AC7A7B, 58F1BA0CB7743314AC012A82F8CE4072CBDD05D9570C52BC18DC551882F5B1BA ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
01:35:59.0596 0x12d8 lltdio - ok
01:35:59.0635 0x12d8 [ 2C23283A0815B048C06D8C0ED76AAD95, 4335546939C1A98CFE9A4403CC82D79CC713439E4DFD1F4760FDD867305151E0 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
01:35:59.0653 0x12d8 lltdsvc - ok
01:35:59.0689 0x12d8 [ CB6365E995F4DB856866500EDD8F61C1, 717ED387F245CAC68217B0F393D7B8AB3805721AB2C4D2D43430FE6E740F0856 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
01:35:59.0694 0x12d8 lmhosts - ok
01:35:59.0735 0x12d8 [ 961F28D879D345BFA50AF51285C90F2E, F9931A436651F695B746BC0C07E833D9C9F64126746DF976E691E6CAE26DAC9B ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
01:35:59.0743 0x12d8 LSI_SAS - ok
01:35:59.0767 0x12d8 [ 6BFB8D1B3407518BE06B6F81F92FA0F5, DE0818DCC0D8D1D30A29AB167C65461A78100ABE2368637CEB9D0ED2B4E88D8E ] LSI_SAS2i C:\WINDOWS\system32\drivers\lsi_sas2i.sys
01:35:59.0776 0x12d8 LSI_SAS2i - ok
01:35:59.0796 0x12d8 [ BE0E47988D78F731DEC2C0CB03E765CB, CA0015E87A3962611DBF714253FA618A6568346BAE640884432C1D44DE4C8684 ] LSI_SAS3i C:\WINDOWS\system32\drivers\lsi_sas3i.sys
01:35:59.0803 0x12d8 LSI_SAS3i - ok
01:35:59.0834 0x12d8 [ F99BF02BE9219986817BF094981EEB18, 4303C772366065885C5D937B2E9AC0BF80C84BFB2737716055AD57BF6AADD673 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
01:35:59.0841 0x12d8 LSI_SSS - ok
01:35:59.0909 0x12d8 [ FFAA37FBBDD161E8C200C83B40F7872E, 0637B3119FC220CB8E23EE6694A9F1F25CF8D61008B14F6E30FDC17DCF9E077E ] LSM C:\WINDOWS\System32\lsm.dll
01:35:59.0950 0x12d8 LSM - ok
01:35:59.0976 0x12d8 [ 2FCF837196082864F66CFD9CAB256275, 8BE01C3BCBC1E6E5D1FD7F49E936482E61ACB805F397AB81B8D39C2F0F1083BD ] luafv C:\WINDOWS\system32\drivers\luafv.sys
01:35:59.0984 0x12d8 luafv - ok
01:36:00.0025 0x12d8 [ 9BC40C5A140B5F380042E391CC95993F, 4FFE8A6A473530CE171AC47C7E8D51B8C29BDC209E7129F66B06F8D40F07DAED ] MapsBroker C:\WINDOWS\System32\moshost.dll
01:36:00.0032 0x12d8 MapsBroker - ok
01:36:00.0061 0x12d8 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
01:36:00.0065 0x12d8 MBAMProtector - ok
01:36:00.0175 0x12d8 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
01:36:00.0264 0x12d8 MBAMService - ok
01:36:00.0290 0x12d8 [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
01:36:00.0296 0x12d8 MBAMWebAccessControl - ok
01:36:00.0336 0x12d8 [ 2ED29B635F35E31A1C0D3DDB7DD2AD03, F70CC20B98C2DBCD13B0D509D92B3BC3828D1B88F3ACD60C860E163064844181 ] megasas C:\WINDOWS\system32\drivers\megasas.sys
01:36:00.0341 0x12d8 megasas - ok
01:36:00.0397 0x12d8 [ 22E3CB85870879CBAE13C5095A8B12E3, 5FA5A8EFBA117089CFDBE09743A16BC3A7CC2042C96ABA1F57901747493106BF ] megasr C:\WINDOWS\system32\drivers\megasr.sys
01:36:00.0429 0x12d8 megasr - ok
01:36:00.0464 0x12d8 [ F2C23E25636BCA3543E6AD7858E861B7, 0CAB0A037471B4858CE9477E49BF50A5E3E6685E05F8A4BD2D9238551D5073A6 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
01:36:00.0471 0x12d8 MessagingService - ok
01:36:00.0607 0x12d8 [ D41920FBFFF2BBCBBC69A5B383AD022E, E66218A8303422EA10C19BA12343740B9A1A70B11B39E185E805B4F74CD2B75E ] mlx4_bus C:\WINDOWS\System32\drivers\mlx4_bus.sys
01:36:00.0644 0x12d8 mlx4_bus - ok
01:36:00.0679 0x12d8 [ 64BD0C87064EA20C2D3DC4199F9C239C, ED69706277A58ED2C5F2B1B4E9A4A9C7C20173D46EB57FB31D8B63340BA23193 ] MMCSS C:\WINDOWS\system32\drivers\mmcss.sys
01:36:00.0682 0x12d8 MMCSS - ok
01:36:00.0702 0x12d8 [ 8D4B46FA84A3A3702EDADD37FAC6EDBA, E3B9E12BD324FE637C365FDC5E490C41889047004D4FC8F7D78339484F2F717B ] Modem C:\WINDOWS\system32\drivers\modem.sys
01:36:00.0706 0x12d8 Modem - ok
01:36:00.0732 0x12d8 [ 78FEC1BDB168370F131BFBFEA0A04E9D, E07B1BC429C2CFBD6162F89A6502C67A4BAD904ADC05D3505D87A0B2BCE1061B ] monitor C:\WINDOWS\System32\drivers\monitor.sys
01:36:00.0735 0x12d8 monitor - ok
01:36:00.0763 0x12d8 [ D1CC0833CFBC4222A95CAA5D0C8C78FF, 54F04374C6D3EFF5C1B794C069870458F10757E5773AEE911957089EAF51EC8D ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
01:36:00.0767 0x12d8 mouclass - ok
01:36:00.0792 0x12d8 [ C2E05EC6B80BCF5AE362DA873E1BCE64, 4ABE5CA2005A54E92259EDB52205A5C59BDB83026FC0CD7CBB1E3A003C2B535B ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
01:36:00.0795 0x12d8 mouhid - ok
01:36:00.0822 0x12d8 [ D5B7668A8F6C67C51FA5C6C513396D6C, 35985AD89344A8464BD78B8DA6A772E4E60A2EB93072AC23673A86EFD0B2270A ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
01:36:00.0829 0x12d8 mountmgr - ok
01:36:00.0848 0x12d8 [ 5FBCB85D127BE21E3A9DAF11A13C00EA, D00AB99CC813E26B0BD2D39161D4138AB89A06B3E3A28712F2D5BCA60905BEC4 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
01:36:00.0853 0x12d8 mpsdrv - ok
01:36:00.0940 0x12d8 [ 553F19DC6F3F73545CB17FCD7A8AE37B, 49ABB625EB9C2981254EEA1FE7858DF630BA2D65653CC91CD4FEEACF69C5392F ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
01:36:00.0992 0x12d8 MpsSvc - ok
01:36:01.0035 0x12d8 [ BF6CA7EA5ECD6CF72D3D76652A9B8280, 8EC031D0D8E75CB583B129CBA518701097697498621307108388FA05FBF604BB ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
01:36:01.0044 0x12d8 MRxDAV - ok
01:36:01.0094 0x12d8 [ 0B3B0C1D86050355676640488FA897D3, DBED9D6F7AAFB11F4C00C1F69DB7A887A3058E5FA66615A1640242439822B60C ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:36:01.0117 0x12d8 mrxsmb - ok
01:36:01.0171 0x12d8 [ 1A490555FD330CA2764D89191177C867, 1004AE2F80BEA9A6DBA3E6B5D2DDFA44FBA253F7137D60B000B094699DE1CB12 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
01:36:01.0186 0x12d8 mrxsmb10 - ok
01:36:01.0221 0x12d8 [ 0F47A6C09F0A7FB5513D322A2B9BE4EC, 00A17CB55D232E11F3D24D0B43FE4FA9E55F7EF5E5607B26ED84C13108AAC4FA ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
01:36:01.0233 0x12d8 mrxsmb20 - ok
01:36:01.0257 0x12d8 [ A4411C522D41707D5BCA817A5BB9E30B, EF7505BE475ECAB2B5E66A7419EDAF42A7E7A65BAD3BBE346A8CEE5DD69782CC ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
01:36:01.0264 0x12d8 MsBridge - ok
01:36:01.0294 0x12d8 [ 807A6636828E5F43C10A01474B8907EE, F275645F4F0D0A796C33C03EA7FA563A0B890AB3A93E5F99C5EA166F91D249B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
01:36:01.0305 0x12d8 MSDTC - ok
01:36:01.0342 0x12d8 [ D123343DDB02E372B02BF2C4293F835F, 8E02D9F7E5DA717B64538444B3FE1C55AA4B0F26F51DA20947E971D27EA09D12 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
01:36:01.0344 0x12d8 Msfs - ok
01:36:01.0391 0x12d8 [ B3358F380BA3F29F56BE0F7734C24D5F, 229D9E72C429AC51BF6E7C8306218620CB1AA50FE39BA6C11ED0F643E7AF90E5 ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
01:36:01.0394 0x12d8 msgpiowin32 - ok
01:36:01.0427 0x12d8 [ B2044D5D125F249680508EC0B2AAEFAC, 9631FF42DA5A7CEE1F2607AA8972EF0A67616F0EEEBC95F97B1C8F5A577ED5C4 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
01:36:01.0428 0x12d8 mshidkmdf - ok
01:36:01.0456 0x12d8 [ 36ABE7FC80BED4FE44754AE5CFB51432, FB89DF3A50C52B69D4E831A370157D1901810093A0D7D7120A120FC5C6E14BF5 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
01:36:01.0458 0x12d8 mshidumdf - ok
01:36:01.0479 0x12d8 [ 59307FEAFC9E72EEEC56B7FD7D294F4C, 56576635870FC68980977FFA0E7F8E8D69A7981DECF5B52D0B2A82E3BA6685EA ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
01:36:01.0481 0x12d8 msisadrv - ok
01:36:01.0517 0x12d8 [ 236A38F5CB0A23BF0ACCD70ED0BD7F70, 8106B528458E6C8E4437D9064D58F10FF195E67CD308AEBBD5F860AD2D59DCC4 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
01:36:01.0528 0x12d8 MSiSCSI - ok
01:36:01.0539 0x12d8 msiserver - ok
01:36:01.0557 0x12d8 [ E9457EDFEBC774199F907395C6D09CA2, C3655CE83F4AD1258382722E9A99C33FDD3AA40B62CFEB8DFDD141E254E6DCE2 ] MSKSSRV C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
01:36:01.0558 0x12d8 MSKSSRV - ok
01:36:01.0584 0x12d8 [ C85D79735641D27C5821C35ECDDC2334, C1BAFD98122B04665870171C143EC119181351D10777A83680A63BF305703FF3 ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
01:36:01.0590 0x12d8 MsLldp - ok
01:36:01.0606 0x12d8 [ EF75184B64356850D0F04D049C253526, 325476F53372BD70201347F044C8EFEC0DB939E1926454B6DCC0CF7864969650 ] MSPCLOCK C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
01:36:01.0607 0x12d8 MSPCLOCK - ok
01:36:01.0633 0x12d8 [ 543933D166C618E7588EA77707EC1683, 84A65D277E28FDD7CE2345188891093AC88B577E4C528AD39AB629E341199688 ] MSPQM C:\WINDOWS\system32\DRIVERS\MSPQM.sys
01:36:01.0635 0x12d8 MSPQM - ok
01:36:01.0693 0x12d8 [ 182711E9DDF70121A20EBB61B2DFB9E8, 70606503F6280EA3175B9AEC8370A8F461575755DA86EF6E9C9D04EAD61481FA ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
01:36:01.0712 0x12d8 MsRPC - ok
01:36:01.0734 0x12d8 [ E887FFDD6734C496407E9219225CB6FF, 0EC9A79224BCE5D0A782E62CC38E3494E8FB65DFC07C66D25C5A1A351121C27D ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
01:36:01.0737 0x12d8 mssmbios - ok
01:36:01.0768 0x12d8 [ 83A2AB75951000D681FABDB80C07AEFC, 3B2F582F097E3F934C4587B27CB05525350F36924B74CA6BCD364878FA8EC273 ] MSTEE C:\WINDOWS\system32\DRIVERS\MSTEE.sys
01:36:01.0769 0x12d8 MSTEE - ok
01:36:01.0793 0x12d8 [ 4FA0483896FC16583851EFB733FCB083, BB59243ABE32FBE92EC1B04D24239BE2DF7C2354A407C2EFF97623F07DCBDA35 ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
01:36:01.0795 0x12d8 MTConfig - ok
01:36:01.0821 0x12d8 [ 60F88248608315E13391C2F1C3B4473F, 99E8B74118A01FC281A1C6B323EFD1A8EA1997B81A013442205066F55327D555 ] Mup C:\WINDOWS\system32\Drivers\mup.sys
01:36:01.0829 0x12d8 Mup - ok
01:36:01.0847 0x12d8 [ 218705233D02776AE4D19CC37D985C1B, 3D92925867B6B8FFAF78E4080139DCB3D45E1E6E1D0AFB6A4FE248B002BD8471 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
01:36:01.0852 0x12d8 mvumis - ok
01:36:01.0931 0x12d8 [ AA4CD20708B7E0412A5316D7E2875103, 4E60A0865B7656735F3AB34AF5FE48304138F47DE961D4D16661617D711DEBC0 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
01:36:01.0959 0x12d8 NativeWifiP - ok
01:36:02.0007 0x12d8 [ A340A4B27CC7DEDDF953B7E2C9699747, 4C5AB23BD0C69B17E9BD29CAFEDC100A6EFC78BAB645B007FCAE4318C459D345 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
01:36:02.0020 0x12d8 NcaSvc - ok
01:36:02.0058 0x12d8 [ 24146738C422814EEB2A98FF1FC5C6E1, 3C70C6768681CE63DED339822EFB36194037B987D92456B9E955061A3A3C63BC ] NcbService C:\WINDOWS\System32\ncbservice.dll
01:36:02.0079 0x12d8 NcbService - ok
01:36:02.0102 0x12d8 [ 476466DC3AB2327E2DBFAEC11798E2EE, 9ACD74720664CF3F239601DF0BE80AC443AF0FBF666CBB8509169364FB22B95D ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
01:36:02.0111 0x12d8 NcdAutoSetup - ok
01:36:02.0157 0x12d8 [ B57CE307DA101C739885B7CC0678077F, F7F45DB6D306060F0FE0E59F39C3B95F6A9B6173930F22C5C41B2003895D6642 ] ndfltr C:\WINDOWS\System32\drivers\ndfltr.sys
01:36:02.0162 0x12d8 ndfltr - ok
01:36:02.0250 0x12d8 [ E582DA849A58524E645545FB68B6625D, B74E2CF078F6C575EFC4A2E4293D03FE6BA933307D656E0E57FFA17EF324948D ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
01:36:02.0311 0x12d8 NDIS - ok
01:36:02.0347 0x12d8 [ 202260E7CDD731A32AF62ABD1ABEE008, 0E019FAE09B2659CC3267756DB962CCD69172BA67E3288B491F7B455287A5392 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
01:36:02.0351 0x12d8 NdisCap - ok
01:36:02.0382 0x12d8 [ A1D473D0CF10561F29B58EA7C5412A92, 3DBFC1D769E03E30C87FF4F30A9B523A69A7E0CD4EB87F8A9ECE190FEB84C569 ] NdisImPlatform C:\WINDOWS\system32\drivers\NdisImPlatform.sys
01:36:02.0389 0x12d8 NdisImPlatform - ok
01:36:02.0415 0x12d8 [ 1A0AE283B8DE6BB76412A0F8213D45AC, 91AFFDC7A9277EB59CD54021049BEA715078F90470B8A12F3E9F1386DF068D2D ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:36:02.0417 0x12d8 NdisTapi - ok
01:36:02.0450 0x12d8 [ A74EE2D2C0BFF5EC3A6185791868C4CA, A346320DEBEAE890575B4C6594FB3A3A9890A0E86881ADD8376E442282C88D38 ] Ndisuio C:\WINDOWS\system32\drivers\ndisuio.sys
01:36:02.0454 0x12d8 Ndisuio - ok
01:36:02.0471 0x12d8 [ 32A9BD1342640D48AD85C8B3E812B984, B702B05A0180472139B35B105DD3B6B6F75AEDC9DD1EE342FB576259076455AE ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
01:36:02.0474 0x12d8 NdisVirtualBus - ok
01:36:02.0503 0x12d8 [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] NdisWan C:\WINDOWS\System32\drivers\ndiswan.sys
01:36:02.0514 0x12d8 NdisWan - ok
01:36:02.0535 0x12d8 [ 6A6A8CF5EE61801375A38EBB871D4057, AE8EFF18D82BBE83101B380189A6889822891A993EB865E2E81C1D2F60B77C4C ] ndiswanlegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:36:02.0546 0x12d8 ndiswanlegacy - ok
01:36:02.0574 0x12d8 [ 50AEF8EF0064A91ABB08D858D039C9DE, 16F1CBE1EC3778D157CC054261068C8D7F8A72D85853CB70178F8DF81D238C8F ] ndproxy C:\WINDOWS\system32\DRIVERS\NDProxy.sys
01:36:02.0579 0x12d8 ndproxy - ok
01:36:02.0621 0x12d8 [ D358DF634F52247CB43F0781218F4D6E, D375E9E681551467FC5F7AB2AC053C9F22AAC541C0BCBA57090211F45009342C ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
01:36:02.0627 0x12d8 Ndu - ok
01:36:02.0663 0x12d8 [ 026618ECF6C4BEBDCB7885D42EC0DBE4, 8E7E13361DCF8748FA3AD518B3DE0A3DCE932316EE32E5529E75785BC5395AD1 ] NetBIOS C:\WINDOWS\system32\drivers\netbios.sys
01:36:02.0666 0x12d8 NetBIOS - ok
01:36:02.0704 0x12d8 [ F51C02D992A8D6BC5EC4D990F227D4C7, DBBDA422BFA82219403689637BE8D6B0D0A893895143E807FA5A007C166454CB ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
01:36:02.0719 0x12d8 NetBT - ok
01:36:02.0741 0x12d8 [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] Netlogon C:\WINDOWS\system32\lsass.exe
01:36:02.0747 0x12d8 Netlogon - ok
01:36:02.0792 0x12d8 [ 7FD4C3D32DAE890608F44074A3437CD8, 5B7D9E9AEE26896B818F3C5DBE4C96A33D43CE2CF7716B95AAB7203611C03BFE ] Netman C:\WINDOWS\System32\netman.dll
01:36:02.0810 0x12d8 Netman - ok
01:36:02.0866 0x12d8 [ A059F75402710535A90A8D043674A514, E98536DF74A2B75FDBA6B866DC1909544292DFE5E14F984941470FBA6E8D810C ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
01:36:02.0898 0x12d8 netprofm - ok
01:36:02.0935 0x12d8 [ C5DEEC4F7ED591D1E322899ADC4EE45F, CA3BE40FA1216F77C6D5B9FD518378DB9561163BFDC90C8CB1C2C2EA4112B263 ] NetSetupSvc C:\WINDOWS\System32\NetSetupSvc.dll
01:36:02.0951 0x12d8 NetSetupSvc - ok
01:36:03.0007 0x12d8 [ 9E9BEB22644CE1DA521A1D7821BF891F, 5480D52AE1942205B513F916DBCBF5B5F2FFF92D927F4E598FBA618E75BBC2E9 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:36:03.0028 0x12d8 NetTcpPortSharing - ok
01:36:03.0071 0x12d8 [ 91B32D7036700BEED5343E1F6A7122CC, 8123CA398A79F0E69126F962AA29C2464FAB50182E961CB6A6ADB6CEA09A6732 ] NgcCtnrSvc C:\WINDOWS\System32\NgcCtnrSvc.dll
01:36:03.0090 0x12d8 NgcCtnrSvc - ok
01:36:03.0164 0x12d8 [ C64B693DF26EB7BFF25F9BAD8B54D571, 12363E81B329D048E0148739AA542958F7CAF6FF3404BB001AF51850EF84338D ] NgcSvc C:\WINDOWS\system32\ngcsvc.dll
01:36:03.0202 0x12d8 NgcSvc - ok
01:36:03.0264 0x12d8 [ 1B8F07B59F7DAE02264FB8A16088C467, 1795DA9F72C34A9F47D9AAF5E95D40C3296948EB89D9600679AB4660671A5C65 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
01:36:03.0286 0x12d8 NlaSvc - ok
01:36:03.0321 0x12d8 [ 465DC580170CD844206D7E3EF1DBF2A1, 5A14001029BE154C708CCA34449B280905DB79978FC7F0BE0CF20B20E47752CF ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
01:36:03.0326 0x12d8 Npfs - ok
01:36:03.0357 0x12d8 [ 29395C214D2CD4C81F73166AB988A797, 3631EB2EA17E455ECD151C0BC9A3DF6EC87C75B15DC9B607CFB68D7C463E04B7 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
01:36:03.0360 0x12d8 npsvctrig - ok
01:36:03.0394 0x12d8 [ AF8B7848E102A83AAECCD24B181CEBE5, B2AAE3567EE3A7975CDFCB3FE41D33C74D4486BFF35FF56E0516A01C744BA52B ] nsi C:\WINDOWS\system32\nsisvc.dll
01:36:03.0400 0x12d8 nsi - ok
01:36:03.0417 0x12d8 [ 2871225495F832A8C8A7DD1A17EDB3DC, 2F6664C7F5FB2341B2AAF3C5A258FA0D7AEEE447562D7F39FD5A4EE905C18C6D ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
01:36:03.0420 0x12d8 nsiproxy - ok
01:36:03.0582 0x12d8 [ 19BD8A88AAC580592668B070AC0727D9, 60DB84895C40E6412BEB2D0E4D7F05891446B9DE992D70579CC90BA3FB27FC01 ] NTFS C:\WINDOWS\system32\drivers\NTFS.sys
01:36:03.0689 0x12d8 NTFS - ok
01:36:03.0730 0x12d8 [ 6DBD703320484C37CEA9E4E2D266A8CE, 85D6F73C0E3FDE16829C9BC0D13DD89E64183EAE02F84607F6B8440CB7F366E6 ] Null C:\WINDOWS\system32\drivers\Null.sys
01:36:03.0731 0x12d8 Null - ok
01:36:03.0766 0x12d8 [ 604D27CC38CC23493F218D0BB834B3FF, EF5E5759CCF16DD97271C82DAF47FB2086EBCA5DE7D05177B70CA1197B95F41E ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
01:36:03.0775 0x12d8 nvraid - ok
01:36:03.0806 0x12d8 [ 8B50D897657AB4A15FD9E251BBF7D107, 36036130DD46D9BF105AC7176E219F3BE7D1168A660A0F8DFF76F61FBFA4B417 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
01:36:03.0815 0x12d8 nvstor - ok
01:36:03.0844 0x12d8 [ 31F990B2B6B91E9D7A667405CE12FCB1, 907E095D1E83CDAFF34BE789FC41CDD7BB4DEE23261E1D03C1CF0D4D030534AC ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
01:36:03.0853 0x12d8 nv_agp - ok
01:36:03.0958 0x12d8 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:36:03.0983 0x12d8 odserv - ok
01:36:04.0066 0x12d8 [ A3909B56B2B195ACA5313D1B264CDE0F, CB9EDA6EB57C99EC61B6E16C13FBB374A5FA5AA40BFEB1E222CBC5E91EA05387 ] omniserv C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
01:36:04.0118 0x12d8 omniserv - ok
01:36:04.0158 0x12d8 [ 7F3A0D052B8E00E730316210B1DD092F, 14BD026EA759F6C81ED6B4DBB04E0584B7F6456725503FC73CD4347B7743005F ] OneSyncSvc C:\WINDOWS\System32\APHostService.dll
01:36:04.0176 0x12d8 OneSyncSvc - ok
01:36:04.0243 0x12d8 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:36:04.0252 0x12d8 ose - ok
01:36:04.0303 0x12d8 [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
01:36:04.0326 0x12d8 p2pimsvc - ok
01:36:04.0381 0x12d8 [ 4A5634915AF62C983E08425905D0C04C, 09BC3F7AD9F79C5FF59520933D06FE155AC21CD0ABAFE66B81C9F87D83A2339F ] p2psvc C:\WINDOWS\system32\p2psvc.dll
01:36:04.0407 0x12d8 p2psvc - ok
01:36:04.0457 0x12d8 [ 7D0FC96264C0F8F2C1321E33E8EB646C, 82A06437B9B096BCCF5CE31BDF3539696E2E41DFA9870C358566EEE2F7D3B447 ] Parport C:\WINDOWS\System32\drivers\parport.sys
01:36:04.0463 0x12d8 Parport - ok
01:36:04.0493 0x12d8 [ 24AC0FD10325FBC2303B29A5F237AEB0, D94B26A36EBE4EFE8EA270FA6600811206830480BE953809F74FAB80628DF879 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
01:36:04.0500 0x12d8 partmgr - ok
01:36:04.0553 0x12d8 [ 0ECA2ADD5FBCE73183A68935C71B40B7, 08CC5F2F10D1DD1A1396CC29196314003491D3AF3DE59CADB281F252577F1860 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
01:36:04.0586 0x12d8 PcaSvc - ok
01:36:04.0630 0x12d8 [ 1D4E995955BDAE781C46CB97AE1CFB58, FF7475F19782CA253AA839DDB86E5AC20C5785D5CC1DD57D9FECBE4F5A5C0BFB ] pci C:\WINDOWS\system32\drivers\pci.sys
01:36:04.0647 0x12d8 pci - ok
01:36:04.0677 0x12d8 [ 2B4D98DF0CA57FB9536DBC80D2449D1F, AB34FA8585A20854369C0FAEB18BF5C7734D7E3C791F644B0576E40D609FCD09 ] pciide C:\WINDOWS\system32\drivers\pciide.sys
01:36:04.0681 0x12d8 pciide - ok
01:36:04.0708 0x12d8 [ F4D5793BF2E58AF15C6CF2FEEF9E73EB, 9B5A40AF8838063F8F0A2B1480B39A2711AAE78BD972CDA60CCA0EB2BA211A87 ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
01:36:04.0714 0x12d8 pcmcia - ok
01:36:04.0742 0x12d8 [ 22A53744CEEADFFFD33BA010FAD95229, 30B775EC9795105B8BF785BD63115C160955E7EFF74B995D3EC288138D1825A3 ] pcw C:\WINDOWS\system32\drivers\pcw.sys
01:36:04.0746 0x12d8 pcw - ok
01:36:04.0772 0x12d8 [ 48F3A3222CF340FE31535CB6D49C6D6F, 5F8904871219FA6C1BD74747583855B0FBCE42F340A3BE10270D8D3F02766E9D ] pdc C:\WINDOWS\system32\drivers\pdc.sys
01:36:04.0778 0x12d8 pdc - ok
01:36:04.0850 0x12d8 [ E2F8376F9731D12A009C522036C6073A, 5B8B68D3C013AAA8ED368C97042984C35E8D023542DBA404E7A03E89F2357E66 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
01:36:04.0887 0x12d8 PEAUTH - ok
01:36:04.0913 0x12d8 [ 1398A85E59698067CBBE1D66A9C13ADF, E3609F183068BFAED756B2F9237181D60A6F6D78691248B8BF5B0AEB6A367E3D ] percsas2i C:\WINDOWS\system32\drivers\percsas2i.sys
01:36:04.0917 0x12d8 percsas2i - ok
01:36:04.0941 0x12d8 [ 35F7C7AD709D909D618D9EDF987FC3ED, EE713E33688E74C5A2546CC58EBD8EA8F8116F25E42DCF8DA21DCBC7C7590E0E ] percsas3i C:\WINDOWS\system32\drivers\percsas3i.sys
01:36:04.0945 0x12d8 percsas3i - ok
01:36:05.0045 0x12d8 [ 0DAF7B7D85F7AF38E29161460899C63F, F2609F2BD02C714857F5D5E6EF580643429C54E175AA72D38467F8F3A4E7F59F ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
01:36:05.0050 0x12d8 PerfHost - ok
01:36:05.0147 0x12d8 [ 57606281E23B0F53347527691E947B2B, 7030182E706CEBE6BD52BDC71CA8F2230AD445AE6554188E76F09A5E2612BD2E ] PhoneSvc C:\WINDOWS\System32\PhoneService.dll
01:36:05.0191 0x12d8 PhoneSvc - ok
01:36:05.0238 0x12d8 [ 04F7878E7017105AB782353231561749, FB2811D98216720D4FDF0AC0EDF16C6CD33D7224B4CAFA752B4D2A839E6DD88A ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
01:36:05.0255 0x12d8 PimIndexMaintenanceSvc - ok
01:36:05.0400 0x12d8 [ A546F72EFFE5CBBC98003A0CA19DA0F8, 89AE396676A37D851F46427E421E8E8ED5B4BADC33023F1E215CC352A4110F44 ] pla C:\WINDOWS\system32\pla.dll
01:36:05.0480 0x12d8 pla - ok
01:36:05.0525 0x12d8 [ 15BA68662CED4B0618010A54478E18E5, 1B913BFA7AA11F3A82D80E95FC4857B810D341F9E68545710F90EBE44DAC1DF8 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
01:36:05.0536 0x12d8 PlugPlay - ok
01:36:05.0555 0x12d8 [ 6BF7093B27EA90FD9222845D19C1BE5F, CF8A6764BB6B369258F21FD303E4CAE08632195620A0BD66B62F62F5D7B762B8 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
01:36:05.0562 0x12d8 PNRPAutoReg - ok
01:36:05.0609 0x12d8 [ 334131C162B118EF49930D41B0E17825, 10EF08870B6E118AED2E0E3F45E06BA8A485439823BE98F44E34E7D2B65AA2EF ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
01:36:05.0631 0x12d8 PNRPsvc - ok
01:36:05.0681 0x12d8 [ 5A91C28F99043215121499257468C4BD, 816D2AEBA29B8A050747E01CE11EB12A05C1CDDF91835C44BBB6A7B9D348B15A ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
01:36:05.0704 0x12d8 PolicyAgent - ok
01:36:05.0733 0x12d8 [ AE3B1056FC1795F18D990C4908A6ECBF, 1C41F7714EBF54DF358D9B19D6AFE7281D3EABE20038B568A12031B76E1D50D9 ] Power C:\WINDOWS\system32\umpo.dll
01:36:05.0746 0x12d8 Power - ok
01:36:05.0777 0x12d8 [ 5BA6B9AD03B81546BA64E488C4EF9D17, C43442577685FA1A7C32094B2F14FC92BA6B511FD9FDBA6FD82473A1B165FC61 ] PptpMiniport C:\WINDOWS\System32\drivers\raspptp.sys
01:36:05.0783 0x12d8 PptpMiniport - ok
01:36:06.0139 0x12d8 [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
01:36:06.0320 0x12d8 PrintNotify - ok
01:36:06.0363 0x12d8 [ 21AECFF3EB5748CBE12538A2500EFDE5, A1679F21363E99E3698B9C6F7E7E3BB2877D47089BC381AF0C51B1DD8B24325B ] Processor C:\WINDOWS\System32\drivers\processr.sys
01:36:06.0371 0x12d8 Processor - ok
01:36:06.0425 0x12d8 [ 7E0078F1EFEB6F8F47CF85C1D73C7EBC, 831BC3CE72F29AD259DEE7121D6F785CE0A8462CFB69DD7FB1F3BDAF16CDBF3E ] ProfSvc C:\WINDOWS\system32\profsvc.dll
01:36:06.0446 0x12d8 ProfSvc - ok
01:36:06.0481 0x12d8 [ 596FB6C5A72F34B7566930985E543806, 870B43783DB4CF845FA72BC5E40CE76BE6DFC66FE9E9B4B0A52D6B7FE7EA65FC ] Psched C:\WINDOWS\system32\drivers\pacer.sys
01:36:06.0490 0x12d8 Psched - ok
01:36:06.0542 0x12d8 [ E84F66BA185934C166F8DF0FA8F88455, 2E0380E98DA29B3F43FB3FE0E1ECA52B3C9AEF54CE982D5514F70FAE81758449 ] QWAVE C:\WINDOWS\system32\qwave.dll
01:36:06.0561 0x12d8 QWAVE - ok
01:36:06.0595 0x12d8 [ CFBA9C976CBF6796E5DC39EF59984021, A1C956AD828FC70ED92D702516E0F88A4BDAF8C93C571D7CA20F1695FD8E70C2 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
01:36:06.0598 0x12d8 QWAVEdrv - ok
01:36:06.0625 0x12d8 [ 7B2AD8C55217B514C14281AB97B4E21D, A1E295897B864B9C0177FF1C502EB060084A1783C0E7E53636291F901C2E2AA8 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:36:06.0627 0x12d8 RasAcd - ok
01:36:06.0672 0x12d8 [ E15A9CE1E2E7D1C8DF97A4FC1FFE6289, 44B53418D6BC51ACC567CF6917A0981889B44AE420489C9C03F5A30418B37267 ] RasAgileVpn C:\WINDOWS\System32\drivers\AgileVpn.sys
01:36:06.0678 0x12d8 RasAgileVpn - ok
01:36:06.0716 0x12d8 [ D60BA4C76D194472D6602FF3D2D51ADE, 01272663897685C75FFBC3F1C0CFDB8D0E1A58182049E0B607D634536A8F6400 ] RasAuto C:\WINDOWS\System32\rasauto.dll
01:36:06.0726 0x12d8 RasAuto - ok
01:36:06.0765 0x12d8 [ E3C82823B22463BC38AA4F8ADA852624, FF601B117F4003E2CC65B6143C2A270331EB257EE82B3BC020247D1AB1CD625F ] Rasl2tp C:\WINDOWS\System32\drivers\rasl2tp.sys
01:36:06.0771 0x12d8 Rasl2tp - ok
01:36:06.0841 0x12d8 [ 3655D86C5E2982B131FC0935DE24F98F, 0386B31FECDDED77450609A807097B2307361CB59B236DEC41037BDC95897463 ] RasMan C:\WINDOWS\System32\rasmans.dll
01:36:06.0881 0x12d8 RasMan - ok
01:36:06.0911 0x12d8 [ 3369023EB5790A75BA7DABA14B75D922, 36B63D5B74FDC932AAF1A876514024602D2F3EAF2CA33D1247CBA1E52FDB0418 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:36:06.0916 0x12d8 RasPppoe - ok
01:36:06.0956 0x12d8 [ 1E32A8CD65C4AD0A827CFEB13034DA29, 5D9A92E13020D994CCD39F701BACAFE2177A40A9CC89649441B91E3F3DECD911 ] RasSstp C:\WINDOWS\System32\drivers\rassstp.sys
01:36:06.0961 0x12d8 RasSstp - ok
01:36:07.0013 0x12d8 [ 2B648363E4C5E34B469C58596F377DD9, 30F82770468BBA562CEA0E9E39B24ACEFBE022343D0180C82E2ACE8957B73E44 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:36:07.0035 0x12d8 rdbss - ok
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: I think I could be infected help please!!!

Unread postby rmrrar » April 20th, 2016, 3:00 am

01:36:07.0070 0x12d8 [ D0221C13960E274CC539D72D5A842ED0, A5A961506B9D7429D97D0635FD69E74736C0E8405487E1D22BB5CD978A60044C ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
01:36:07.0074 0x12d8 rdpbus - ok
01:36:07.0105 0x12d8 [ 1DC2CC74B51E4DC4CD5A20C1021E4010, 46B7D17EE27439F2191504D1C6F6C70B2540BD4F2261DBB1F4BE783BEA99B04C ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
01:36:07.0115 0x12d8 RDPDR - ok
01:36:07.0156 0x12d8 [ 177DF954D0DEC0465A380C75F6E7F65F, 6B30C78223029BD5DBA586BF961968F85762209BA55CD031460A215B20F93AB2 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
01:36:07.0159 0x12d8 RdpVideoMiniport - ok
01:36:07.0194 0x12d8 [ 5D1680871054D2B0B8A971BC8AB3B837, 9CAB0B2E3857829D34A82A78B120D07E292D4D5060168D964295EB23339B7DE7 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
01:36:07.0207 0x12d8 rdyboost - ok
01:36:07.0284 0x12d8 [ 341E6830DA70F65730300DAB4CB0B490, 341EC8DB5E39963EF89E726F08730AFB2356C3BAD71CCE9EECCAB4D9B31C4863 ] ReFSv1 C:\WINDOWS\system32\drivers\ReFSv1.sys
01:36:07.0332 0x12d8 ReFSv1 - ok
01:36:07.0402 0x12d8 [ 8355BCA85B0928382DFCDD02FCD1681A, F306F038DA09C8D2095C311818E2F991B55BCD96B40B95D2A53A60EA6AC37014 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
01:36:07.0432 0x12d8 RemoteAccess - ok
01:36:07.0464 0x12d8 [ 2C82F4DCABAB389CEBB1C9E86C715C9C, 70354621D3D467616A419A818C54D2C89EA013C5050BA9944E3A7A4F25CAD6BA ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
01:36:07.0477 0x12d8 RemoteRegistry - ok
01:36:07.0578 0x12d8 [ 518A992A6700A86A47F79388F91737C0, 29B5D48F1E360714F9BCB26939AD49ED07F6D9C82E0DB5C9C6AF5B0BBFF04341 ] RetailDemo C:\WINDOWS\system32\RDXService.dll
01:36:07.0640 0x12d8 RetailDemo - ok
01:36:07.0720 0x12d8 [ 9E18DF158751CF968E7DF83256D70233, 89385DA5ABD283F289E37D7D9E33358B06216E9B3659B2E70F19FD5BA49C7F90 ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
01:36:07.0742 0x12d8 RichVideo64 - ok
01:36:07.0773 0x12d8 [ 176D8470B15CD9080861594F9A33FA01, CFB66D7FEB9465985C2866D64EA03B7E7BE830DCF6C02B3FE2244D7F7E5343E2 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
01:36:07.0782 0x12d8 RpcEptMapper - ok
01:36:07.0805 0x12d8 [ 1A563653DAEDFE4CA81936E0D2FD8B56, 308B0DFEBA63333D407093C449A08ABFECE118C9274100809356BDAF7FA32EB6 ] RpcLocator C:\WINDOWS\system32\locator.exe
01:36:07.0809 0x12d8 RpcLocator - ok
01:36:07.0884 0x12d8 [ B339861C6A2A86FBCA67C2006B461473, 228ADC8A8603C0A4342C6CBC6F2CC919271D42391365061AF660E0D7151C66A4 ] RpcSs C:\WINDOWS\system32\rpcss.dll
01:36:07.0934 0x12d8 RpcSs - ok
01:36:07.0989 0x12d8 [ C8173EAA7EDAC1DB9063139A5FD57BF4, 0BF33C42C03A870D95E2556AC37D0ADC42C848C57E7B087A4058829065A855AD ] RSP2STOR C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys
01:36:08.0007 0x12d8 RSP2STOR - ok
01:36:08.0044 0x12d8 [ 0AC5FCDC29ED97ECDEF1276425EE2059, 8A12D1732D4AA18A9ED8416F4D4A49B81CE7C4C86ABCEE8FF28A16EA61993CFE ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
01:36:08.0049 0x12d8 rspndr - ok
01:36:08.0125 0x12d8 [ 12A3D1530E3F67B8664EBA923A3981E4, 8670C39EB0A7C37C17D014A8917493B776DE0829B55EFED13D91B6FA7B81CA11 ] rt640x64 C:\WINDOWS\System32\drivers\rt640x64.sys
01:36:08.0174 0x12d8 rt640x64 - ok
01:36:08.0240 0x12d8 [ C397166D21F4CD59D5AF339F8938CD0D, AC65C3238B0793BDDB43992AF1FF09CC70DA1DB89B8722A312FC1EF8BC97E272 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
01:36:08.0257 0x12d8 RtkAudioService - ok
01:36:08.0308 0x12d8 [ F9CBA964C9AEA40ADD0108268E0194EC, 60AD8F8BCA709733482A42F05B33949CEA1316E6A4706EDD5E721215BFCA6506 ] RtkBtFilter C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys
01:36:08.0344 0x12d8 RtkBtFilter - ok
01:36:08.0641 0x12d8 [ DA9716AF2DD1B03CD0B65FC26D4DC786, F5C209D0231BBDA7FD8E3A69EA43F5CABE74C4A1BF88046A023496A938B52BD2 ] RTWlanE C:\WINDOWS\system32\DRIVERS\rtwlane.sys
01:36:08.0924 0x12d8 RTWlanE - ok
01:36:08.0973 0x12d8 [ 044890BB0D6CF1E23C1087234D320509, FA6C79D24BE4ACCFAC617D2850B922BFAA7C2766AE625C725F3ACF43C934EFAF ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
01:36:08.0975 0x12d8 s3cap - ok
01:36:08.0995 0x12d8 [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] SamSs C:\WINDOWS\system32\lsass.exe
01:36:09.0001 0x12d8 SamSs - ok
01:36:09.0040 0x12d8 [ 530F797129776AA7E81994783A97E2AD, F131EF036702C6E741E5A6851AE07E81043CE8BAEED0768838C0F31CE14FEC1A ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
01:36:09.0047 0x12d8 sbp2port - ok
01:36:09.0088 0x12d8 [ 0C12493B333B96797AFC5F3C7831C051, BEE786D7ED14221B1A9450060597393AC44116D776B913E045B5F6066D720F74 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
01:36:09.0105 0x12d8 SCardSvr - ok
01:36:09.0138 0x12d8 [ 40110802D217FE1CB581D9A70B1FD16F, CCB920593CCC6663676039F3F731536DFEF535C3F715F6DB6F34D0D733BEF89B ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll
01:36:09.0152 0x12d8 ScDeviceEnum - ok
01:36:09.0179 0x12d8 [ 9B6B1D4DB35A3D9BEAF023BC95E1F49D, CA44124CA3E9958FB77A891CD234A993B63E8AC6632AE801CDEC6666267E7C7E ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
01:36:09.0182 0x12d8 scfilter - ok
01:36:09.0280 0x12d8 [ EA195B8BC11C1CDB313CFD456EFFA0E9, EEDF349C59ED0645B04040707906BB4496527243858C2A6BE46BE7029B4A7F37 ] Schedule C:\WINDOWS\system32\schedsvc.dll
01:36:09.0335 0x12d8 Schedule - ok
01:36:09.0381 0x12d8 [ 4E9158CECF77A029AB98E8FBB43FCED5, AFF8BDB8F8F8DDF4FC0D65712E031DC360856CD3CE5C8A4C8FF960388F37462F ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
01:36:09.0392 0x12d8 SCPolicySvc - ok
01:36:09.0435 0x12d8 [ B24408471C1BCB17FC44F5B47EA8DEA3, 1CFE07C793F2A3D883E9071B8703C01A7619C8C0A02AAEBAA1130F36654AFD4F ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
01:36:09.0450 0x12d8 sdbus - ok
01:36:09.0490 0x12d8 [ 811EC0B1221402FCED0BA37E112BF627, 366EB8AF04C603BED6CF53652CC937099B247D5DD8C58D699D0D8DA22F8FDD51 ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
01:36:09.0502 0x12d8 SDRSVC - ok
01:36:09.0535 0x12d8 [ DE6D7DC78D956928F59F7415A0F41E13, C0F8EEED29BF63A0D8FB5A0286C1C768BFEF598EC52715D910B5BB1A76231805 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
01:36:09.0542 0x12d8 sdstor - ok
01:36:09.0572 0x12d8 [ EBD07BD20B5E0E92A398566EF8720F79, 8A88C861D4113B9938C32CBD28FD3D7F1C3133E700E23E17F5DFD7B26CCDA04A ] seclogon C:\WINDOWS\system32\seclogon.dll
01:36:09.0579 0x12d8 seclogon - ok
01:36:09.0607 0x12d8 [ B7B9EEBCB7466338403A75D15AC120D7, B8F79DA71F8CD0F30983F7D92B625A431C212DD543DE2B3DC03EC5A68C41B00D ] SENS C:\WINDOWS\System32\sens.dll
01:36:09.0615 0x12d8 SENS - ok
01:36:09.0725 0x12d8 [ D14DD7D766664F880FECF44CE6017966, ECF966E3ACF4EBD5A3259468A076619A539E35F1B97AB6A98FBD7882F1FBBBAB ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
01:36:09.0794 0x12d8 SensorDataService - ok
01:36:09.0845 0x12d8 [ 45D26646E3AD737E5DE3DB91CCCE7DBA, B05AB32700998C8347BC5797B18EB97F303FCB2302BED852348F2703DEDE72F9 ] SensorService C:\WINDOWS\system32\SensorService.dll
01:36:09.0867 0x12d8 SensorService - ok
01:36:09.0906 0x12d8 [ 7363A65C738F5A5292D7BDBE55D8C3C2, C53C10A0AE58613DFCC91E62E004D9B188E4793C2A19B4BE871A705EEE77048E ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
01:36:09.0920 0x12d8 SensrSvc - ok
01:36:09.0958 0x12d8 [ 67585C295FF2D221679E376B68893B35, 4B5E9A8DA8C6F7B1F7129F80A0603503D467E5650306FB4C309977D74037E46B ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
01:36:09.0963 0x12d8 SerCx - ok
01:36:10.0004 0x12d8 [ B8C4852CBCAAC1374C08EC7445443824, DDE577A81B3E11B5B56096317BC47AA6E286573042407B96A9D29BE981F3FA4D ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys
01:36:10.0014 0x12d8 SerCx2 - ok
01:36:10.0038 0x12d8 [ D3A103944A8FCD78FD48B2B19092790C, 252DB8395DA8639E748658D3BE7863C1700E27AA5C41BB700CFCE193FE3F04E9 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
01:36:10.0041 0x12d8 Serenum - ok
01:36:10.0075 0x12d8 [ 249A563C48DFD9E42A37587653E003BB, D022FAE2B7AC9D99B9F230A4DF0B045891588162587E1F468B5E05C8DA98AA9A ] Serial C:\WINDOWS\System32\drivers\serial.sys
01:36:10.0080 0x12d8 Serial - ok
01:36:10.0094 0x12d8 [ 0F5B43074AE731D2C6F061241C9D84A6, 05CFEB30A4FC11441552D37687608C8C2FD6DC2F2266AE9D6526753E26283DE6 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
01:36:10.0096 0x12d8 sermouse - ok
01:36:10.0188 0x12d8 [ CD90E445F6458512A5BA884D561EFCF1, E792FAB8AFF4126C1977024060842D788A06475139782896AFD7B39C85FCDF3F ] SessionEnv C:\WINDOWS\system32\sessenv.dll
01:36:10.0213 0x12d8 SessionEnv - ok
01:36:10.0248 0x12d8 [ D9FE59276BD56A9643C32D5FACE2F251, 591862D868A545F468496DE97DEE42C9DB3AFBFC0881CBA79EB6641A254AF033 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
01:36:10.0267 0x12d8 sfloppy - ok
01:36:10.0334 0x12d8 [ F8083C536BEDE61AFB4069D8A8C16DA7, 13AADAD7B5582911B8ABBE0CF7132CC517F7413A361CCF8ED502F803D061FFA3 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
01:36:10.0361 0x12d8 SharedAccess - ok
01:36:10.0451 0x12d8 [ AE6E4D3172FBF45B944668CB3998B8A8, E7D7F98CB464C236A17069987F7B678D7688D9D577334151EF09DF5C6F22AFFC ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
01:36:10.0491 0x12d8 ShellHWDetection - ok
01:36:10.0502 0x0498 Object required for P2P: [ 2619DC483579DB9FE804044C1ADFFD1A ] dam
01:36:10.0526 0x12d8 [ ABBE803FE0BDAE0E5BE74DDEFBE62F23, 5009F489F7A6D66628C23A0FA3D7632399D0AD72BD11A1B70D7E768ED507377D ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
01:36:10.0530 0x12d8 SiSRaid2 - ok
01:36:10.0552 0x12d8 [ 6043DF55CFE3C7ACF477645FA64DEA98, 0E18EF8EC589841BC319C17FBABA7383FD247C9441ABF64A0D830976F3E611AE ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
01:36:10.0559 0x12d8 SiSRaid4 - ok
01:36:10.0591 0x12d8 [ 121612DB621807EA828EE2A0F25041CF, 6F3733D164B9172D658A5B486208404458122C1E7DA62B8DA22D5A3D5B1D01AD ] SmbDrv C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys
01:36:10.0596 0x12d8 SmbDrv - ok
01:36:10.0608 0x12d8 SmbDrvI - ok
01:36:10.0644 0x12d8 [ B922D32039A3B5991E64429EC4EE52A9, 5EB7EB1F6D2C25F06044D8CA9F3BA0471FB40C8C96432BDC2C80CC36DC49BA0B ] smphost C:\WINDOWS\System32\smphost.dll
01:36:10.0650 0x12d8 smphost - ok
01:36:10.0715 0x12d8 [ F07301C282AA222C33F8C28B4F545275, 2938943A3A62B33C8296DF3B57897D32293F5395A5E2A01C76B0160A98C12520 ] SmsRouter C:\WINDOWS\system32\SmsRouterSvc.dll
01:36:10.0750 0x12d8 SmsRouter - ok
01:36:10.0787 0x12d8 [ 0B6BECB2651EF947249CDC3715E8B9CC, EB7281AF3529DE16FE8CD0C0C0C8877641865A5864D58628DBAB865B510B0D0B ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
01:36:10.0794 0x12d8 SNMPTRAP - ok
01:36:10.0853 0x12d8 [ 1A6CB30F0EFC1632E6F1B852CA892583, 0E6BDCEE837AEC3D02C437478143C75550C94A50E36895DDB095F54A2FA18E2A ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
01:36:10.0882 0x12d8 spaceport - ok
01:36:10.0910 0x12d8 [ E1C158F6C00359278727A2CEE5D2ED71, 1591F942C6DD99D3BA7FD4D72D957864117B2263F205468A15F1D1417C6F799D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
01:36:10.0915 0x12d8 SpbCx - ok
01:36:10.0991 0x12d8 [ D1241DFC397FA8CCFB4BB4B63AAD31AC, F8C57C2F7CA8B6D8FEE1505A143A3FECF502C8DCFFC375F9C8848A87D9714C9E ] Spooler C:\WINDOWS\System32\spoolsv.exe
01:36:11.0033 0x12d8 Spooler - ok
01:36:11.0464 0x12d8 [ 7C58AFEC26E9F7730A8AA7FD40225937, 546EAD8889F2A1BB6DCCB7781976B975F34DA1C9047F95FEAA52CF38EC60C6DD ] sppsvc C:\WINDOWS\system32\sppsvc.exe
01:36:11.0796 0x12d8 sppsvc - ok
01:36:11.0922 0x12d8 [ ACC1709EC7FE6EB8999DBC91C50C2B34, 83ABF51751A264291C53A32B86239A607361E56CB045CD2CBE6E41DBB8A01F54 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
01:36:11.0944 0x12d8 srv - ok
01:36:11.0959 0x0498 Object send P2P result: true
01:36:11.0982 0x0498 Object required for P2P: [ 9A2A2F3C69B9A30B6E78536F6D258BAD ] iai2c
01:36:12.0011 0x12d8 [ AFBCFC946FAE7483E27BD316D03F94A5, CC9478EA717E85C38304957E923997821DFE2A995D7C8DF98C15267D952BEFBE ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
01:36:12.0048 0x12d8 srv2 - ok
01:36:12.0080 0x12d8 [ 107C1EBE79710E4A759449BD6604245A, 963D693F4E61EDC7B3AA9006CC274D56E577CE0035A61DDB2A6DE72116D5C52B ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
01:36:12.0094 0x12d8 srvnet - ok
01:36:12.0143 0x12d8 [ 8C1786C073A496B8C0C8A5450A4FFD5B, 13BF3B42A63CE6C461259D4CE767FB0DE1F10433512A11D2B2C033E36E652542 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
01:36:12.0160 0x12d8 SSDPSRV - ok
01:36:12.0207 0x12d8 [ 217A982201052EFC8C3C0C88D229791C, 11509E3446ED7B75C9A05CDC4A7AF18926CB463E0D98BAE1CD5DB43E88F94F90 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
01:36:12.0223 0x12d8 SstpSvc - ok
01:36:12.0270 0x12d8 [ 9B74226E10CD57E965F87014841016F9, 95C76049DBBF3B31A9B01CFD0EDAAC47DE9A1F096B61D05C47FB85E1AFC07288 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
01:36:12.0344 0x12d8 ssudmdm - ok
01:36:12.0381 0x12d8 [ 91C1A7291C972AAABFEC32F706F464E9, 2FFF9197D60A46207DC8EAD2B2625E27AB6E95B97C281036B2EA70ECBA118BFE ] ssudserd C:\WINDOWS\system32\DRIVERS\ssudserd.sys
01:36:12.0449 0x12d8 ssudserd - ok
01:36:12.0644 0x12d8 [ 58863C57E4598C4F9DA967C5C36CFA5D, BB34FBC324E84E05128258CE3755241ECB63F7F2AE7F96716AC373931FAF92A8 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
01:36:12.0786 0x12d8 StateRepository - ok
01:36:12.0817 0x12d8 [ CCDA497C880AD16D87EDFAEFCFB2EDF5, 622599AA35ACFF0375DA252210BE42E7E90F30EDFEFF2F62FDB14AE6E45B5F88 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
01:36:12.0821 0x12d8 stexstor - ok
01:36:12.0896 0x12d8 [ 75476CAA8FA0A4E573948CDE8C7F0304, 68C4405CACA77AEED71761875A9AF60BCFBDD39E356BEA1BA8226E099BAA5FA4 ] stisvc C:\WINDOWS\System32\wiaservc.dll
01:36:12.0928 0x12d8 stisvc - ok
01:36:12.0969 0x12d8 [ BF8EA6FC3358C2F69678E3E94F764F84, D274DAD7B5756DD49CA44277C73497F1EC465C8E365CC730CD194932C3825920 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
01:36:12.0976 0x12d8 storahci - ok
01:36:13.0001 0x12d8 [ 32FF460DA8C1F370F5C08B7654899B73, 0C9D5D38D033109BA672ABAFEF0F0CD295E9FFA108ACFCA9044429D9B2CA9057 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys
01:36:13.0005 0x12d8 storflt - ok
01:36:13.0025 0x12d8 [ CC21DB3EF619B9480FE31A4EFE92CBEB, 256EFCA2F231F41D34250E1460BF88894D943EAE83A0B153FCADE700AB4DE11E ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys
01:36:13.0030 0x12d8 stornvme - ok
01:36:13.0050 0x12d8 [ 390B8A75768E2689586539C224520895, D72F52E6D7AC5DC318FF9C1DF1F4E8A435D65B6BB59D7F1642222EC026BC54DB ] storqosflt C:\WINDOWS\system32\drivers\storqosflt.sys
01:36:13.0054 0x12d8 storqosflt - ok
01:36:13.0123 0x12d8 [ E5C3042B68D4EA89B3C52E150E553DA0, 83428E8EFC584778745F6B30F6F8FD96A645AD33F39AA955E97F9A0D458847B1 ] StorSvc C:\WINDOWS\system32\storsvc.dll
01:36:13.0156 0x12d8 StorSvc - ok
01:36:13.0188 0x12d8 [ 770A92D9D3A0BF61C97C3AFCB36847D9, 21A8CC3F8E63B971C4FF8DDED5C7032E093A7B0F16E2128A9BD2E890BA76A1D9 ] storufs C:\WINDOWS\system32\drivers\storufs.sys
01:36:13.0191 0x12d8 storufs - ok
01:36:13.0209 0x12d8 [ 736A2418E3E7F3DB3CF6EB0A55D1D581, 2D3BBC4E0C7B51EDE7479A978E4BCD5F47A7257745179F01D2D9ECFD83CCCC82 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
01:36:13.0212 0x12d8 storvsc - ok
01:36:13.0234 0x12d8 [ FA8F6E3AD3F92B35D2673CC9FD20429C, 62F81CBACF7E16FEF9DE3BE95FA5C9BDB51BAE4667AE5AE71399864A390FF6D5 ] svsvc C:\WINDOWS\system32\svsvc.dll
01:36:13.0242 0x12d8 svsvc - ok
01:36:13.0272 0x12d8 [ BD98B0225BCD49E8A62F4F8EE1D1F613, CDAD11969B2DA417079547724BECC3DB4FC4711B3C01590EB0D02774B69B6D90 ] swenum C:\WINDOWS\System32\drivers\swenum.sys
01:36:13.0274 0x12d8 swenum - ok
01:36:13.0320 0x12d8 [ 22E539A9B96C66A713583EC017562616, 210DA61DFC7AA9AD23277D9CC0239B781F4EABD322D0803AEC9434D68B81FABD ] swprv C:\WINDOWS\System32\swprv.dll
01:36:13.0349 0x12d8 swprv - ok
01:36:13.0388 0x12d8 [ CAE4B27B469C583131EA5AAE622F5D76, 3979006EB22489D1AAD2EC2E9F32C286EEDCDB83B37B97E58BA831263EC33B84 ] Synth3dVsc C:\WINDOWS\System32\drivers\Synth3dVsc.sys
01:36:13.0393 0x12d8 Synth3dVsc - ok
01:36:13.0460 0x0498 Object send P2P result: true
01:36:13.0461 0x0498 Object required for P2P: [ 59A20F5AD9F4AE54098154359519408E ] iaLPSS2i_I2C
01:36:13.0502 0x12d8 [ 29B527CA317F7C3627DA3FA047F2136E, F7B7104195A57BEC93838B0FD55484A94D09F729801C4D48DAA33E6F6A1A5D86 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
01:36:13.0604 0x12d8 SynTP - ok
01:36:13.0680 0x12d8 [ F709B53D7263C28FDFEED5D6C48AE9CB, 5B590A7CE35C96E05CBF405BF73944A9824F55613D38E803C3F2CEE6C88DA447 ] SynTPEnhService C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
01:36:14.0534 0x12d8 SynTPEnhService - ok
01:36:14.0615 0x12d8 [ 34A3EB84B2A830E6F450B8F885AE4E6E, E61AC6D17B815CB71F26D71CA3CCAFD9E66A170E3ED2E64A4F20D097A0C683B5 ] SysMain C:\WINDOWS\system32\sysmain.dll
01:36:14.0668 0x12d8 SysMain - ok
01:36:14.0717 0x12d8 [ AF2C8D7C1D4DCFD5C31501F009DF42B7, 3DDF9353F014EE99B031BBC969620CA07647FBB8D78EB4697C8D633021B46B11 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
01:36:14.0738 0x12d8 SystemEventsBroker - ok
01:36:14.0769 0x12d8 [ 6979A147C0D5C5CAB621ADC394D32B80, C30B8E3D271A1591D965559EA4A11A1BE63A34D832ED53B26CE91799C888DF77 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
01:36:14.0781 0x12d8 TabletInputService - ok
01:36:14.0806 0x12d8 [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\WINDOWS\System32\drivers\tap0901.sys
01:36:14.0810 0x12d8 tap0901 - ok
01:36:14.0840 0x0498 Object send P2P result: true
01:36:14.0853 0x0498 Object required for P2P: [ 807A6636828E5F43C10A01474B8907EE ] MSDTC
01:36:14.0861 0x12d8 [ 86B62FC8CB89946446F9B24FE49A66FD, 7B095310D1C78B82E5ACAC4713E101DD1323A3CF6FB39218C2E78ABE2B0385B5 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
01:36:14.0886 0x12d8 TapiSrv - ok
01:36:15.0060 0x12d8 [ 083A727D784009F9CCFB120C7841B7AF, 14242ECC3EB17154AD856A2C5229324BA6914291F4E2CD93E6AE251A31130448 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
01:36:15.0181 0x12d8 Tcpip - ok
01:36:15.0351 0x12d8 [ 083A727D784009F9CCFB120C7841B7AF, 14242ECC3EB17154AD856A2C5229324BA6914291F4E2CD93E6AE251A31130448 ] Tcpip6 C:\WINDOWS\system32\drivers\tcpip.sys
01:36:15.0473 0x12d8 Tcpip6 - ok
01:36:15.0527 0x12d8 [ 17F37EC9042D84561C550620643D9A85, B01620BA319A1383D403E6E50C7724879520F3267654556D975CAFFF91A82C78 ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
01:36:15.0531 0x12d8 tcpipreg - ok
01:36:15.0579 0x12d8 [ 91D3F2A6253EF83EFBD7903028F58C4D, C15768CCCF734093B0F8A5E76882B35927B716E4F14D91ACEE897E1C078D43D1 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
01:36:15.0586 0x12d8 tdx - ok
01:36:15.0615 0x12d8 [ E730D0EB1B84EBC98423FC8D285EDBC0, 442DD433F9D22304E64EC7ACFC4E04892D4D92D8AC545A3530FC932A2EEC4767 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
01:36:15.0618 0x12d8 terminpt - ok
01:36:15.0707 0x12d8 [ 14307D4801C8CEF0A615907C09E886B3, C7F34C294D70DE689F673E0B5E9253B27EFEBBE6FA38B68B3B0B0374A896407E ] TermService C:\WINDOWS\System32\termsrv.dll
01:36:15.0764 0x12d8 TermService - ok
01:36:15.0800 0x12d8 [ D009D1BC14FD5F2AC93D1878735F6C39, D8BCE505B66E05BC00075E46B38359CA4D0FA484EB7981A74221885E8A1FFB87 ] Themes C:\WINDOWS\system32\themeservice.dll
01:36:15.0810 0x12d8 Themes - ok
01:36:15.0860 0x12d8 [ 5F27DE2082E16D4C1D6C627C8ECBD341, 08DA3EB3EF2B2006B6F9F2C8C149DF55DE6738975D556206A814096CAB5C1411 ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
01:36:15.0879 0x12d8 TieringEngineService - ok
01:36:15.0949 0x12d8 [ 62300878366762EABAC7834543964A6E, 84E3DE6C93B31CBA71BA90669EB52C3122774E0EF803390EE8A483164D2CFE18 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
01:36:15.0980 0x12d8 tiledatamodelsvc - ok
01:36:16.0023 0x12d8 [ 7E81E3E0D7F83BFE3C3975020B6C7F12, 316F9415646CC7A4E9A5F1E07310D433457E623B3E589543E4A6C73C4F77712C ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
01:36:16.0037 0x12d8 TimeBroker - ok
01:36:16.0070 0x12d8 [ 169B0A246067457FEF8A18EED7EED9D5, BF5AC0CB29E1E456253B881CD0608B578D7343E9DFE1738A14598D1DFFE1AB66 ] TPM C:\WINDOWS\System32\drivers\tpm.sys
01:36:16.0082 0x12d8 TPM - ok
01:36:16.0118 0x12d8 [ AA84AF93CE5AF1F05838B51D20295419, 85B3EE773C691EEDFA080CD9C59D31CB58A5BC577AEE91A929F5DFBE1368AB6D ] TrkWks C:\WINDOWS\System32\trkwks.dll
01:36:16.0130 0x12d8 TrkWks - ok
01:36:16.0181 0x12d8 [ E50DD57F496CED8873FA3E7D38BCCD42, 36B95F6F2CF48078C6B19FB452C87BB07E95C8804A5C6B526D349AC6227CAB26 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
01:36:16.0188 0x12d8 TrustedInstaller - ok
01:36:16.0220 0x12d8 [ 48E828C66AB016E48F2CB4DD585315FD, 063809B610F6B177B65D62D12605FB94F108DB26A9FD3067E6D6C51F0D92E774 ] tsusbflt C:\WINDOWS\system32\drivers\TsUsbFlt.sys
01:36:16.0225 0x12d8 tsusbflt - ok
01:36:16.0255 0x12d8 [ 267C76EE60736EA5A1811A53FA02AABE, 28D4C4CB972534204B8336D0403B70E4EFE4F8369ABDE7401FFCCF7D4E3EA165 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
01:36:16.0258 0x12d8 TsUsbGD - ok
01:36:16.0292 0x12d8 [ 8CE72F094B822AD5EE9C3A3AFC0C16B6, 827CCD849544E1DA364B03DBC82A848D2F93AD32BA14ED52709C609BC70CE5CA ] tunnel C:\WINDOWS\System32\drivers\tunnel.sys
01:36:16.0299 0x0498 Object send P2P result: true
01:36:16.0309 0x12d8 tunnel - ok
01:36:16.0369 0x12d8 [ 56C238ACFE4CB020D3E38508249039EA, 172868080F07D98175229A02410FE751B5958ED5A3D567D4AE5736F4025DF432 ] tzautoupdate C:\WINDOWS\system32\tzautoupdate.dll
01:36:16.0380 0x12d8 tzautoupdate - ok
01:36:16.0423 0x12d8 [ 42C546414F80BD6C0137FC3A106F8A69, 067FFCAF0059935851888BD984E848E4E1A6CC1941A8F4534067CCF0B2A3B2E6 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
01:36:16.0429 0x12d8 uagp35 - ok
01:36:16.0448 0x12d8 [ 1686DBC81748B096232B15F16C302985, 63D72D1838C42A95599AF3C0B19A069E310ADB091208011D7D6FBAC968D1A59A ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
01:36:16.0454 0x12d8 UASPStor - ok
01:36:16.0480 0x12d8 [ 3995CC3DEDED258768B8EBC2F4C0DC73, 130E99EF13EB494B8BB6A8E037DD8D59C195190EA3C27CA9E3A695AF4349DC7C ] UcmCx0101 C:\WINDOWS\system32\Drivers\UcmCx.sys
01:36:16.0484 0x12d8 UcmCx0101 - ok
01:36:16.0515 0x12d8 [ 1C95F7CE37D9EFB90EBE987A9712356C, B9EE7743ADA50276F05D735C5C29E44039D630A7DC93766A0EAF400DA037E4AF ] UcmUcsi C:\WINDOWS\System32\drivers\UcmUcsi.sys
01:36:16.0519 0x12d8 UcmUcsi - ok
01:36:16.0550 0x12d8 [ AED081772091C98173905E2DF28C223B, 08541CF3354EBB634BD590E0019128F70A6FCA9075B7E785A9E9BD82EC234DD3 ] Ucx01000 C:\WINDOWS\system32\drivers\ucx01000.sys
01:36:16.0562 0x12d8 Ucx01000 - ok
01:36:16.0582 0x12d8 [ DCA34A111C29E4578DF2B8CEA3C7CDBD, 86BCE4C8EC228724D5896067A85A4768B6069D10A482ECC51A8F828DBD3880C9 ] UdeCx C:\WINDOWS\system32\drivers\udecx.sys
01:36:16.0587 0x12d8 UdeCx - ok
01:36:16.0631 0x12d8 [ 718A956AE00CE086F381044AB66CC29C, E4EED1600C72CECE1D4507827C329A93D356BBA027470FCF6C4B5C1651DED643 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
01:36:16.0648 0x12d8 udfs - ok
01:36:16.0674 0x12d8 [ BA760F8E66428BA9FF1E8BFBC6248136, BE7DCBB293B12672CB3653E640C46F669BD738D320F34F4FA4A26F6B248561F0 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys
01:36:16.0677 0x12d8 UEFI - ok
01:36:16.0720 0x12d8 [ 28B8E1C6CBCF9FFE2FABFF3160C26ADF, 1C90E6C4E17C9B5555151943970BB6CC196E7EFC6665D9B9DCBB1EC51C70C715 ] Ufx01000 C:\WINDOWS\system32\drivers\ufx01000.sys
01:36:16.0723 0x12d8 Ufx01000 - ok
01:36:16.0778 0x12d8 [ 2B1DABA97DDF5365FC66EE7DEDD86A13, 2FF3355862938B37EE63FCA149415CE5032BF54747B07517BB21460733B65AD8 ] UfxChipidea C:\WINDOWS\System32\drivers\UfxChipidea.sys
01:36:16.0784 0x12d8 UfxChipidea - ok
01:36:16.0814 0x12d8 [ DB630FC660443D63EBAB2C830C298EFE, 7698772FF9C988DF752DF3FAF1B154E923EBA425B92F288ABB6EF0805ABD3296 ] ufxsynopsys C:\WINDOWS\System32\drivers\ufxsynopsys.sys
01:36:16.0822 0x12d8 ufxsynopsys - ok
01:36:16.0864 0x12d8 [ 63451BD694651307254B8DD37A3D79C7, C781E2D876AF42D5972CCDCF86B7A59F6AF8AF0C6350647F3FA1B209119B5EF9 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
01:36:16.0872 0x12d8 UI0Detect - ok
01:36:16.0900 0x12d8 [ 6DE78C04BF32ECA7AF3064F53687C9A5, 164D3BB24EBA3EAF613799928063FE75220A4E583D985F53A895017782C18600 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
01:36:16.0908 0x12d8 uliagpkx - ok
01:36:16.0938 0x12d8 [ 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4, BA2E6F16B6B3B54C943F1E7B9F79A6D1332A7ED228D754CC5AE70E3CD78B1F37 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
01:36:16.0942 0x12d8 umbus - ok
01:36:16.0963 0x12d8 [ 11680607944A719EF20E0E740785712A, 1567C2B3AAD702DCC2DC9C6B7B92EE5B681C06701A39DAC3AA7E2BE9E1E04F47 ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
01:36:16.0965 0x12d8 UmPass - ok
01:36:17.0013 0x12d8 [ FD949725D9EB52C0B87435CDE1134668, 96E2B3D3379E9AE225E5A4C5251207F1E7DA573901F4F026758EDE9FAEF4F2C5 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
01:36:17.0033 0x12d8 UmRdpService - ok
01:36:17.0140 0x12d8 [ CB902A15DD21B363FECA5DCCF34F5C57, 6A0836A12A410EBD5C667982852B58CA9E9EDB11EA666C413CC0F811E01A549D ] UnistoreSvc C:\WINDOWS\System32\unistore.dll
01:36:17.0211 0x12d8 UnistoreSvc - ok
01:36:17.0287 0x12d8 [ B85A8CF2BE74DFF1E80097AC94584112, B1DBACC33A4143FEE2CF54E567590A69580312AD7A053BCC85B487C4D451FBDA ] upnphost C:\WINDOWS\System32\upnphost.dll
01:36:17.0315 0x12d8 upnphost - ok
01:36:17.0350 0x12d8 [ 2410A0C20D21A25E6C01979FA886BE90, DD3F92D8CF110D47B9E36BA0EB10EB34C0FDD28FE0D57E4B60F9326703388F75 ] UrsChipidea C:\WINDOWS\System32\drivers\urschipidea.sys
01:36:17.0354 0x12d8 UrsChipidea - ok
01:36:17.0374 0x12d8 [ 6E59CE43B6BA5AA1ADCF36A4DBBB92BB, 647D66775A90F67D803043DE8C8AE8BC2F7A042A8DCF9C95BF5458C79609481B ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
01:36:17.0378 0x12d8 UrsCx01000 - ok
01:36:17.0402 0x12d8 [ E8A59FA109A22FC07E44BDFCC9727DBD, 0DC5928C0FF7E5B38917660D6EFECCC22172DB0BB9B23216F33E750790529C16 ] UrsSynopsys C:\WINDOWS\System32\drivers\urssynopsys.sys
01:36:17.0407 0x12d8 UrsSynopsys - ok
01:36:17.0446 0x12d8 [ D8A44550ECE102B6443F5D54DCE7DAB3, 97F5AE7B17DAC4A4F3186C77116BC8E49874FB0018C99D8E2CDA29D89E8B0912 ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
01:36:17.0456 0x12d8 usbccgp - ok
01:36:17.0483 0x12d8 [ 66B3D22DAB5312FF238ABF5C6D9F8FAB, 4A644AFC1C27D692D352BEB8801398A00EA5B4055476063AF905A0A46DDBF8BB ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
01:36:17.0490 0x12d8 usbcir - ok
01:36:17.0519 0x12d8 [ 3E4F20DB902D2E2914F3FF3DB9772200, F3D32BE06A26164B5F6E8DB67160D1DBBDC6D14666EEF84EA43C78CB7706E31C ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
01:36:17.0526 0x12d8 usbehci - ok
01:36:17.0554 0x12d8 [ 5A4AC5D05A7C97C68596416C05D6F2B4, 1CDE5172B763D2D65379B9F3ABACC080AF676DB9354EC98A455E620C4CE3E18A ] usbfilter C:\WINDOWS\system32\DRIVERS\usbfilter.sys
01:36:17.0559 0x12d8 usbfilter - ok
01:36:17.0610 0x12d8 [ 41F7F00D76904416EF1F9EFA1A4C37A2, 7A4250EB2E2E0037B3AE1480C13B229ECFF5C575E68E4F934EE011DB1833B46A ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
01:36:17.0636 0x12d8 usbhub - ok
01:36:17.0698 0x12d8 [ B7E1CAA9429E4C3E7E01CB35B97E1536, 11A6431C27821F247202AC9F18441FEA26544630461522C129F1671257C527BA ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
01:36:17.0726 0x12d8 USBHUB3 - ok
01:36:17.0757 0x12d8 [ DAB35CCA86F5FBE77D870A40089BC4A1, 4A47D59D882D0F2B93F2EE7F10995E7D68B58009434E2CBD04C659E0D1F059D8 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
01:36:17.0760 0x12d8 usbohci - ok
01:36:17.0796 0x12d8 [ 21162F65C7756AAECAEBED9E67D0A5FE, DE3B43964171DB5B0464DA5E7A674A5D200A8695E6EF1AE2030681066ABA2688 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
01:36:17.0799 0x12d8 usbprint - ok
01:36:17.0841 0x12d8 [ F259A45D6B555B14CC8365AA6BC8DC20, 28A588656449307F6E9C999BE5D73E34A2542A5771F4B504D9D36B9F93F32303 ] usbser C:\WINDOWS\System32\drivers\usbser.sys
01:36:17.0846 0x12d8 usbser - ok
01:36:17.0884 0x12d8 [ 8949F77132A4F8F3BA17C6727099F002, 86AD4A2263B34983335180FDAE775D1744E042D2A11300D27DF546F15F285A25 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
01:36:17.0892 0x12d8 USBSTOR - ok
01:36:17.0921 0x12d8 [ 8B3E458A8851F9A3B2109B1680EE1159, 753AC8F82F65564F00EA2F60B43E4B815FEAABE0DA35B6356210A5F4B1CA3EFC ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
01:36:17.0924 0x12d8 usbuhci - ok
01:36:17.0965 0x12d8 [ 4B13B61CBB9CC3CB373C60B930D648F5, C79D10A1BF2B6BF141DD37A90BCCA0E1F2AF31B5028BB21537A8EE6EED630F5B ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
01:36:17.0978 0x12d8 usbvideo - ok
01:36:18.0035 0x12d8 [ 9E9D58F5E1702955B2F4D62996F80E8E, 6C21C250B9D98346D0D5CB7D6C11AB120A1D195C28313BDB0CE532663F0114E2 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
01:36:18.0055 0x12d8 USBXHCI - ok
01:36:18.0173 0x12d8 [ 2771EBB565F5C121E66060B173991D4D, 1EB34A6262A18E47ADCA392FDB2D58E8428A1CA43EB4196D76A897F74A03CA7F ] UserDataSvc C:\WINDOWS\System32\userdataservice.dll
01:36:18.0255 0x12d8 UserDataSvc - ok
01:36:18.0376 0x12d8 [ 36EC82F0E399F36BD25F593D63DC144A, 2A9E916A098ACD5A5074A5FD053ECAB027A0932A348C728F20CD63EF16289533 ] UserManager C:\WINDOWS\System32\usermgr.dll
01:36:18.0432 0x12d8 UserManager - ok
01:36:18.0483 0x12d8 [ 05F4CB5991D897E4253BF61FA5E828F8, 25B5B6751B4455491E9A050DF5C12F788B5677F70FB4844E0BF851090AC1F74C ] UsoSvc C:\WINDOWS\system32\usocore.dll
01:36:18.0507 0x12d8 UsoSvc - ok
01:36:18.0526 0x12d8 [ 889459F1FDDC5EC58B437AA6C436F33F, 8ACC32C88D81943A8A90FDAF4772C3EDE06CAB5F489F59525BEA7AAB99DAAE73 ] VaultSvc C:\WINDOWS\system32\lsass.exe
01:36:18.0532 0x12d8 VaultSvc - ok
01:36:18.0571 0x12d8 [ E1BE37312785A71862516F66B3FD24CE, D248C513DBEACB192653C6E46809209F341771B146544BBF43B86369280B4F8B ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
01:36:18.0576 0x12d8 vdrvroot - ok
01:36:18.0648 0x12d8 [ 67A6E949395A09914AD8B38FE14B8D15, 593F2FAA880B2E0468F98BD58B5214A170E5890907B25294D7A47C66505A3D45 ] vds C:\WINDOWS\System32\vds.exe
01:36:18.0689 0x12d8 vds - ok
01:36:18.0723 0x12d8 [ E42C0F2850735FF9D908B9DB581E6314, E2204A56BF37FC57CD2ED96E3F908882D72B4BFF1BFB97C5172C851F1E4F9650 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
01:36:18.0733 0x12d8 VerifierExt - ok
01:36:18.0790 0x12d8 [ EC15FD6A28757793E2DA394CD94ABD52, DC758BBEE9C6952D7B3F7171EF67B037B4068E88189A2C4A894122D1D1209468 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
01:36:18.0829 0x12d8 vhdmp - ok
01:36:18.0866 0x12d8 [ D0C9632C350F46786643A069251BC249, CF65BA0D3F3D2B821C10E2D4F53F5B6BF6236CA9767419392A561CFA79254C3B ] vhf C:\WINDOWS\System32\drivers\vhf.sys
01:36:18.0870 0x12d8 vhf - ok
01:36:18.0898 0x12d8 [ E886CB75DA2B6EB35469EF10135624C7, 3AFC59A0709B984F517A918D5BBEBEB1C80001BEC87C133447DCEAEDE00E516D ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
01:36:18.0905 0x12d8 vmbus - ok
01:36:18.0922 0x12d8 [ 46D2EC27820EC0F798F85821E53C2942, D298A7D6AC16F76A069F843C8DD323ECB340D361733CB9B076BCDE8FC5F1FEFC ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
01:36:18.0922 0x12d8 VMBusHID - ok
01:36:18.0998 0x12d8 [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
01:36:19.0030 0x12d8 vmicguestinterface - ok
01:36:19.0070 0x12d8 [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
01:36:19.0098 0x12d8 vmicheartbeat - ok
01:36:19.0135 0x12d8 [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
01:36:19.0164 0x12d8 vmickvpexchange - ok
01:36:19.0201 0x12d8 [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
01:36:19.0229 0x12d8 vmicrdv - ok
01:36:19.0266 0x12d8 [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
01:36:19.0295 0x12d8 vmicshutdown - ok
01:36:19.0332 0x12d8 [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
01:36:19.0361 0x12d8 vmictimesync - ok
01:36:19.0399 0x12d8 [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvmsession C:\WINDOWS\System32\ICSvc.dll
01:36:19.0428 0x12d8 vmicvmsession - ok
01:36:19.0467 0x12d8 [ 9AFCCEBFC4D311B62EF0C5457FBB405C, 965736DD97D7BF23AA62D4DFB4563534B252E26C66A3FDD1461024FD2315C53A ] vmicvss C:\WINDOWS\System32\ICSvc.dll
01:36:19.0496 0x12d8 vmicvss - ok
01:36:19.0525 0x12d8 [ B9265F47E7A354BAAA0AF5CBA3F8F7CE, F836E7BEDC7CAB1C01225164D171A0210D8F909F52992E4C0BF3C92B365BCD52 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
01:36:19.0531 0x12d8 volmgr - ok
01:36:19.0570 0x12d8 [ BEE9C8B72AB752B794F69C2B9B3678AA, 49A5093C26F3CDCD60577F7F2D7F936C7B2BD010B27F2C49A7B6AA41E42DF98D ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
01:36:19.0589 0x12d8 volmgrx - ok
01:36:19.0628 0x12d8 [ E1F91A727A04C9F8199D04FF3BBBF63C, 076CAEE621DBF7DE24ED92BA239C440879FDB674CF3213DF3E35AEC03D0D2031 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
01:36:19.0650 0x12d8 volsnap - ok
01:36:19.0679 0x12d8 [ F7B1B1101271E31F43CC76E890704F51, 2282D82B220C3D13FF980ED8E40443C83816D3DA9557EACEA137873F92BB9CF4 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
01:36:19.0684 0x12d8 vpci - ok
01:36:19.0712 0x12d8 [ D48ED0A08BD2FD25A833E6AC99623091, 6CA7580878D3893E14B4938023A00CDFC9BE215A0CE4ED59A94F95DFD9FDF4D8 ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
01:36:19.0721 0x12d8 vsmraid - ok
01:36:19.0838 0x12d8 [ 4CF5A1E0C4FCA956ACD6C654E2A8610E, 57F3C7200C25E8717AF92AF2ED7615C6605179D3514B432220FA6EA94CAB4F2E ] VSS C:\WINDOWS\system32\vssvc.exe
01:36:19.0916 0x12d8 VSS - ok
01:36:19.0961 0x12d8 [ 6990D4AFDF545669D4E6C232F26DE1FB, 9B8F99A035188FD96BA79E935E8EF387BEA2223ECA0B74CF64AB993DABAA5722 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
01:36:19.0978 0x12d8 VSTXRAID - ok
01:36:20.0008 0x12d8 [ 1EE11F0508C58EF081F4176E66D6970B, 9069B3FC8850C7CF617909C6DBFC3753FEB59A9E708379CC57190F4097FB374E ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
01:36:20.0011 0x12d8 vwifibus - ok
01:36:20.0031 0x12d8 [ 938E4EF58E42D252B742B0E243011B90, AC0C21FBAF15924CB271CA43ACB7A86287936C78B4852BCFC59EC7EC703E036C ] vwififlt C:\WINDOWS\system32\drivers\vwififlt.sys
01:36:20.0037 0x12d8 vwififlt - ok
01:36:20.0060 0x12d8 [ 3BE5AAC930447FD18D4A8255A2FEC95C, A517357188FE4A5BD98A3CDB2165ACCE96CCE4BE2B90DDBEAF70B6DDF393F506 ] vwifimp C:\WINDOWS\System32\drivers\vwifimp.sys
01:36:20.0063 0x12d8 vwifimp - ok
01:36:20.0127 0x12d8 [ 48C1A256591297C43ECFC4E30D144EAA, 8E66833ED2CEB6D7E499EB2E4282B4F9DFA28B6D21757BB88EC52FD069D7FACE ] W32Time C:\WINDOWS\system32\w32time.dll
01:36:20.0158 0x12d8 W32Time - ok
01:36:20.0218 0x12d8 [ CDA9A00B16808D7A5BBB66287B89EE21, B25F98F26B0153E5DD5C744539CB6ACAFAA13E0F7B5D140C1844158B79BC9006 ] w3logsvc C:\WINDOWS\system32\inetsrv\w3logsvc.dll
01:36:20.0224 0x12d8 w3logsvc - ok
01:36:20.0261 0x12d8 [ 00C27B64C758C111E5D78A70DE6CA2B6, C99761B9B671B3A1FF1C52796CCA3F4F825BF50D9657D13B551E849CDD82055D ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
01:36:20.0266 0x12d8 WacomPen - ok
01:36:20.0331 0x12d8 [ D76D1AC4F2C642D09A68227D129A4726, D14D6C4D94E9660848C74B220359683D91A4A3D70750E781A20B6D86D46794CE ] WalletService C:\WINDOWS\system32\WalletService.dll
01:36:20.0361 0x12d8 WalletService - ok
01:36:20.0387 0x12d8 [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:36:20.0392 0x12d8 wanarp - ok
01:36:20.0406 0x12d8 [ 8CB53620B2C2F0641DD7563EA0FDF491, D62FE75C908409A54949F0E3C39558DC7A8F11AF7496ED7B0872D80D08CB67A7 ] wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:36:20.0412 0x12d8 wanarpv6 - ok
01:36:20.0480 0x12d8 [ 1430B095A4DF52C04BDBC31C861C9324, B686C97D13CE966D44A7695BE78A4501F96CF8E69B24AFFE6C8E643132BB8861 ] WAS C:\WINDOWS\system32\inetsrv\iisw3adm.dll
01:36:20.0510 0x12d8 WAS - ok
01:36:20.0637 0x12d8 [ 2598BBF11C9E7D0885DCA52E7FD5BCBD, 46B1FB080A2CD88C89A0EB8BA2594A1FA2C341ED77A6C6835CBFFE42907FAC55 ] wbengine C:\WINDOWS\system32\wbengine.exe
01:36:20.0721 0x12d8 wbengine - ok
01:36:20.0788 0x12d8 [ 642EFABF900374FA85639D83B5533AFD, 292692D6AAC2A785D237ADFBC7CA3D379E8FC79FA366A8CE7D06F5CA5CE6866B ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
01:36:20.0825 0x12d8 WbioSrvc - ok
01:36:20.0889 0x12d8 [ E9A0D466F6D8EC349DB526146618BCB6, CFD6F3F979E4366A68FBEC3BE90A42BF3D65403A987E80741A720C0622871F32 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
01:36:20.0925 0x12d8 Wcmsvc - ok
01:36:20.0982 0x12d8 [ 53A036CED1270F2459E708A05922FD49, 2F281A72E4B0408DE6C8153F5988C9AA38591FB1E72558767D389637D0666A85 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
01:36:21.0011 0x12d8 wcncsvc - ok
01:36:21.0032 0x12d8 [ 965B6197A659782B6A0F68411A180AAD, 5541AB78B71E4FA655BCBF2D80D574B2A3B4AA8871F65D26620BDE549FA5459A ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
01:36:21.0041 0x12d8 WcsPlugInService - ok
01:36:21.0067 0x12d8 [ 069D3D6E20AD753B34FCE856F0436869, CF8C12295DDAA56E7350019AADBA533D7857CFB3F20DEE14E557963645A9331B ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
01:36:21.0072 0x12d8 WdBoot - ok
01:36:21.0140 0x12d8 [ 6CC727E94CD84E9720FDCDA8089CABCC, BCF66056B06DED6BC2D329E910FCD3E685D627BAD3B5D7F4B0E970B45CD9CEF4 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
01:36:21.0181 0x12d8 Wdf01000 - ok
01:36:21.0232 0x12d8 [ E3E97151A1D1E87BB2D5371F66C5F169, 0ED0B9852FE0533816F5EE2F06045B3964A00FD749A7011DB3C663AB6FA369E2 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
01:36:21.0247 0x12d8 WdFilter - ok
01:36:21.0280 0x12d8 [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
01:36:21.0292 0x12d8 WdiServiceHost - ok
01:36:21.0306 0x12d8 [ 75DC67553051103547B693898CB32D08, 4FCF2C3DBBE85461364B1F3A3F3629B52C8664487D30142D15937A4C96EF6A8F ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
01:36:21.0317 0x12d8 WdiSystemHost - ok
01:36:21.0398 0x12d8 [ 2BC2E99623119521EEF7910A11D0FDE0, 3F3E48A79534F0F65F961D9B170D534562E04901B630127B16DF02E6D42F2BBF ] wdiwifi C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
01:36:21.0434 0x12d8 wdiwifi - ok
01:36:21.0470 0x12d8 [ 07B043160399AF4009054E2EA3464BF4, 8D652D7CD75F8FB2B5414155355F0C970015914E1AC6522DBB8387BB8662F542 ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys
01:36:21.0477 0x12d8 WdNisDrv - ok
01:36:21.0524 0x12d8 WdNisSvc - ok
01:36:21.0572 0x12d8 [ 9972D395DBD05D91DA5EDADEB9325680, 9382D846793F285721A1A0FED42F914035A53D856B902FADB0B7144C471BDA91 ] WebClient C:\WINDOWS\System32\webclnt.dll
01:36:21.0590 0x12d8 WebClient - ok
01:36:21.0629 0x12d8 [ B6BF579761489720BCE787F723F596E5, 879B17F6A4F23F5E85A09126B7B407955DDCEB1BA4A8FFC0A418B7F47311C056 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
01:36:21.0645 0x12d8 Wecsvc - ok
01:36:21.0668 0x12d8 [ 10C9CF8771A2A87F575F9FB56821474E, 15E3DFFE9CF6777F67E426ECF797D2DF743EA152DEE336DCC9C2F92A0E6EB9A3 ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
01:36:21.0676 0x12d8 WEPHOSTSVC - ok
01:36:21.0708 0x12d8 [ 357C083FE35D030D991D163AAF622A06, F301852D49DBDEF0D28F56CD74CBDC71CA003EBD07D3F46EA5C870DC1BD07896 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
01:36:21.0719 0x12d8 wercplsupport - ok
01:36:21.0743 0x12d8 [ 2235AF716D15D9DFE4C59DC2AC0C440C, 2DCFCEBEA77E7E40CEF9A785BE1A794B390B36E40FBCF49B494F9CEA3F6A28C4 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
01:36:21.0757 0x12d8 WerSvc - ok
01:36:21.0784 0x12d8 [ C11272713719922DE5711094333BD166, 61D4F07E02AECF04964FF51EEA31069A2B0EAA549AD2B29B5FD3E1E6BB543593 ] WFPLWFS C:\WINDOWS\system32\drivers\wfplwfs.sys
01:36:21.0794 0x12d8 WFPLWFS - ok
01:36:21.0822 0x12d8 [ 205A1FAE910F5C493D236245850BB62A, DBA4D1D734BAA3CDEB8A7F9C81A8DAA88CEA55AF5C4C5908E76FB8E522C5EC8A ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
01:36:21.0832 0x12d8 WiaRpc - ok
01:36:21.0870 0x12d8 [ EF536C54AB9281FDC4E83B07279FCFC4, 22E4F133170682EE14413CA8FDC2DBE73AB31960D6ACB728A6B398229FDDFD3B ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
01:36:21.0873 0x12d8 WIMMount - ok
01:36:21.0881 0x12d8 WinDefend - ok
01:36:21.0932 0x12d8 [ D8966A76408107224C6013993135DD78, 6159F69BC26FF817078E68C70E6DFC9075FEBF9EF9F4F046C7A65BC377544AE6 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
01:36:21.0939 0x12d8 WindowsTrustedRT - ok
01:36:21.0955 0x12d8 [ 8B102A7B6CE326FD4208CC7C2D183343, E47C1D76CBFD2A382C3A7BB048D752FB6DD4616FADDEB1C3ADD5DDAE149742AF ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
01:36:21.0957 0x12d8 WindowsTrustedRTProxy - ok
01:36:22.0032 0x12d8 [ FFD04E8263FC9CDB89BAD8C27C337223, 7021161D354F1536DA261D001524B92301466631DCFA161A7C6355AAC86BBE40 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
01:36:22.0078 0x12d8 WinHttpAutoProxySvc - ok
01:36:22.0104 0x12d8 [ 4A53441C1C4D2878BEF27E381138BB2D, C221E74491E6FD2AF472B53876B46788D5CF62F4E645457F3B3816FD0ED2BAA1 ] WinMad C:\WINDOWS\System32\drivers\winmad.sys
01:36:22.0107 0x12d8 WinMad - ok
01:36:22.0166 0x12d8 [ 1033C37122C7404C3B926ADF84874832, 163B3A7112F13AE7BB2655A28C6B19AF9B263F2AD2FF1B75314BE3E2B9118903 ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
01:36:22.0180 0x12d8 Winmgmt - ok
01:36:22.0366 0x12d8 [ 703D0F62C5AA4D08EE8756516C0D125D, 02015A5E62490C11EC968160C528C2AFD1D7194AACA27F407B06EB462657511F ] WinRM C:\WINDOWS\system32\WsmSvc.dll
01:36:22.0498 0x12d8 WinRM - ok
01:36:22.0554 0x12d8 [ 260907CE034FE327AC99BDA4153AB22F, B96501F43248713C2E153B9D22B78D51412A3C6989A2FB5F53A406C6CDC98D30 ] WINUSB C:\WINDOWS\System32\drivers\WinUSB.SYS
01:36:22.0558 0x12d8 WINUSB - ok
01:36:22.0582 0x12d8 [ 40A3E8D729F458B2C9A8BD9380FF83D5, CD42FFC138969EF8C9588FD113F0B9A98FBA282D46A5B6BCFA765F55ED6E97A1 ] WinVerbs C:\WINDOWS\System32\drivers\winverbs.sys
01:36:22.0587 0x12d8 WinVerbs - ok
01:36:22.0626 0x12d8 [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys
01:36:22.0629 0x12d8 WirelessButtonDriver - ok
01:36:22.0783 0x12d8 [ 453740989239803FE363FF8B40EA2E08, 25499705627C38D3431B3C336E0CF3BF55ABB0C461B88DA6D3767CAAE1E2B893 ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
01:36:22.0895 0x12d8 WlanSvc - ok
01:36:23.0050 0x12d8 [ E48BBF1363F843E030757EC190DD33E6, B37199495115ED423BA99B7317377CE865BB482D4E847861E871480AC49D4A84 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
01:36:23.0158 0x12d8 wlidsvc - ok
01:36:23.0182 0x12d8 [ 8F010BF65238F3F822D22BA12831796E, 2CA830F259B742D2F5CDD0437960BF512D40FB4A4C2342E3BABB38D468F79694 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
01:36:23.0185 0x12d8 WmiAcpi - ok
01:36:23.0236 0x12d8 [ 74ACA5A7880C1F0BB9D60E32E1705A70, A89817BCCBFF94D7394614DA81D1C6C4F53AF47A539E674EEF6DC3FC496BF702 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
01:36:23.0248 0x12d8 wmiApSrv - ok
01:36:23.0271 0x12d8 WMPNetworkSvc - ok
01:36:23.0310 0x12d8 [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof C:\WINDOWS\system32\drivers\Wof.sys
01:36:23.0321 0x12d8 Wof - ok
01:36:23.0478 0x12d8 [ 4090C6738AA92B428220857B4D44F638, 4A3EE47494051E5BA8393F2AC8226EF434DA3AA1895CF4BADC9BC1BC378647C6 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll
01:36:23.0579 0x12d8 workfolderssvc - ok
01:36:23.0620 0x12d8 [ 22C52D7EE7C7D0E02C8EFD8CAE8E3A71, 126605A12CEC9CC07DE3050F12E43CECABEAF0D00DF12300AF70F34700F7FE8E ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
01:36:23.0624 0x12d8 wpcfltr - ok
01:36:23.0646 0x12d8 [ D282ECA35ADAC7A93D6B4943E775010B, A76A9698A95646FA63AC18DFFA02B744D7C6043934CBF6C37832ED2E6B21F570 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
01:36:23.0658 0x12d8 WPDBusEnum - ok
01:36:23.0686 0x12d8 [ 1C08E424CBDD5065BB7266F8C048C1B1, 0452C85EDA6CBAB75C2617886C5D8117ED25D91F1BE0F8377B08D55B6629B028 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
01:36:23.0689 0x12d8 WpdUpFltr - ok
01:36:23.0723 0x12d8 [ 2C6EEFFBB7FB1C51CCD3737C77AB9109, 8C2ED309FAF4312512E7BCCBBC51B1353603A3499077A1DE21991F0692AF1620 ] WpnService C:\WINDOWS\system32\WpnService.dll
01:36:23.0732 0x12d8 WpnService - ok
01:36:23.0757 0x12d8 [ 638B43D39A3D0B47024555CF1095E6F1, C7EA0A6ED227A5256EB02CA76FEC538DF196B8DC38DA2A567757D2B221C9473E ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
01:36:23.0759 0x12d8 ws2ifsl - ok
01:36:23.0796 0x12d8 [ 9C17CF2D05F8DA5AC66880B6BEE64E7D, 8930079A1AFA97657BE567038EE57C988D3DE9A6C24EA46160E2974837082535 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
01:36:23.0812 0x12d8 wscsvc - ok
01:36:23.0824 0x12d8 WSearch - ok
01:36:24.0070 0x12d8 [ 6E04BBE242E2889B37300C4DF5CE1126, FBDAEAC62C48A4FC5EF412AE47FF10590AE83E8871412F76F6F9BAE910542DFA ] WSService C:\WINDOWS\System32\WSService.dll
01:36:24.0250 0x12d8 WSService - ok
01:36:24.0463 0x12d8 [ 3D0DE8170ECCEC20CBF205D79C535BA1, 9249A420B9024AB3B18D7E4DAC20E2080E0759C620F46D37D467DC25A77F2025 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
01:36:24.0585 0x12d8 wuauserv - ok
01:36:24.0630 0x12d8 [ A928F25CB62232F413EE655352856E10, 1D2B278A24DDDE8792ADE7649FF90A98E186B79F13AA296C30E4180293BE906A ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
01:36:24.0637 0x12d8 WudfPf - ok
01:36:24.0671 0x12d8 [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFRd C:\WINDOWS\system32\drivers\WudfRd.sys
01:36:24.0683 0x12d8 WUDFRd - ok
01:36:24.0721 0x12d8 [ 1336DA39FE006EAB2733CA4DE5B3560C, F0D6C71ADCB66D4D14EC6D09FD43F5521A3A8CA53F248DFD01696FB4F033BE77 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
01:36:24.0733 0x12d8 wudfsvc - ok
01:36:24.0756 0x12d8 [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
01:36:24.0769 0x12d8 WUDFWpdFs - ok
01:36:24.0791 0x12d8 [ A932391623D5CEC4EF4A2A17D3CEBFCD, 54AA17F385347DED262BDA84F2D99106DC5D9BF8765D647BD76265356193BDFA ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
01:36:24.0803 0x12d8 WUDFWpdMtp - ok
01:36:24.0909 0x12d8 [ 7F7591CCC146EC7D9EB77C1277D605F4, 80D6D45BD3C3C7F79BFA98B864CBFA443245416ED64C0BC16E9E7C8C5E958AFB ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
01:36:24.0976 0x12d8 WwanSvc - ok
01:36:25.0077 0x12d8 [ 5DFAF8BE5A3CABAABF6795BC09EB7876, 1AFD0BC50EA5C2CCB2874E97FE5205175C80849BD6C9BDAF9FBC49174D478997 ] XblAuthManager C:\WINDOWS\System32\XblAuthManager.dll
01:36:25.0130 0x12d8 XblAuthManager - ok
01:36:25.0229 0x12d8 [ 7118498F6E48758A2EF5A7D1982E2B62, 1FF75AE64CB6DB263E8B35515E092B325AA71A6B2210F8F2B0AD087B3BA33345 ] XblGameSave C:\WINDOWS\System32\XblGameSave.dll
01:36:25.0294 0x12d8 XblGameSave - ok
01:36:25.0342 0x12d8 [ F279536122B83FD0D8E158AA753E1B7C, 6A542F28E24B30DBDC2EEE24DA33C2F4ADB3596AEDDD71DC1495DD40577CE4BB ] xboxgip C:\WINDOWS\System32\drivers\xboxgip.sys
01:36:25.0355 0x12d8 xboxgip - ok
01:36:25.0450 0x12d8 [ 69E727F94BEA64E66C284F3C482F33E6, B3E0F287E7A251E0FC17C41089C45737027E54F0213BDE847356AC882B4D3700 ] XboxNetApiSvc C:\WINDOWS\system32\XboxNetApiSvc.dll
01:36:25.0508 0x12d8 XboxNetApiSvc - ok
01:36:25.0543 0x12d8 [ DA0807D87A62D076C29C4E30F1E84F46, CA3079350038091AEE04D4DA7C06865E9DB3095120AE61AAB575AA77E86A6223 ] xinputhid C:\WINDOWS\System32\drivers\xinputhid.sys
01:36:25.0546 0x12d8 xinputhid - ok
01:36:25.0583 0x12d8 ================ Scan global ===============================
01:36:25.0625 0x12d8 [ 82E25186617BA6C15010F0D47C705705, 5BF9E38918E6EAE86448137E2D120B80318AA1143CDDF539A2BFBEE227646816 ] C:\WINDOWS\system32\basesrv.dll
01:36:25.0666 0x12d8 [ E2899695BD30B5F93EC626EBBEF2CB69, B190D2903A109D2C146D881F90769060A0E971942F4AA61AEAD81861032D89C3 ] C:\WINDOWS\system32\winsrv.dll
01:36:25.0720 0x12d8 [ 09E92888FFF86F3334E59778724DCA6F, 2344763B52395EF565A9DE5F55BEDCA026AD2E8072FFD06F826BF366B3BA2AB4 ] C:\WINDOWS\system32\sxssrv.dll
01:36:25.0775 0x12d8 [ 6FF8248F3A9D69A095C7F3F42BC29CB2, 9077B1AA0AFB8DB329FDED0E51085DE1C51B22A986162F29037FCA404A80D512 ] C:\WINDOWS\system32\services.exe
01:36:25.0804 0x12d8 [ Global ] - ok
01:36:25.0805 0x12d8 ================ Scan MBR ==================================
01:36:25.0823 0x12d8 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
01:36:25.0846 0x12d8 \Device\Harddisk0\DR0 - ok
01:36:25.0847 0x12d8 ================ Scan VBR ==================================
01:36:25.0853 0x12d8 [ 8040C688916DDA16F2879ABD1B3A7501 ] \Device\Harddisk0\DR0\Partition1
01:36:25.0920 0x12d8 \Device\Harddisk0\DR0\Partition1 - ok
01:36:25.0936 0x12d8 [ DDE5B104A4133FE1B326A748F90DEBE9 ] \Device\Harddisk0\DR0\Partition2
01:36:26.0004 0x12d8 \Device\Harddisk0\DR0\Partition2 - ok
01:36:26.0020 0x12d8 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
01:36:26.0021 0x12d8 \Device\Harddisk0\DR0\Partition3 - ok
01:36:26.0032 0x12d8 [ 3676055EBA97BB556C08E51CE78519F2 ] \Device\Harddisk0\DR0\Partition4
01:36:26.0105 0x12d8 \Device\Harddisk0\DR0\Partition4 - ok
01:36:26.0136 0x12d8 [ F45A35A3F4991B3BF27960AD014A9C47 ] \Device\Harddisk0\DR0\Partition5
01:36:26.0154 0x12d8 \Device\Harddisk0\DR0\Partition5 - ok
01:36:26.0170 0x12d8 [ 3A847A2D817016FC80E6C518459DD5D4 ] \Device\Harddisk0\DR0\Partition6
01:36:26.0180 0x12d8 \Device\Harddisk0\DR0\Partition6 - ok
01:36:26.0182 0x12d8 ================ Scan generic autorun ======================
01:36:26.0715 0x12d8 [ B40BD1D06E8BF04355A0B954936EC62F, 1C28B994A9BE8F1A53E1B8A3B8F8B33B17E8E964532B87B9BC30F81A2B9840B3 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
01:36:27.0205 0x12d8 RTHDVCPL - ok
01:36:27.0856 0x12d8 [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
01:36:28.0366 0x12d8 OneDriveSetup - ok
01:36:28.0950 0x12d8 [ 88F8A731DEA7F49D92F84A0A77C5CC67, 030458922DA43AAF6C95EC430860A73032616851E03E58170F71E918720717CB ] C:\Windows\SysWOW64\OneDriveSetup.exe
01:36:29.0291 0x12d8 OneDriveSetup - ok
01:36:29.0322 0x12d8 Waiting for KSN requests completion. In queue: 200
01:36:30.0323 0x12d8 Waiting for KSN requests completion. In queue: 200
01:36:30.0544 0x00b0 Object required for P2P: [ 7C58AFEC26E9F7730A8AA7FD40225937 ] sppsvc
01:36:31.0330 0x12d8 Waiting for KSN requests completion. In queue: 172
01:36:31.0995 0x00b0 Object send P2P result: true
01:36:32.0003 0x00b0 Object required for P2P: [ F709B53D7263C28FDFEED5D6C48AE9CB ] SynTPEnhService
01:36:32.0330 0x12d8 Waiting for KSN requests completion. In queue: 149
01:36:33.0331 0x12d8 Waiting for KSN requests completion. In queue: 149
01:36:33.0410 0x00b0 Object send P2P result: true
01:36:33.0410 0x00b0 Object required for P2P: [ 34A3EB84B2A830E6F450B8F885AE4E6E ] SysMain
01:36:34.0331 0x12d8 Waiting for KSN requests completion. In queue: 148
01:36:34.0814 0x00b0 Object send P2P result: true
01:36:34.0834 0x00b0 Object required for P2P: [ 4CF5A1E0C4FCA956ACD6C654E2A8610E ] VSS
01:36:35.0332 0x12d8 Waiting for KSN requests completion. In queue: 69
01:36:36.0332 0x12d8 Waiting for KSN requests completion. In queue: 69
01:36:37.0332 0x12d8 Waiting for KSN requests completion. In queue: 69
01:36:38.0333 0x12d8 Waiting for KSN requests completion. In queue: 69
01:36:39.0178 0x00b0 Object send P2P result: true
01:36:39.0197 0x00b0 Object required for P2P: [ B40BD1D06E8BF04355A0B954936EC62F ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
01:36:39.0333 0x12d8 Waiting for KSN requests completion. In queue: 3
01:36:40.0334 0x12d8 Waiting for KSN requests completion. In queue: 3
01:36:40.0678 0x00b0 Object send P2P result: true
01:36:41.0369 0x12d8 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x61100 ( enabled : updated )
01:36:41.0464 0x12d8 Win FW state via NFP2: enabled ( trusted )
01:36:42.0639 0x12d8 ============================================================
01:36:42.0639 0x12d8 Scan finished
01:36:42.0639 0x12d8 ============================================================
01:36:42.0675 0x15f4 Detected object count: 0
01:36:42.0675 0x15f4 Actual detected object count: 0
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: I think I could be infected help please!!!

Unread postby Gary R » April 20th, 2016, 10:31 am

There's no sign of infection in your TDSSKiller log, and since nothing has been detected by any of the other scans we've run then I'm fairly confident that your computer is clean.

Do you connect to the internet using any other computers or devices ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: I think I could be infected help please!!!

Unread postby rmrrar » April 20th, 2016, 12:02 pm

No I havent, thats what is weird I dont know what the drive (z) came from nor do I have acess to it . Weird and I got this error in my browser today not sure what this means either.-

Server Error in '/' Application.
Parser Error
Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your source file appropriately.
Parser Error Message: The base class includes the field 'r1', but its type (System.Web.UI.HtmlControls.HtmlInputRadioButton) is not compatible with the type of control (System.Web.UI.HtmlControls.HtmlInputCheckBox).
Source Error:
Line 31: <h3 class="top" style="display:inline;">Shipping information</h3>
Line 32: <div class="checkit" style="display:inline;">
Line 33: &nbsp;<span class="box"><input runat="server" id="r1" type="checkbox" /></span>
Line 34: <p> Same as billing information</p>
Line 35: </div>
Source File: /register.aspx Line: 33
Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.17929
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: I think I could be infected help please!!!

Unread postby rmrrar » April 20th, 2016, 2:36 pm

I also just noticedf that the drive I mention ed is now gone from my computer ? Dont know where it couldve gone. Thoughts ?
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: I think I could be infected help please!!!

Unread postby Gary R » April 20th, 2016, 5:05 pm

The error you got just looks like an incorrectly coded webpage that was formatted in html, your browser couldn't parse it (read it) properly so it errored out. Almost anything could be responsible for its occurrence so it doesn't help us any.

To give me a look at the current partitioning on your hard drive and the drive arrangement of your computer, please do the following for me ...


  • Double click ListParts64.exe to launch the program.
  • Press the Scan button.
  • When finished scanning it will make a log Result.txt on your Desktop.
  • Please post me the contents of the log.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: I think I could be infected help please!!!

Unread postby rmrrar » April 21st, 2016, 2:30 am

ListParts by Farbar Version: 31-07-2014
Ran by ROBERT (administrator) on 21-04-2016 at 01:28:33
WIN_81 (X64)
Running From: C:\Users\ROBERT\Downloads
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 26%
Total physical RAM: 7117.97 MB
Available physical RAM: 5259.65 MB
Total Pagefile: 8269.97 MB
Available Pagefile: 6254.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.88 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:902.72 GB) (Free:836.15 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:26.97 GB) (Free:3.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]


Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 5120 KB *

Partitions of Disk 0:
===============


Disk ID: {B30556A0-E160-42BC-A32B-D8C6D45BB324}

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 650 MB 1024 KB
Partition 2 System (partition with boot components) 260 MB 651 MB
Partition 3 Reserved 128 MB 911 MB
Partition 4 Primary 902 GB 1039 MB
Partition 5 Recovery 815 MB 903 GB
Partition 6 Primary 26 GB 904 GB

======================================================================================================

Disk: 0
Partition 1
Type : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden : Yes
Required: Yes
Attrib : 0X8000000000000001

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 WINRE NTFS Partition 650 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT32 Partition 260 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden : Yes
Required: No
Attrib : 0X8000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 4
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: No
Attrib : 0000000000000000

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Windows NTFS Partition 902 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 5
Type : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden : Yes
Required: Yes
Attrib : 0X8000000000000001

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 NTFS Partition 815 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 6
Type : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden : No
Required: Yes
Attrib : 0X0000000000000001

There is no volume associated with this partition.

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: BCA63D46

Partition : GPT Partition Type

****** End Of Log ******
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: I think I could be infected help please!!!

Unread postby Gary R » April 21st, 2016, 7:52 am

Did your computer come with Windows 10 pre-installed or did you install it yourself, if the latter which version of Windows did you upgrade from ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: I think I could be infected help please!!!

Unread postby rmrrar » April 21st, 2016, 3:57 pm

It came with windows 8 and offered me a free upgrade to windows 10 when I bought it .
rmrrar
Regular Member
 
Posts: 105
Joined: May 19th, 2013, 8:09 am

Re: I think I could be infected help please!!!

Unread postby Gary R » April 21st, 2016, 5:54 pm

OK, there are a couple of partitions on your drive (partitions 3 & 6) whose purpose is not clear. This does not mean they are malicious, just that it's not clear what their purpose is.

Because you're using Windows 10 as your OS, your hard drive is formatted for GPT (Guid Partition Table) which was a security feature introduced with Windows 8. With a GPT and "safeboot" enabled (which it is by default on most modern machines) any changes made to the GPT will result in the computer becoming unbootable.

With that in mind, and since your hard drive has been GPT configured since you bought it (since your first OS was Windows 8), I think it's highly unlikely that the "unknown" partitions on your drive were put there by any maliciious outside agency.

So, basically what I'm saying is I believe your machine is clean, and the only remaining possible source of "rogue" transmissions from your network, would be if someone has hacked your router, in which case you need to first reset it, and then ensure that your wireless router is password-protected using WPA or WPA2 encryption.

If it is already password protected, then you'll need to reset your router, and then change the existing password to a new one.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 112 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware