Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

IE & Mozilla browsers hijacked by hao123 and won't go away!

Started by itsdave , Feb 10 2016 01:28 AM

This topic is locked

#16
dbreeze

Posted 12 February 2016 - 04:29 PM

Trusted Helper

Malware Removal
2,216 posts

How is your system now? Do you still get the hao123.com redirect added anymore? If you do, is it only on certain browsers?

#17
itsdave

Posted 12 February 2016 - 05:08 PM

Member

Topic Starter
Member
50 posts

It's hard to determine without giving it a few hours or a day. I delete the hao123 URL from my FF shortcut target and it just attaches itself to the string the next day ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hao123___ etc). Before posting in this forum it would occur on all my browsers (IE, Chrome, FF) except Microsoft Edge. I uninstalled Chrome some time ago but the problem had kept persisting in IE and Firefox. I'll have to get back to you in a few hours or tomorrow to see if anything has changed.

#18
dbreeze

Posted 12 February 2016 - 09:13 PM

Trusted Helper

Malware Removal
2,216 posts

That will be fine; I'll keep an eye out for your reply.

#19
itsdave

Posted 13 February 2016 - 02:30 PM

Member

Topic Starter
Member
50 posts

That will be fine; I'll keep an eye out for your reply.

Hi dbreeze, I gave it a day and booted up my PC but the problem still persists. "http://hao.169x.cn/?v=108"gets concatenated onto the end of my shortcut target string

edit: I also reinstalled OBS (Open Broadcaster Software) because I use it a lot.. I hope that's not an issue.

Edited by itsdave, 13 February 2016 - 02:43 PM.

#20
dbreeze

Posted 14 February 2016 - 12:39 AM

Trusted Helper

Malware Removal
2,216 posts

Download zoek.exe from here: Zoek.exe at Bleepingcomputer

Close/disable all anti virus and anti malware programs so they do not interfere download or run of Zoek.exe
(Here or here you can read a instructions on how to disable your security applications.)
Double click zoek.exe to start the program.
Copy and paste the following script in the code box:
Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:

createsrpoint;
autoclean;
IEdefaults;
chrdefaults;
FFdefaults;
bitsadmin /reset /allusers >>"%temp%\log.txt";b
ipconfig /flushdns >>"%temp%\log.txt";b
emptyalltemp;
resetIEproxy;

Close any open browsers.
Click the "Run script" button and wait patiently.
When finished the log file will be opened in notepad.
If a reboot is needed the log file will be opened after reboot.
The zoek-results.log can also be found on your system drive (typically this is C: drive.).
Please post the log file for further review in your next comment.

#21
itsdave

Posted 14 February 2016 - 03:57 AM

Member

Topic Starter
Member
50 posts

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by David on Sun 14/02/2016 at 22:37:28.39.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\user\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

14/02/2016 10:38:08 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\David\AppData\Local\ActiveSync deleted successfully
C:\Users\David\AppData\Local\Adobe deleted successfully
C:\Users\David\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ch5py7b7.default-1454393996597\prefs.js:
user_pref("browser.startup.homepage", "http://google.com/");

Added to C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ch5py7b7.default-1454393996597\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Batch Command(s) Run By Tool======================

BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ch5py7b7.default-1454393996597
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [11/02/2016 08:42 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [11/02/2016 08:42 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ch5py7b7.default-1454393996597
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\ch5py7b7.default-1454393996597
6FE651F6E3025AD51CC1D54913AEEADC - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll - Shockwave Flash

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[11/02/2016 07:52 PM]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft..../?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft..../?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.co...q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...=IESR02&pc=UE04

==== Reset Google Chrome ======================

Nothing found to reset

==== shortcuts on Users Desktops ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe

==== shortcuts in Users Start Menu ======================

C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blade & Soul.lnk - D:\Program Files (x86)\NCWest\NCLauncher\NCLauncher.exe /LauncherID:"NCWest" /CompanyID:"12" /GameID:"BnS" /LUpdateAddr:"updater.nclauncher.ncsoft.com"
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Desktop.lnk - D:\Users\user\Desktop
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo III.lnk - D:\Program Files (x86)\Diablo III\Diablo III Launcher.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Local Disk_MAIN (D).lnk - D:\
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk - C:\Windows.old\Windows\System32\fodhelper.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux\Flux.lnk - C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux\Uninstall.lnk - C:\Users\David\AppData\Local\FluxSoftware\Flux\uninstall.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Open Broadcaster Software (32bit).lnk - C:\Program Files (x86)\OBS\OBS.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Open Broadcaster Software (64bit).lnk - C:\Program Files\OBS\OBS.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Uninstall.lnk - C:\Program Files (x86)\OBS\uninstall.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - D:\Program Files (x86)\Steam\Steam.exe
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility\APP Shop\APP Shop.lnk - C:\Program Files (x86)\ASRock Utility\APP Shop\AsrAPPShop.exe app
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility\APP Shop\Uninstall APP Shop.lnk - C:\Program Files (x86)\ASRock Utility\APP Shop\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility\AsrAppCharger\App Charger Feature Description.lnk - C:\Program Files\ASRock Utility\AsrAppCharger\ASRock APP Charger.pdf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility\AsrAppCharger\App Charger Website.lnk - C:\Program Files\ASRock Utility\AsrAppCharger\ASRock App Charger.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility\AsrAppCharger\Uninstall ASRock App Charger.lnk - C:\Program Files (x86)\ASRock Utility\AsrAppCharger\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk - D:\Program Files (x86)\Battle.net\Battle.net Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge\Deluge.lnk - C:\Program Files (x86)\Deluge\deluge.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge\Uninstall Deluge.lnk - C:\Program Files (x86)\Deluge\deluge-uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge\Website.lnk - C:\Program Files (x86)\Deluge\homepage.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo\Gyazo GIF.lnk - C:\Program Files (x86)\Gyazo\GyazoGIF.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo\Gyazo Settings.lnk - C:\Program Files (x86)\Gyazo\GyStation.exe /option
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo\Gyazo.lnk - C:\Program Files (x86)\Gyazo\Gyazowin.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro\Remove HitmanPro 3.7.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe /uninstall
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Logitech Gaming Software 8.78.lnk - C:\Program Files\Logitech Gaming Software\LCore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe /show
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 12.0\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 12.0\Vegas Pro 12.0 Readme.lnk - D:\Program Files\Sony Vegas Pro 12\Readme\Vegas_readme.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Vegas Pro 12.0\Video Capture 6.0 Readme.lnk - D:\Program Files\Sony Vegas Pro 12\Readme\Videocapture_readme.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - D:\Program Files (x86)\Steam\Steam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client\Uninstall.lnk - D:\Program Files\TeamSpeak 3 Client\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Uninstall Winamp.lnk - C:\Program Files (x86)\Winamp\uninstwa.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\What's New.lnk - C:\Program Files (x86)\Winamp\whatsnew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp (Safe Mode).lnk - C:\Program Files (x86)\Winamp\winamp.exe /SAFE=1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe

==== shortcuts in Quick Launch ======================

C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gyazo GIF.lnk - C:\Program Files (x86)\Gyazo\GyazoGIF.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk - C:\Program Files (x86)\Gyazo\Gyazowin.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gyazo.lnk - C:\Program Files (x86)\Gyazo\Gyazowin.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sticky Notes.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\G6YIFZOA will be deleted at reboot
C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\MAIRPIU1 will be deleted at reboot
C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\W9QBRU1I will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\David\AppData\Local\Mozilla\Firefox\Profiles\ch5py7b7.default-1454393996597\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=17 folders=17 17802530 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\David\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\G6YIFZOA" not found
"C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\MAIRPIU1" not found
"C:\Users\David\AppData\Local\Microsoft\Windows\INetCache\IE\W9QBRU1I" not found

==== EOF on Sun 14/02/2016 at 22:54:40.98 ======================

#22
dbreeze

Posted 15 February 2016 - 09:12 PM

Trusted Helper

Malware Removal
2,216 posts

Any more additions today?

One question (from examining the log); why so many desktops? How did you 'split' the system (I'm thinking you tried to have OS on SSD and rest on HDD; am I correct?)?

#23
itsdave

Posted 16 February 2016 - 12:22 AM

Member

Topic Starter
Member
50 posts

Looks like the problem is still there when I boot the PC up..

Old build:
Windows 7 on HDD

New build (all components upgraded):

Windows 10 on new SSD, old Windows 7 on HDD

Didn't get around to deleting old Windows folder from my HDD. Wasn't sure if it would cause issues so I just left it there. Is that what you're talking about?

#24
dbreeze

Posted 16 February 2016 - 02:04 AM

Trusted Helper

Malware Removal
2,216 posts

That is one point (the old windows folder on the HDD is actively being pointed to by one shortcut [C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk - C:\Windows.old\Windows\System32\fodhelper.exe]; this is usually not needed or correct); but I was more concerned about the 9 copies of the shortcuts that are on the desktop.

==== shortcuts on Users Desktops ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://hao.169x.cn/?v=108
C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - D:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
C:\Users\Public\Desktop\Vegas Pro 12.0 (64-bit).lnk - D:\Program Files\Sony Vegas Pro 12\vegas120.exe
C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe

I think you can delete 8 of the 9 copies and everything should still be working for you.

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

#25
itsdave

Posted 16 February 2016 - 10:51 PM

Member

Topic Starter
Member
50 posts

The thing is, I only see 1 shortcut in that directory so I don't know where the other 8 actually are..

17:46:36.0453 0x1390 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
17:46:48.0928 0x1390 ============================================================
17:46:48.0928 0x1390 Current date / time: 2016/02/17 17:46:48.0928
17:46:48.0928 0x1390 SystemInfo:
17:46:48.0928 0x1390
17:46:48.0929 0x1390 OS Version: 10.0.10586 ServicePack: 0.0
17:46:48.0929 0x1390 Product type: Workstation
17:46:48.0929 0x1390 ComputerName: DESKTOP-TTGS3RU
17:46:48.0930 0x1390 UserName: David
17:46:48.0930 0x1390 Windows directory: C:\WINDOWS
17:46:48.0930 0x1390 System windows directory: C:\WINDOWS
17:46:48.0930 0x1390 Running under WOW64
17:46:48.0930 0x1390 Processor architecture: Intel x64
17:46:48.0930 0x1390 Number of processors: 4
17:46:48.0930 0x1390 Page size: 0x1000
17:46:48.0930 0x1390 Boot type: Normal boot
17:46:48.0930 0x1390 ============================================================
17:46:49.0002 0x1390 KLMD registered as C:\WINDOWS\system32\drivers\07212257.sys
17:46:49.0057 0x1390 System UUID: {5869561A-8B2F-8ACE-D3D4-D365068F5223}
17:46:49.0296 0x1390 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:46:49.0316 0x1390 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:46:49.0327 0x1390 ============================================================
17:46:49.0327 0x1390 \Device\Harddisk0\DR0:
17:46:49.0327 0x1390 MBR partitions:
17:46:49.0327 0x1390 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFA000
17:46:49.0327 0x1390 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFA800, BlocksNum 0xDE99800
17:46:49.0327 0x1390 \Device\Harddisk1\DR1:
17:46:49.0327 0x1390 MBR partitions:
17:46:49.0327 0x1390 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:46:49.0327 0x1390 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6E52B800
17:46:49.0348 0x1390 ============================================================
17:46:49.0349 0x1390 C: <-> \Device\Harddisk0\DR0\Partition2
17:46:49.0388 0x1390 D: <-> \Device\Harddisk1\DR1\Partition2
17:46:49.0388 0x1390 ============================================================
17:46:49.0388 0x1390 Initialize success
17:46:49.0388 0x1390 ============================================================
17:47:25.0632 0x09c8 ============================================================
17:47:25.0633 0x09c8 Scan started
17:47:25.0633 0x09c8 Mode: Manual; TDLFS;
17:47:25.0633 0x09c8 ============================================================
17:47:25.0633 0x09c8 KSN ping started
17:47:28.0140 0x09c8 KSN ping finished: true
17:47:28.0825 0x09c8 ================ Scan system memory ========================
17:47:28.0825 0x09c8 System memory - ok
17:47:28.0826 0x09c8 ================ Scan services =============================
17:47:28.0847 0x09c8 1394ohci - ok
17:47:28.0850 0x09c8 3ware - ok
17:47:28.0851 0x09c8 ACPI - ok
17:47:28.0853 0x09c8 acpiex - ok
17:47:28.0854 0x09c8 acpipagr - ok
17:47:28.0856 0x09c8 AcpiPmi - ok
17:47:28.0858 0x09c8 acpitime - ok
17:47:28.0862 0x09c8 [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:47:28.0863 0x09c8 AdobeARMservice - ok
17:47:28.0879 0x09c8 [ 785FD0E36CA75D90DD50042E2594BC63, 471A5ED43A3E18A5A69C28F7F351558E90F20416D9C532ADF50888808090AE89 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:47:28.0882 0x09c8 AdobeFlashPlayerUpdateSvc - ok
17:47:28.0885 0x09c8 ADP80XX - ok
17:47:28.0888 0x09c8 AFD - ok
17:47:28.0889 0x09c8 agp440 - ok
17:47:28.0892 0x09c8 ahcache - ok
17:47:28.0894 0x09c8 AJRouter - ok
17:47:28.0896 0x09c8 ALG - ok
17:47:28.0898 0x09c8 AmdK8 - ok
17:47:28.0900 0x09c8 AmdPPM - ok
17:47:28.0901 0x09c8 amdsata - ok
17:47:28.0903 0x09c8 amdsbs - ok
17:47:28.0905 0x09c8 amdxata - ok
17:47:28.0906 0x09c8 AppID - ok
17:47:28.0908 0x09c8 AppIDSvc - ok
17:47:28.0909 0x09c8 Appinfo - ok
17:47:28.0913 0x09c8 AppReadiness - ok
17:47:28.0915 0x09c8 AppXSvc - ok
17:47:28.0916 0x09c8 arcsas - ok
17:47:28.0918 0x09c8 [ E1AFEE1584C74050DE0DD16DE2A54BF3, 77C8D98159D8BCDC7917B04977949823D50C49D0D13587310E060A4B8893AE42 ] AsrAppCharger   C:\WINDOWS\system32\DRIVERS\AsrAppCharger.sys
17:47:28.0919 0x09c8 AsrAppCharger - ok
17:47:28.0922 0x09c8 [ 75D6C3469347DE1CDFA3B1B9F1544208, 2AA1B08F47FBB1E2BD2E4A492F5D616968E703E1359A921F62B38B8E4662F0C4 ] AsrAutoChkUpdDrv C:\WINDOWS\SysWOW64\Drivers\AsrAutoChkUpdDrv.sys
17:47:28.0922 0x09c8 AsrAutoChkUpdDrv - ok
17:47:28.0925 0x09c8 [ 7E66DFE6B62C6C34FD6B09DB6169E9F6, BCE908BBF35FD9471018BFC9DCE357529F558693692FF51DA868024F7FD0E868 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
17:47:28.0926 0x09c8 aswHwid - ok
17:47:28.0930 0x09c8 [ 259ABA699202DCE45815128D7BEAE41E, D42C190212D8B41DCD56331E7C94AB2E57E3BE0A55056FDA715339E13F55B0CC ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
17:47:28.0931 0x09c8 aswMonFlt - ok
17:47:28.0935 0x09c8 [ 0866D5FE02D614501B7B4AD5E1BC7B53, C34B4AF64DA9592EADC070C7A384070D564DCE3412337F671932A4818D8E12E8 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
17:47:28.0936 0x09c8 aswRdr - ok
17:47:28.0939 0x09c8 [ 0AA12ADF5F87B4A70BDBAED77F54B978, 2C33F656EC2E51493A40FF32A5C934E209CF1475A8B0F3573396E97F8A10A76A ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
17:47:28.0941 0x09c8 aswRvrt - ok
17:47:28.0958 0x09c8 [ C445C4459ADC7A04E02D4646980515FC, 231BAA4D0B3F5B8EDE9ED849B0D192E8BB12FAB8AAB60FD8224EB96E41924A51 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
17:47:28.0971 0x09c8 aswSnx - ok
17:47:28.0981 0x09c8 [ 6538FDD733D155F901913D3C09C618CB, 253B1ED73647BD9EC558E5CCAE7277AE5F97DB4514DB6467A5A9A2947F8C057F ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
17:47:28.0987 0x09c8 aswSP - ok
17:47:28.0992 0x09c8 [ 219D0E2348629FAE4E6E3478C21B23D6, 3545F59A966F31CE949596629217FD4D7119162411073D4D811575620728AC68 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
17:47:28.0994 0x09c8 aswStm - ok
17:47:29.0002 0x09c8 [ 9949BBD5BB70C4D317B7549896132579, DD92AAD8530C04365C24BD540C909FBDCFC92B18CB6ABB0E655F360EBC4DCD1E ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
17:47:29.0006 0x09c8 aswVmm - ok
17:47:29.0008 0x09c8 AsyncMac - ok
17:47:29.0010 0x09c8 atapi - ok
17:47:29.0015 0x09c8 AudioEndpointBuilder - ok
17:47:29.0017 0x09c8 Audiosrv - ok
17:47:29.0023 0x09c8 [ 501E11AE85EE28D305D228F5931AC76C, FB7052CFA143E5D431131EBB59D4EDAEEFCB56A017552E2395F1954F861613A0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:47:29.0026 0x09c8 avast! Antivirus - ok
17:47:29.0110 0x09c8 [ E479F4EB69228EB67F55776D7E962322, B4D7237C4523603531BF2AE2CDC0297262C92D4EFAF0FB138A4D713BE8E71978 ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
17:47:29.0175 0x09c8 AvastVBoxSvc - ok
17:47:29.0184 0x09c8 AxInstSV - ok
17:47:29.0186 0x09c8 b06bdrv - ok
17:47:29.0188 0x09c8 BasicDisplay - ok
17:47:29.0190 0x09c8 BasicRender - ok
17:47:29.0193 0x09c8 bcmfn - ok
17:47:29.0195 0x09c8 bcmfn2 - ok
17:47:29.0198 0x09c8 BDESVC - ok
17:47:29.0200 0x09c8 Beep - ok
17:47:29.0202 0x09c8 BFE - ok
17:47:29.0204 0x09c8 BITS - ok
17:47:29.0205 0x09c8 bowser - ok
17:47:29.0207 0x09c8 BrokerInfrastructure - ok
17:47:29.0209 0x09c8 Browser - ok
17:47:29.0211 0x09c8 BthAvrcpTg - ok
17:47:29.0213 0x09c8 BthHFEnum - ok
17:47:29.0216 0x09c8 bthhfhid - ok
17:47:29.0218 0x09c8 BthHFSrv - ok
17:47:29.0220 0x09c8 BTHMODEM - ok
17:47:29.0222 0x09c8 bthserv - ok
17:47:29.0224 0x09c8 buttonconverter - ok
17:47:29.0226 0x09c8 CapImg - ok
17:47:29.0228 0x09c8 cdfs - ok
17:47:29.0230 0x09c8 CDPSvc - ok
17:47:29.0232 0x09c8 cdrom - ok
17:47:29.0235 0x09c8 CertPropSvc - ok
17:47:29.0236 0x09c8 circlass - ok
17:47:29.0238 0x09c8 CLFS - ok
17:47:29.0240 0x09c8 ClipSVC - ok
17:47:29.0244 0x09c8 CmBatt - ok
17:47:29.0246 0x09c8 CNG - ok
17:47:29.0249 0x09c8 cnghwassist - ok
17:47:29.0257 0x09c8 CompositeBus - ok
17:47:29.0258 0x09c8 COMSysApp - ok
17:47:29.0260 0x09c8 condrv - ok
17:47:29.0262 0x09c8 CoreMessagingRegistrar - ok
17:47:29.0266 0x09c8 CryptSvc - ok
17:47:29.0269 0x09c8 dam - ok
17:47:29.0271 0x09c8 DcomLaunch - ok
17:47:29.0272 0x09c8 DcpSvc - ok
17:47:29.0274 0x09c8 defragsvc - ok
17:47:29.0276 0x09c8 DeviceAssociationService - ok
17:47:29.0277 0x09c8 DeviceInstall - ok
17:47:29.0279 0x09c8 DevQueryBroker - ok
17:47:29.0282 0x09c8 Dfsc - ok
17:47:29.0285 0x09c8 Dhcp - ok
17:47:29.0287 0x09c8 diagnosticshub.standardcollector.service - ok
17:47:29.0297 0x09c8 DiagTrack - ok
17:47:29.0299 0x09c8 disk - ok
17:47:29.0301 0x09c8 DmEnrollmentSvc - ok
17:47:29.0303 0x09c8 dmvsc - ok
17:47:29.0304 0x09c8 dmwappushservice - ok
17:47:29.0306 0x09c8 Dnscache - ok
17:47:29.0309 0x09c8 dot3svc - ok
17:47:29.0311 0x09c8 DPS - ok
17:47:29.0314 0x09c8 drmkaud - ok
17:47:29.0316 0x09c8 DsmSvc - ok
17:47:29.0318 0x09c8 DsSvc - ok
17:47:29.0320 0x09c8 DXGKrnl - ok
17:47:29.0331 0x09c8 [ 3395BEE2C5CFD2E3DB1206E3AA4F8E2D, 4957D271A8ACCE0BB33AE28891BDB659430F785C30599AF2CC9A49580EC865B0 ] e1dexpress      C:\WINDOWS\system32\DRIVERS\e1d65x64.sys
17:47:29.0337 0x09c8 e1dexpress - ok
17:47:29.0339 0x09c8 Eaphost - ok
17:47:29.0341 0x09c8 ebdrv - ok
17:47:29.0343 0x09c8 EFS - ok
17:47:29.0344 0x09c8 EhStorClass - ok
17:47:29.0346 0x09c8 EhStorTcgDrv - ok
17:47:29.0349 0x09c8 embeddedmode - ok
17:47:29.0350 0x09c8 EntAppSvc - ok
17:47:29.0352 0x09c8 ErrDev - ok
17:47:29.0355 0x09c8 EventSystem - ok
17:47:29.0357 0x09c8 exfat - ok
17:47:29.0358 0x09c8 fastfat - ok
17:47:29.0360 0x09c8 Fax - ok
17:47:29.0362 0x09c8 fdc - ok
17:47:29.0364 0x09c8 fdPHost - ok
17:47:29.0366 0x09c8 FDResPub - ok
17:47:29.0368 0x09c8 fhsvc - ok
17:47:29.0370 0x09c8 FileCrypt - ok
17:47:29.0372 0x09c8 FileInfo - ok
17:47:29.0373 0x09c8 Filetrace - ok
17:47:29.0375 0x09c8 flpydisk - ok
17:47:29.0377 0x09c8 FltMgr - ok
17:47:29.0379 0x09c8 FontCache - ok
17:47:29.0382 0x09c8 FontCache3.0.0.0 - ok
17:47:29.0384 0x09c8 FsDepends - ok
17:47:29.0385 0x09c8 Fs_Rec - ok
17:47:29.0387 0x09c8 fvevol - ok
17:47:29.0389 0x09c8 gagp30kx - ok
17:47:29.0391 0x09c8 gencounter - ok
17:47:29.0393 0x09c8 genericusbfn - ok
17:47:29.0412 0x09c8 [ 061CC5C12C39899D7398CFEBFD19F69F, 62319596863A74665FA801C305C952A0F20AAA0F1CDC2195F2F69D662790C80B ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
17:47:29.0425 0x09c8 GfExperienceService - ok
17:47:29.0428 0x09c8 GPIOClx0101 - ok
17:47:29.0429 0x09c8 gpsvc - ok
17:47:29.0433 0x09c8 GpuEnergyDrv - ok
17:47:29.0435 0x09c8 HDAudBus - ok
17:47:29.0436 0x09c8 HidBatt - ok
17:47:29.0438 0x09c8 HidBth - ok
17:47:29.0440 0x09c8 hidi2c - ok
17:47:29.0442 0x09c8 hidinterrupt - ok
17:47:29.0443 0x09c8 HidIr - ok
17:47:29.0445 0x09c8 hidserv - ok
17:47:29.0449 0x09c8 HidUsb - ok
17:47:29.0451 0x09c8 HomeGroupListener - ok
17:47:29.0452 0x09c8 HomeGroupProvider - ok
17:47:29.0454 0x09c8 HpSAMD - ok
17:47:29.0456 0x09c8 HTTP - ok
17:47:29.0457 0x09c8 hwpolicy - ok
17:47:29.0459 0x09c8 hyperkbd - ok
17:47:29.0461 0x09c8 i8042prt - ok
17:47:29.0462 0x09c8 iai2c - ok
17:47:29.0465 0x09c8 iaLPSS2i_I2C - ok
17:47:29.0467 0x09c8 iaLPSSi_GPIO - ok
17:47:29.0468 0x09c8 iaLPSSi_I2C - ok
17:47:29.0494 0x09c8 [ 4A01E920E5D5B822B13351EA66F55999, ACEBB894D42E7626F481521FCA599F65D951ECC8A517A41A827061278DD82FE6 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
17:47:29.0510 0x09c8 iaStorA - ok
17:47:29.0512 0x09c8 iaStorAV - ok
17:47:29.0516 0x09c8 [ 14E3DB5ADA7E2187A404129F4E5CE336, 5925C8E9DC00A6C682D6A3B37C6EBF2C325D37C8E4BF584F0B5AAC5A7B666E47 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
17:47:29.0516 0x09c8 IAStorDataMgrSvc - ok
17:47:29.0519 0x09c8 iaStorV - ok
17:47:29.0521 0x09c8 ibbus - ok
17:47:29.0523 0x09c8 icssvc - ok
17:47:29.0525 0x09c8 IEEtwCollectorService - ok
17:47:29.0527 0x09c8 IKEEXT - ok
17:47:29.0587 0x09c8 [ 01262E2BE97708F54666E700482027DE, 7643FCFB6EBFABDD7D1A914C40FADE97DDC633C5D75BE2CADBAC61675564E5CD ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
17:47:29.0633 0x09c8 IntcAzAudAddService - ok
17:47:29.0646 0x09c8 [ 03CD3245E52C8A87E3B14832DC8A6A7D, C2AAB4E754479F0AA0AE86D51E721E5A11624681D5EC823E25E460EE146E70E9 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
17:47:29.0652 0x09c8 Intel® PROSet Monitoring Service - ok
17:47:29.0655 0x09c8 intelide - ok
17:47:29.0657 0x09c8 intelpep - ok
17:47:29.0659 0x09c8 intelppm - ok
17:47:29.0661 0x09c8 IoQos - ok
17:47:29.0664 0x09c8 IpFilterDriver - ok
17:47:29.0667 0x09c8 iphlpsvc - ok
17:47:29.0669 0x09c8 IPMIDRV - ok
17:47:29.0672 0x09c8 IPNAT - ok
17:47:29.0674 0x09c8 IRENUM - ok
17:47:29.0676 0x09c8 isapnp - ok
17:47:29.0678 0x09c8 iScsiPrt - ok
17:47:29.0682 0x09c8 kbdclass - ok
17:47:29.0684 0x09c8 kbdhid - ok
17:47:29.0686 0x09c8 kdnic - ok
17:47:29.0689 0x09c8 KeyIso - ok
17:47:29.0691 0x09c8 KSecDD - ok
17:47:29.0693 0x09c8 KSecPkg - ok
17:47:29.0695 0x09c8 ksthunk - ok
17:47:29.0699 0x09c8 KtmRm - ok
17:47:29.0701 0x09c8 LanmanServer - ok
17:47:29.0704 0x09c8 LanmanWorkstation - ok
17:47:29.0707 0x09c8 lfsvc - ok
17:47:29.0709 0x09c8 [ 17325C9B9ADB2BB99049936D0C9812C8, 70ADDC85FD5757BC9C4B97F382B25A19851FF8275021FFC04A81E208A604F83E ] LGBusEnum       C:\WINDOWS\system32\drivers\LGBusEnum.sys
17:47:29.0710 0x09c8 LGBusEnum - ok
17:47:29.0712 0x09c8 [ 2D7F1C02B94D6F0F3E10107E5EA8E141, 93B266F38C3C3EAAB475D81597ABBD7CC07943035068BB6FD670DBBE15DE0131 ] LGCoreTemp      C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
17:47:29.0713 0x09c8 LGCoreTemp - ok
17:47:29.0717 0x09c8 [ C7AF05942E041D4B1F345ACF79993BB3, E8FAAE356C99A11F6CF17640FD9C67F87AFBFEFB70C458CB85178F2AD94DF848 ] LGJoyXlCore     C:\WINDOWS\system32\drivers\LGJoyXlCore.sys
17:47:29.0718 0x09c8 LGJoyXlCore - ok
17:47:29.0721 0x09c8 [ 07B1C1927BAE6431D3DFB1816DF05BBA, 9B296F6E801D14CE89F5E3EA9B3962EE99E1D3E22077D075F5B0EE4FE3CAB65E ] lgLowAudio      C:\WINDOWS\system32\drivers\lgLowAudio.sys
17:47:29.0722 0x09c8 lgLowAudio - ok
17:47:29.0724 0x09c8 [ 1DDB8DE3D6EEF31EDCF4977B2D2FAACC, 24291B522A596E2D9A1CDAC192DB1C7422D5DD0E87E5C8A5F5E2CAA90296BF23 ] LGVirHid        C:\WINDOWS\system32\drivers\LGVirHid.sys
17:47:29.0725 0x09c8 LGVirHid - ok
17:47:29.0727 0x09c8 LicenseManager - ok
17:47:29.0728 0x09c8 lltdio - ok
17:47:29.0731 0x09c8 lltdsvc - ok
17:47:29.0733 0x09c8 lmhosts - ok
17:47:29.0737 0x09c8 [ 6A854F3F93AAE34005A3C2EB21B2256C, 71FF43EEFAB7FD9E79C75E5E78F813FEF6F4E906CC52A8A7EFEF3E64C3D96A1F ] LogiRegistryService C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
17:47:29.0739 0x09c8 LogiRegistryService - ok
17:47:29.0742 0x09c8 LSI_SAS - ok
17:47:29.0744 0x09c8 LSI_SAS2i - ok
17:47:29.0746 0x09c8 LSI_SAS3i - ok
17:47:29.0749 0x09c8 LSI_SSS - ok
17:47:29.0750 0x09c8 LSM - ok
17:47:29.0752 0x09c8 luafv - ok
17:47:29.0756 0x09c8 MapsBroker - ok
17:47:29.0758 0x09c8 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:47:29.0759 0x09c8 MBAMProtector - ok
17:47:29.0777 0x09c8 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
17:47:29.0790 0x09c8 MBAMService - ok
17:47:29.0794 0x09c8 [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
17:47:29.0795 0x09c8 MBAMWebAccessControl - ok
17:47:29.0797 0x09c8 megasas - ok
17:47:29.0799 0x09c8 megasr - ok
17:47:29.0804 0x09c8 [ 5AC258A5845A72B91C675F44050058B2, 69D298B5774F299DE2EECF7B9238BFD36CDC0BAFB167FD0927398E4A89A5D63B ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
17:47:29.0807 0x09c8 MEIx64 - ok
17:47:29.0809 0x09c8 MessagingService - ok
17:47:29.0813 0x09c8 mlx4_bus - ok
17:47:29.0816 0x09c8 MMCSS - ok
17:47:29.0819 0x09c8 Modem - ok
17:47:29.0821 0x09c8 monitor - ok
17:47:29.0823 0x09c8 mouclass - ok
17:47:29.0824 0x09c8 mouhid - ok
17:47:29.0826 0x09c8 mountmgr - ok
17:47:29.0830 0x09c8 [ 5961C5D8EDD2E2A3B99F1782AE1AC21F, C383A4724A335737C4C7C3211AFCFB82D373267EC634BC47EE078A1C66E1F62A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:47:29.0832 0x09c8 MozillaMaintenance - ok
17:47:29.0835 0x09c8 mpsdrv - ok
17:47:29.0837 0x09c8 MpsSvc - ok
17:47:29.0839 0x09c8 MRxDAV - ok
17:47:29.0841 0x09c8 mrxsmb - ok
17:47:29.0843 0x09c8 mrxsmb10 - ok
17:47:29.0845 0x09c8 mrxsmb20 - ok
17:47:29.0847 0x09c8 MsBridge - ok
17:47:29.0850 0x09c8 MSDTC - ok
17:47:29.0854 0x09c8 Msfs - ok
17:47:29.0856 0x09c8 msgpiowin32 - ok
17:47:29.0857 0x09c8 mshidkmdf - ok
17:47:29.0859 0x09c8 mshidumdf - ok
17:47:29.0861 0x09c8 msisadrv - ok
17:47:29.0863 0x09c8 MSiSCSI - ok
17:47:29.0865 0x09c8 msiserver - ok
17:47:29.0867 0x09c8 MSKSSRV - ok
17:47:29.0869 0x09c8 MsLldp - ok
17:47:29.0871 0x09c8 MSPCLOCK - ok
17:47:29.0873 0x09c8 MSPQM - ok
17:47:29.0875 0x09c8 MsRPC - ok
17:47:29.0877 0x09c8 mssmbios - ok
17:47:29.0879 0x09c8 MSTEE - ok
17:47:29.0881 0x09c8 MTConfig - ok
17:47:29.0883 0x09c8 Mup - ok
17:47:29.0885 0x09c8 mvumis - ok
17:47:29.0887 0x09c8 NativeWifiP - ok
17:47:29.0889 0x09c8 NcaSvc - ok
17:47:29.0890 0x09c8 NcbService - ok
17:47:29.0892 0x09c8 NcdAutoSetup - ok
17:47:29.0894 0x09c8 ndfltr - ok
17:47:29.0896 0x09c8 NDIS - ok
17:47:29.0900 0x09c8 NdisCap - ok
17:47:29.0902 0x09c8 NdisImPlatform - ok
17:47:29.0904 0x09c8 NdisTapi - ok
17:47:29.0905 0x09c8 Ndisuio - ok
17:47:29.0907 0x09c8 NdisVirtualBus - ok
17:47:29.0909 0x09c8 NdisWan - ok
17:47:29.0910 0x09c8 ndiswanlegacy - ok
17:47:29.0912 0x09c8 ndproxy - ok
17:47:29.0914 0x09c8 Ndu - ok
17:47:29.0916 0x09c8 NetBIOS - ok
17:47:29.0922 0x09c8 NetBT - ok
17:47:29.0923 0x09c8 Netlogon - ok
17:47:29.0925 0x09c8 Netman - ok
17:47:29.0927 0x09c8 netprofm - ok
17:47:29.0929 0x09c8 NetSetupSvc - ok
17:47:29.0933 0x09c8 NetTcpPortSharing - ok
17:47:29.0936 0x09c8 NgcCtnrSvc - ok
17:47:29.0937 0x09c8 NgcSvc - ok
17:47:29.0941 0x09c8 [ 2F6ABF6376803BAB4E9F4E7D8E2FF84F, 6B60D6BD08E53B3ECF2B604C3169955EF7A22717446B3771A216A000F1D9D54A ] ngvss           C:\WINDOWS\system32\drivers\ngvss.sys
17:47:29.0943 0x09c8 ngvss - ok
17:47:29.0945 0x09c8 NlaSvc - ok
17:47:29.0947 0x09c8 Npfs - ok
17:47:29.0949 0x09c8 npggsvc - ok
17:47:29.0951 0x09c8 npsvctrig - ok
17:47:29.0953 0x09c8 nsi - ok
17:47:29.0955 0x09c8 nsiproxy - ok
17:47:29.0958 0x09c8 NTFS - ok
17:47:29.0959 0x09c8 Null - ok
17:47:29.0966 0x09c8 [ D812362E8AF615B521AD4DF19A93BD5A, B1F04122DFE9FCC3FC56BE327D86912D624C89F2EFB9684BE66FC22115D0E19F ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
17:47:29.0970 0x09c8 NVHDA - ok
17:47:30.0130 0x09c8 [ 2C5C31D18A238768346B896DCE154DBF, A6CD62787B1D57EE63A75B61063B0FEB2193571DF20845F52F6DBF42DC6C6110 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
17:47:30.0262 0x09c8 nvlddmkm - ok
17:47:30.0304 0x09c8 [ 1E3277F1C9F62F90488D02869A9522B7, 464870ACE9BDF7A6A9C46701209BEED5C33454CFF44CDABEAF871E06F23FEF17 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
17:47:30.0324 0x09c8 NvNetworkService - ok
17:47:30.0327 0x09c8 nvraid - ok
17:47:30.0328 0x09c8 nvstor - ok
17:47:30.0331 0x09c8 [ 59A8DE923619F3DC0C6C63DC33FB231E, 29D20EA3EB9599DE829A0630F2063D5DFD2263E9222CD4E3559725792D1454A5 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
17:47:30.0332 0x09c8 NvStreamKms - ok
17:47:30.0420 0x09c8 [ 9B4B3747C6756F49B986398A46EC1FE0, D0A25F07CBFB39B86DCB148A2EC8F01FDDD9B6D994418C54F49AA2B782CE9811 ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
17:47:30.0488 0x09c8 NvStreamNetworkSvc - ok
17:47:30.0559 0x09c8 [ 266512CCC3B2E195CDE3A7A2C98A353A, DCB6C88A32FE3EE11D4FF242DE6E52B3C576C2EA4E4A5A245B4451CDEDCE94B0 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
17:47:30.0611 0x09c8 NvStreamSvc - ok
17:47:30.0638 0x09c8 [ DAF8A50D2CFDFBEA9AE33F0EE5D1AE7B, C72B9FEC5354ED38F0CB08ACE64811307B97154B518EF618EA04F6E48376C5BE ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
17:47:30.0655 0x09c8 nvsvc - ok
17:47:30.0658 0x09c8 [ 64E8275CEAD43D3CA8E3A311B2F4B64A, 99E683890B9AF3243100B387317760B5F91745EF9F7FF2ABA2DC7B6551A6EAB6 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
17:47:30.0659 0x09c8 nvvad_WaveExtensible - ok
17:47:30.0662 0x09c8 nv_agp - ok
17:47:30.0663 0x09c8 OneSyncSvc - ok
17:47:30.0667 0x09c8 p2pimsvc - ok
17:47:30.0670 0x09c8 p2psvc - ok
17:47:30.0671 0x09c8 Parport - ok
17:47:30.0674 0x09c8 partmgr - ok
17:47:30.0675 0x09c8 PcaSvc - ok
17:47:30.0677 0x09c8 pci - ok
17:47:30.0679 0x09c8 pciide - ok
17:47:30.0680 0x09c8 pcmcia - ok
17:47:30.0682 0x09c8 pcw - ok
17:47:30.0684 0x09c8 pdc - ok
17:47:30.0686 0x09c8 PEAUTH - ok
17:47:30.0688 0x09c8 percsas2i - ok
17:47:30.0689 0x09c8 percsas3i - ok
17:47:30.0698 0x09c8 PerfHost - ok
17:47:30.0703 0x09c8 PhoneSvc - ok
17:47:30.0704 0x09c8 PimIndexMaintenanceSvc - ok
17:47:30.0708 0x09c8 pla - ok
17:47:30.0710 0x09c8 PlugPlay - ok
17:47:30.0711 0x09c8 PNRPAutoReg - ok
17:47:30.0713 0x09c8 PNRPsvc - ok
17:47:30.0715 0x09c8 PolicyAgent - ok
17:47:30.0719 0x09c8 Power - ok
17:47:30.0721 0x09c8 PptpMiniport - ok
17:47:30.0772 0x09c8 [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
17:47:30.0817 0x09c8 PrintNotify - ok
17:47:30.0822 0x09c8 Processor - ok
17:47:30.0823 0x09c8 ProfSvc - ok
17:47:30.0825 0x09c8 Psched - ok
17:47:30.0827 0x09c8 QWAVE - ok
17:47:30.0828 0x09c8 QWAVEdrv - ok
17:47:30.0830 0x09c8 RasAcd - ok
17:47:30.0832 0x09c8 RasAgileVpn - ok
17:47:30.0835 0x09c8 RasAuto - ok
17:47:30.0837 0x09c8 Rasl2tp - ok
17:47:30.0839 0x09c8 RasMan - ok
17:47:30.0840 0x09c8 RasPppoe - ok
17:47:30.0842 0x09c8 RasSstp - ok
17:47:30.0844 0x09c8 rdbss - ok
17:47:30.0846 0x09c8 rdpbus - ok
17:47:30.0848 0x09c8 RDPDR - ok
17:47:30.0852 0x09c8 RdpVideoMiniport - ok
17:47:30.0854 0x09c8 rdyboost - ok
17:47:30.0856 0x09c8 ReFSv1 - ok
17:47:30.0859 0x09c8 RemoteAccess - ok
17:47:30.0860 0x09c8 RemoteRegistry - ok
17:47:30.0862 0x09c8 RetailDemo - ok
17:47:30.0864 0x09c8 RpcEptMapper - ok
17:47:30.0867 0x09c8 RpcLocator - ok
17:47:30.0870 0x09c8 RpcSs - ok
17:47:30.0872 0x09c8 rspndr - ok
17:47:30.0873 0x09c8 s3cap - ok
17:47:30.0875 0x09c8 SamSs - ok
17:47:30.0877 0x09c8 sbp2port - ok
17:47:30.0879 0x09c8 SCardSvr - ok
17:47:30.0881 0x09c8 ScDeviceEnum - ok
17:47:30.0884 0x09c8 scfilter - ok
17:47:30.0886 0x09c8 Schedule - ok
17:47:30.0888 0x09c8 SCPolicySvc - ok
17:47:30.0890 0x09c8 sdbus - ok
17:47:30.0892 0x09c8 SDRSVC - ok
17:47:30.0894 0x09c8 sdstor - ok
17:47:30.0897 0x09c8 seclogon - ok
17:47:30.0898 0x09c8 SENS - ok
17:47:30.0903 0x09c8 SensorDataService - ok
17:47:30.0905 0x09c8 SensorService - ok
17:47:30.0907 0x09c8 SensrSvc - ok
17:47:30.0909 0x09c8 SerCx - ok
17:47:30.0910 0x09c8 SerCx2 - ok
17:47:30.0912 0x09c8 Serenum - ok
17:47:30.0914 0x09c8 Serial - ok
17:47:30.0917 0x09c8 sermouse - ok
17:47:30.0922 0x09c8 SessionEnv - ok
17:47:30.0923 0x09c8 sfloppy - ok
17:47:30.0925 0x09c8 SharedAccess - ok
17:47:30.0928 0x09c8 ShellHWDetection - ok
17:47:30.0930 0x09c8 SiSRaid2 - ok
17:47:30.0932 0x09c8 SiSRaid4 - ok
17:47:30.0939 0x09c8 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:47:30.0942 0x09c8 SkypeUpdate - ok
17:47:30.0945 0x09c8 smphost - ok
17:47:30.0946 0x09c8 SmsRouter - ok
17:47:30.0950 0x09c8 SNMPTRAP - ok
17:47:30.0952 0x09c8 spaceport - ok
17:47:30.0954 0x09c8 SpbCx - ok
17:47:30.0956 0x09c8 Spooler - ok
17:47:30.0958 0x09c8 sppsvc - ok
17:47:30.0960 0x09c8 srv - ok
17:47:30.0961 0x09c8 srv2 - ok
17:47:30.0963 0x09c8 srvnet - ok
17:47:30.0965 0x09c8 SSDPSRV - ok
17:47:30.0968 0x09c8 SstpSvc - ok
17:47:30.0969 0x09c8 StateRepository - ok
17:47:30.0984 0x09c8 [ 591249EA969797C2A24629AF7C71A6F8, 61F28FB495657916514DE2A7FFD4AD833A1B2BBA5591616BE0C9CCD7DAFA40B7 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
17:47:30.0993 0x09c8 Steam Client Service - ok
17:47:31.0001 0x09c8 [ 361FCD486D585F388B576E48D11157B2, D14B73976F46ADAC70A08B07B0A25928D25DBC808CFC6297C3E45077749C1758 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:47:31.0005 0x09c8 Stereo Service - ok
17:47:31.0008 0x09c8 stexstor - ok
17:47:31.0010 0x09c8 stisvc - ok
17:47:31.0011 0x09c8 storahci - ok
17:47:31.0013 0x09c8 storflt - ok
17:47:31.0015 0x09c8 stornvme - ok
17:47:31.0017 0x09c8 storqosflt - ok
17:47:31.0019 0x09c8 StorSvc - ok
17:47:31.0021 0x09c8 storufs - ok
17:47:31.0024 0x09c8 storvsc - ok
17:47:31.0026 0x09c8 svsvc - ok
17:47:31.0028 0x09c8 swenum - ok
17:47:31.0030 0x09c8 swprv - ok
17:47:31.0032 0x09c8 Synth3dVsc - ok
17:47:31.0034 0x09c8 SysMain - ok
17:47:31.0037 0x09c8 SystemEventsBroker - ok
17:47:31.0039 0x09c8 TabletInputService - ok
17:47:31.0041 0x09c8 TapiSrv - ok
17:47:31.0043 0x09c8 Tcpip - ok
17:47:31.0045 0x09c8 Tcpip6 - ok
17:47:31.0047 0x09c8 tcpipreg - ok
17:47:31.0050 0x09c8 tdx - ok
17:47:31.0054 0x09c8 terminpt - ok
17:47:31.0057 0x09c8 TermService - ok
17:47:31.0059 0x09c8 Themes - ok
17:47:31.0061 0x09c8 TieringEngineService - ok
17:47:31.0063 0x09c8 tiledatamodelsvc - ok
17:47:31.0065 0x09c8 TimeBroker - ok
17:47:31.0067 0x09c8 TPM - ok
17:47:31.0070 0x09c8 TrkWks - ok
17:47:31.0073 0x09c8 [ 0C997B061E3C66BD9E927C1288EB1CC7, 3807E9A1BC159B9E8FC0C7CAAD10D7213FF8ED8AD1CEA9EA552B093C81BF624B ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
17:47:31.0074 0x09c8 TrueSight - ok
17:47:31.0075 0x09c8 TrustedInstaller - ok
17:47:31.0078 0x09c8 tsusbflt - ok
17:47:31.0079 0x09c8 TsUsbGD - ok
17:47:31.0082 0x09c8 tunnel - ok
17:47:31.0085 0x09c8 tzautoupdate - ok
17:47:31.0087 0x09c8 uagp35 - ok
17:47:31.0089 0x09c8 UASPStor - ok
17:47:31.0091 0x09c8 UcmCx0101 - ok
17:47:31.0093 0x09c8 UcmUcsi - ok
17:47:31.0095 0x09c8 Ucx01000 - ok
17:47:31.0098 0x09c8 UdeCx - ok
17:47:31.0101 0x09c8 udfs - ok
17:47:31.0102 0x09c8 UEFI - ok
17:47:31.0105 0x09c8 Ufx01000 - ok
17:47:31.0107 0x09c8 UfxChipidea - ok
17:47:31.0109 0x09c8 ufxsynopsys - ok
17:47:31.0113 0x09c8 UI0Detect - ok
17:47:31.0115 0x09c8 uliagpkx - ok
17:47:31.0117 0x09c8 umbus - ok
17:47:31.0119 0x09c8 UmPass - ok
17:47:31.0122 0x09c8 UmRdpService - ok
17:47:31.0124 0x09c8 UnistoreSvc - ok
17:47:31.0127 0x09c8 upnphost - ok
17:47:31.0129 0x09c8 UrsChipidea - ok
17:47:31.0131 0x09c8 UrsCx01000 - ok
17:47:31.0133 0x09c8 UrsSynopsys - ok
17:47:31.0135 0x09c8 usbaudio - ok
17:47:31.0138 0x09c8 usbccgp - ok
17:47:31.0139 0x09c8 usbcir - ok
17:47:31.0142 0x09c8 usbehci - ok
17:47:31.0143 0x09c8 usbhub - ok
17:47:31.0146 0x09c8 USBHUB3 - ok
17:47:31.0148 0x09c8 usbohci - ok
17:47:31.0150 0x09c8 usbprint - ok
17:47:31.0152 0x09c8 usbser - ok
17:47:31.0154 0x09c8 USBSTOR - ok
17:47:31.0156 0x09c8 usbuhci - ok
17:47:31.0158 0x09c8 USBXHCI - ok
17:47:31.0161 0x09c8 UserDataSvc - ok
17:47:31.0164 0x09c8 UserManager - ok
17:47:31.0167 0x09c8 UsoSvc - ok
17:47:31.0169 0x09c8 VaultSvc - ok
17:47:31.0178 0x09c8 [ EE639C5EAC1186B6ACF0FABD243F3E29, F80128BEE028BB274EE11401915DDABD033E0B8AEDCDDE426CBA00BD4B1278E5 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
17:47:31.0181 0x09c8 VBoxAswDrv - ok
17:47:31.0184 0x09c8 vdrvroot - ok
17:47:31.0186 0x09c8 vds - ok
17:47:31.0188 0x09c8 VerifierExt - ok
17:47:31.0190 0x09c8 vhdmp - ok
17:47:31.0193 0x09c8 vhf - ok
17:47:31.0194 0x09c8 vmbus - ok
17:47:31.0196 0x09c8 VMBusHID - ok
17:47:31.0199 0x09c8 vmicguestinterface - ok
17:47:31.0201 0x09c8 vmicheartbeat - ok
17:47:31.0203 0x09c8 vmickvpexchange - ok
17:47:31.0205 0x09c8 vmicrdv - ok
17:47:31.0207 0x09c8 vmicshutdown - ok
17:47:31.0208 0x09c8 vmictimesync - ok
17:47:31.0210 0x09c8 vmicvmsession - ok
17:47:31.0212 0x09c8 vmicvss - ok
17:47:31.0214 0x09c8 volmgr - ok
17:47:31.0216 0x09c8 volmgrx - ok
17:47:31.0218 0x09c8 volsnap - ok
17:47:31.0220 0x09c8 vpci - ok
17:47:31.0222 0x09c8 vsmraid - ok
17:47:31.0224 0x09c8 VSS - ok
17:47:31.0225 0x09c8 VSTXRAID - ok
17:47:31.0227 0x09c8 vwifibus - ok
17:47:31.0229 0x09c8 vwififlt - ok
17:47:31.0231 0x09c8 W32Time - ok
17:47:31.0233 0x09c8 WacomPen - ok
17:47:31.0235 0x09c8 WalletService - ok
17:47:31.0237 0x09c8 wanarp - ok
17:47:31.0239 0x09c8 wanarpv6 - ok
17:47:31.0241 0x09c8 wbengine - ok
17:47:31.0243 0x09c8 WbioSrvc - ok
17:47:31.0245 0x09c8 Wcmsvc - ok
17:47:31.0247 0x09c8 wcncsvc - ok
17:47:31.0249 0x09c8 WcsPlugInService - ok
17:47:31.0251 0x09c8 WdBoot - ok
17:47:31.0254 0x09c8 [ A556768CC1FA4F36022BEE2F0EDE2566, 3A4BC9DE614F43CD94FA354A565C66B2E1E36C0608D84C6288010B97B9D811AA ] WDC_SAM         C:\WINDOWS\System32\drivers\wdcsam64.sys
17:47:31.0255 0x09c8 WDC_SAM - ok
17:47:31.0257 0x09c8 Wdf01000 - ok
17:47:31.0258 0x09c8 WdFilter - ok
17:47:31.0261 0x09c8 WdiServiceHost - ok
17:47:31.0262 0x09c8 WdiSystemHost - ok
17:47:31.0265 0x09c8 wdiwifi - ok
17:47:31.0267 0x09c8 WdNisDrv - ok
17:47:31.0268 0x09c8 WdNisSvc - ok
17:47:31.0271 0x09c8 WebClient - ok
17:47:31.0274 0x09c8 Wecsvc - ok
17:47:31.0275 0x09c8 WEPHOSTSVC - ok
17:47:31.0278 0x09c8 wercplsupport - ok
17:47:31.0280 0x09c8 WerSvc - ok
17:47:31.0282 0x09c8 WFPLWFS - ok
17:47:31.0284 0x09c8 WiaRpc - ok
17:47:31.0286 0x09c8 WIMMount - ok
17:47:31.0288 0x09c8 WinDefend - ok
17:47:31.0292 0x09c8 WindowsTrustedRT - ok
17:47:31.0294 0x09c8 WindowsTrustedRTProxy - ok
17:47:31.0296 0x09c8 WinHttpAutoProxySvc - ok
17:47:31.0298 0x09c8 WinMad - ok
17:47:31.0301 0x09c8 Winmgmt - ok
17:47:31.0303 0x09c8 WinRM - ok
17:47:31.0306 0x09c8 WINUSB - ok
17:47:31.0308 0x09c8 WinVerbs - ok
17:47:31.0311 0x09c8 WlanSvc - ok
17:47:31.0313 0x09c8 wlidsvc - ok
17:47:31.0315 0x09c8 WmiAcpi - ok
17:47:31.0318 0x09c8 wmiApSrv - ok
17:47:31.0320 0x09c8 WMPNetworkSvc - ok
17:47:31.0324 0x09c8 [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
17:47:31.0327 0x09c8 Wof - ok
17:47:31.0335 0x09c8 workfolderssvc - ok
17:47:31.0337 0x09c8 wpcfltr - ok
17:47:31.0339 0x09c8 WPDBusEnum - ok
17:47:31.0341 0x09c8 WpdUpFltr - ok
17:47:31.0343 0x09c8 WpnService - ok
17:47:31.0345 0x09c8 ws2ifsl - ok
17:47:31.0348 0x09c8 wscsvc - ok
17:47:31.0350 0x09c8 WSearch - ok
17:47:31.0353 0x09c8 WSService - ok
17:47:31.0354 0x09c8 wuauserv - ok
17:47:31.0356 0x09c8 WudfPf - ok
17:47:31.0358 0x09c8 WUDFRd - ok
17:47:31.0360 0x09c8 wudfsvc - ok
17:47:31.0362 0x09c8 WUDFWpdFs - ok
17:47:31.0364 0x09c8 WwanSvc - ok
17:47:31.0366 0x09c8 XblAuthManager - ok
17:47:31.0369 0x09c8 XblGameSave - ok
17:47:31.0371 0x09c8 xboxgip - ok
17:47:31.0373 0x09c8 XboxNetApiSvc - ok
17:47:31.0375 0x09c8 xinputhid - ok
17:47:31.0376 0x09c8 ================ Scan global ===============================
17:47:31.0383 0x09c8 [ Global ] - ok
17:47:31.0383 0x09c8 ================ Scan MBR ==================================
17:47:31.0384 0x09c8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:47:31.0422 0x09c8 \Device\Harddisk0\DR0 - ok
17:47:31.0423 0x09c8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:47:31.0613 0x09c8 \Device\Harddisk1\DR1 - ok
17:47:31.0613 0x09c8 ================ Scan VBR ==================================
17:47:31.0617 0x09c8 [ 1C41DC45F4CE112B783CB80A9CC1DFCD ] \Device\Harddisk0\DR0\Partition1
17:47:31.0618 0x09c8 \Device\Harddisk0\DR0\Partition1 - ok
17:47:31.0620 0x09c8 [ 44E36DD635888294EA95BC9BC33F6D61 ] \Device\Harddisk0\DR0\Partition2
17:47:31.0621 0x09c8 \Device\Harddisk0\DR0\Partition2 - ok
17:47:31.0623 0x09c8 [ EBF9AACE2BD2A75891EE7458BCB0C294 ] \Device\Harddisk1\DR1\Partition1
17:47:31.0650 0x09c8 \Device\Harddisk1\DR1\Partition1 - ok
17:47:31.0652 0x09c8 [ 93B233F979503DBFFD1AFF5F7953803F ] \Device\Harddisk1\DR1\Partition2
17:47:31.0690 0x09c8 \Device\Harddisk1\DR1\Partition2 - ok
17:47:31.0691 0x09c8 ================ Scan generic autorun ======================
17:47:31.0889 0x09c8 [ 37C6C318D6AFAFA2EBA99820EDF21DA6, 5693AA141B947761EE41FBDC6F16FDC5BBB5BA8EBE1DEC90AD6EF33BFAF885A5 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:47:32.0029 0x09c8 RTHDVCPL - ok
17:47:32.0040 0x09c8 [ 1E2F9B14D8446286E6BA950EF7E6D54C, 299D025095029A1032DDCD585FE39C51FCBE3892983396A18028C92D58386E3E ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
17:47:32.0041 0x09c8 IAStorIcon - ok
17:47:32.0081 0x09c8 [ E445C0DB7E5E89C657FC89C0C4CCEDE5, ABD7A9B36CFD6740CE06456B152D9EB1856C11CD7FB2A34E06D63BAD0639B2A0 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
17:47:32.0111 0x09c8 NvBackend - ok
17:47:32.0113 0x09c8 ShadowPlay - ok
17:47:32.0321 0x09c8 [ 222A34C1E04D3A8DAF9BA6A0414958FB, 5B32621DD9CAAC79CA798E7E6CA0D9EDD3B36CA87734FB37034B3B451EC9DECC ] C:\Program Files\Logitech Gaming Software\LCore.exe
17:47:32.0474 0x09c8 Launch LCore - ok
17:47:32.0590 0x09c8 [ A97BC7CE8465551393872C6677FA6AF1, DDCF29A0EC321D499AAACE90796E67B0EE351F9303FCD705838E01754C8B657C ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
17:47:32.0671 0x09c8 AvastUI.exe - ok
17:47:32.0687 0x09c8 OneDriveSetup - ok
17:47:32.0688 0x09c8 OneDriveSetup - ok
17:47:32.0698 0x09c8 [ 1F93DAF10BC91666F52FC5B9632C86EB, 3D2AE1090198AAEE7CDB587ED1D2784B9FF4E4B03F4F65BC2F46E28B136F3F01 ] C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe
17:47:32.0704 0x09c8 OneDrive - ok
17:47:32.0705 0x09c8 RESTART_STICKY_NOTES - ok
17:47:32.0706 0x09c8 Skype - ok
17:47:32.0758 0x09c8 [ 928466D2DD5BE2BCDABC6D770E13DA8A, 437CFB67EF43A67575446AA9E818BF372847D399CD8AD505E92401722B088074 ] C:\Program Files (x86)\Gyazo\GyStation.exe
17:47:32.0796 0x09c8 Gyazo - ok
17:47:32.0926 0x09c8 [ CE1DEC053DA24927E89D9AA196D31281, 39DD431CFCD10AA4E176062E33A0262FEE5806E192B37037C97439B1CEF232C8 ] C:\Program Files\CCleaner\CCleaner64.exe
17:47:33.0019 0x09c8 CCleaner Monitoring - ok
17:47:33.0042 0x09c8 [ 44A9229022A519ED45294A1934C05EEC, 6DEF0DB5F9B50E9B0AFEE1CF50066BEB4FB7E15E2DC829A499509925660D6992 ] C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
17:47:33.0053 0x09c8 f.lux - ok
17:47:33.0058 0x09c8 Uninstall C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_2\amd64 - ok
17:47:33.0058 0x09c8 Waiting for KSN requests completion. In queue: 57
17:47:33.0205 0x103c Object required for P2P: [ 501E11AE85EE28D305D228F5931AC76C ] avast! Antivirus
17:47:34.0059 0x09c8 Waiting for KSN requests completion. In queue: 45
17:47:35.0059 0x09c8 Waiting for KSN requests completion. In queue: 45
17:47:35.0776 0x12dc Object required for P2P: [ 928466D2DD5BE2BCDABC6D770E13DA8A ] C:\Program Files (x86)\Gyazo\GyStation.exe
17:47:36.0059 0x09c8 Waiting for KSN requests completion. In queue: 45
17:47:36.0143 0x103c Object send P2P result: true
17:47:36.0143 0x103c Object required for P2P: [ E479F4EB69228EB67F55776D7E962322 ] AvastVBoxSvc
17:47:36.0231 0x1948 Object required for P2P: [ DAF8A50D2CFDFBEA9AE33F0EE5D1AE7B ] nvsvc
17:47:37.0059 0x09c8 Waiting for KSN requests completion. In queue: 33
17:47:38.0060 0x09c8 Waiting for KSN requests completion. In queue: 33
17:47:38.0757 0x12dc Object send P2P result: true
17:47:39.0060 0x09c8 Waiting for KSN requests completion. In queue: 30
17:47:39.0084 0x103c Object send P2P result: true
17:47:39.0226 0x1948 Object send P2P result: true
17:47:39.0229 0x1948 Object required for P2P: [ 37C6C318D6AFAFA2EBA99820EDF21DA6 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:47:40.0061 0x09c8 Waiting for KSN requests completion. In queue: 6
17:47:41.0061 0x09c8 Waiting for KSN requests completion. In queue: 6
17:47:42.0061 0x09c8 Waiting for KSN requests completion. In queue: 6
17:47:42.0252 0x1948 Object send P2P result: true
17:47:42.0252 0x1948 Object required for P2P: [ A97BC7CE8465551393872C6677FA6AF1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
17:47:43.0062 0x09c8 Waiting for KSN requests completion. In queue: 2
17:47:44.0063 0x09c8 Waiting for KSN requests completion. In queue: 2
17:47:45.0063 0x09c8 Waiting for KSN requests completion. In queue: 2
17:47:45.0249 0x1948 Object send P2P result: true
17:47:46.0071 0x09c8 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x60100 ( disabled : updated )
17:47:46.0072 0x09c8 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2253.1653 ), 0x41000 ( enabled : updated )
17:47:46.0074 0x09c8 Win FW state via NFP2: enabled ( trusted )
17:47:48.0681 0x09c8 ============================================================
17:47:48.0681 0x09c8 Scan finished
17:47:48.0681 0x09c8 ============================================================
17:47:48.0703 0x198c Detected object count: 0
17:47:48.0703 0x198c Actual detected object count: 0
17:49:28.0102 0x1810 ============================================================
17:49:28.0102 0x1810 Scan started
17:49:28.0102 0x1810 Mode: Manual; TDLFS;
17:49:28.0102 0x1810 ============================================================
17:49:28.0102 0x1810 KSN ping started
17:49:33.0633 0x1810 KSN ping finished: true
17:49:34.0067 0x1810 ================ Scan system memory ========================
17:49:34.0067 0x1810 System memory - ok
17:49:34.0067 0x1810 ================ Scan services =============================
17:49:34.0114 0x1810 1394ohci - ok
17:49:34.0114 0x1810 3ware - ok
17:49:34.0114 0x1810 ACPI - ok
17:49:34.0130 0x1810 acpiex - ok
17:49:34.0134 0x1810 acpipagr - ok
17:49:34.0136 0x1810 AcpiPmi - ok
17:49:34.0136 0x1810 acpitime - ok
17:49:34.0136 0x1810 [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:49:34.0136 0x1810 AdobeARMservice - ok
17:49:34.0152 0x1810 [ 785FD0E36CA75D90DD50042E2594BC63, 471A5ED43A3E18A5A69C28F7F351558E90F20416D9C532ADF50888808090AE89 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:49:34.0152 0x1810 AdobeFlashPlayerUpdateSvc - ok
17:49:34.0152 0x1810 ADP80XX - ok
17:49:34.0167 0x1810 AFD - ok
17:49:34.0167 0x1810 agp440 - ok
17:49:34.0167 0x1810 ahcache - ok
17:49:34.0167 0x1810 AJRouter - ok
17:49:34.0167 0x1810 ALG - ok
17:49:34.0167 0x1810 AmdK8 - ok
17:49:34.0167 0x1810 AmdPPM - ok
17:49:34.0167 0x1810 amdsata - ok
17:49:34.0183 0x1810 amdsbs - ok
17:49:34.0183 0x1810 amdxata - ok
17:49:34.0183 0x1810 AppID - ok
17:49:34.0183 0x1810 AppIDSvc - ok
17:49:34.0183 0x1810 Appinfo - ok
17:49:34.0183 0x1810 AppReadiness - ok
17:49:34.0183 0x1810 AppXSvc - ok
17:49:34.0183 0x1810 arcsas - ok
17:49:34.0199 0x1810 [ E1AFEE1584C74050DE0DD16DE2A54BF3, 77C8D98159D8BCDC7917B04977949823D50C49D0D13587310E060A4B8893AE42 ] AsrAppCharger   C:\WINDOWS\system32\DRIVERS\AsrAppCharger.sys
17:49:34.0199 0x1810 AsrAppCharger - ok
17:49:34.0199 0x1810 [ 75D6C3469347DE1CDFA3B1B9F1544208, 2AA1B08F47FBB1E2BD2E4A492F5D616968E703E1359A921F62B38B8E4662F0C4 ] AsrAutoChkUpdDrv C:\WINDOWS\SysWOW64\Drivers\AsrAutoChkUpdDrv.sys
17:49:34.0199 0x1810 AsrAutoChkUpdDrv - ok
17:49:34.0199 0x1810 [ 7E66DFE6B62C6C34FD6B09DB6169E9F6, BCE908BBF35FD9471018BFC9DCE357529F558693692FF51DA868024F7FD0E868 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
17:49:34.0199 0x1810 aswHwid - ok
17:49:34.0199 0x1810 [ 259ABA699202DCE45815128D7BEAE41E, D42C190212D8B41DCD56331E7C94AB2E57E3BE0A55056FDA715339E13F55B0CC ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
17:49:34.0199 0x1810 aswMonFlt - ok
17:49:34.0214 0x1810 [ 0866D5FE02D614501B7B4AD5E1BC7B53, C34B4AF64DA9592EADC070C7A384070D564DCE3412337F671932A4818D8E12E8 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
17:49:34.0214 0x1810 aswRdr - ok
17:49:34.0214 0x1810 [ 0AA12ADF5F87B4A70BDBAED77F54B978, 2C33F656EC2E51493A40FF32A5C934E209CF1475A8B0F3573396E97F8A10A76A ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
17:49:34.0214 0x1810 aswRvrt - ok
17:49:34.0236 0x1810 [ C445C4459ADC7A04E02D4646980515FC, 231BAA4D0B3F5B8EDE9ED849B0D192E8BB12FAB8AAB60FD8224EB96E41924A51 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
17:49:34.0236 0x1810 aswSnx - ok
17:49:34.0252 0x1810 [ 6538FDD733D155F901913D3C09C618CB, 253B1ED73647BD9EC558E5CCAE7277AE5F97DB4514DB6467A5A9A2947F8C057F ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
17:49:34.0252 0x1810 aswSP - ok
17:49:34.0267 0x1810 [ 219D0E2348629FAE4E6E3478C21B23D6, 3545F59A966F31CE949596629217FD4D7119162411073D4D811575620728AC68 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
17:49:34.0267 0x1810 aswStm - ok
17:49:34.0267 0x1810 [ 9949BBD5BB70C4D317B7549896132579, DD92AAD8530C04365C24BD540C909FBDCFC92B18CB6ABB0E655F360EBC4DCD1E ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
17:49:34.0267 0x1810 aswVmm - ok
17:49:34.0283 0x1810 AsyncMac - ok
17:49:34.0283 0x1810 atapi - ok
17:49:34.0283 0x1810 AudioEndpointBuilder - ok
17:49:34.0283 0x1810 Audiosrv - ok
17:49:34.0283 0x1810 [ 501E11AE85EE28D305D228F5931AC76C, FB7052CFA143E5D431131EBB59D4EDAEEFCB56A017552E2395F1954F861613A0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:49:34.0299 0x1810 avast! Antivirus - ok
17:49:34.0299 0x1810 Object required for P2P: [ 501E11AE85EE28D305D228F5931AC76C ] avast! Antivirus
17:49:37.0242 0x1810 Object send P2P result: true
17:49:37.0358 0x1810 [ E479F4EB69228EB67F55776D7E962322, B4D7237C4523603531BF2AE2CDC0297262C92D4EFAF0FB138A4D713BE8E71978 ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
17:49:37.0420 0x1810 AvastVBoxSvc - ok
17:49:37.0420 0x1810 Object required for P2P: [ E479F4EB69228EB67F55776D7E962322 ] AvastVBoxSvc
17:49:40.0379 0x1810 Object send P2P result: true
17:49:40.0395 0x1810 AxInstSV - ok
17:49:40.0395 0x1810 b06bdrv - ok
17:49:40.0410 0x1810 BasicDisplay - ok
17:49:40.0410 0x1810 BasicRender - ok
17:49:40.0410 0x1810 bcmfn - ok
17:49:40.0410 0x1810 bcmfn2 - ok
17:49:40.0426 0x1810 BDESVC - ok
17:49:40.0426 0x1810 Beep - ok
17:49:40.0438 0x1810 BFE - ok
17:49:40.0441 0x1810 BITS - ok
17:49:40.0442 0x1810 bowser - ok
17:49:40.0444 0x1810 BrokerInfrastructure - ok
17:49:40.0446 0x1810 Browser - ok
17:49:40.0448 0x1810 BthAvrcpTg - ok
17:49:40.0450 0x1810 BthHFEnum - ok
17:49:40.0452 0x1810 bthhfhid - ok
17:49:40.0454 0x1810 BthHFSrv - ok
17:49:40.0457 0x1810 BTHMODEM - ok
17:49:40.0460 0x1810 bthserv - ok
17:49:40.0463 0x1810 buttonconverter - ok
17:49:40.0465 0x1810 CapImg - ok
17:49:40.0467 0x1810 cdfs - ok
17:49:40.0470 0x1810 CDPSvc - ok
17:49:40.0472 0x1810 cdrom - ok
17:49:40.0474 0x1810 CertPropSvc - ok
17:49:40.0476 0x1810 circlass - ok
17:49:40.0478 0x1810 CLFS - ok
17:49:40.0480 0x1810 ClipSVC - ok
17:49:40.0486 0x1810 CmBatt - ok
17:49:40.0489 0x1810 CNG - ok
17:49:40.0492 0x1810 cnghwassist - ok
17:49:40.0501 0x1810 CompositeBus - ok
17:49:40.0503 0x1810 COMSysApp - ok
17:49:40.0505 0x1810 condrv - ok
17:49:40.0508 0x1810 CoreMessagingRegistrar - ok
17:49:40.0512 0x1810 CryptSvc - ok
17:49:40.0514 0x1810 dam - ok
17:49:40.0517 0x1810 DcomLaunch - ok
17:49:40.0520 0x1810 DcpSvc - ok
17:49:40.0523 0x1810 defragsvc - ok
17:49:40.0525 0x1810 DeviceAssociationService - ok
17:49:40.0531 0x1810 DeviceInstall - ok
17:49:40.0534 0x1810 DevQueryBroker - ok
17:49:40.0537 0x1810 Dfsc - ok
17:49:40.0540 0x1810 Dhcp - ok
17:49:40.0543 0x1810 diagnosticshub.standardcollector.service - ok
17:49:40.0545 0x1810 DiagTrack - ok
17:49:40.0548 0x1810 disk - ok
17:49:40.0550 0x1810 DmEnrollmentSvc - ok
17:49:40.0552 0x1810 dmvsc - ok
17:49:40.0554 0x1810 dmwappushservice - ok
17:49:40.0556 0x1810 Dnscache - ok
17:49:40.0559 0x1810 dot3svc - ok
17:49:40.0561 0x1810 DPS - ok
17:49:40.0563 0x1810 drmkaud - ok
17:49:40.0566 0x1810 DsmSvc - ok
17:49:40.0568 0x1810 DsSvc - ok
17:49:40.0570 0x1810 DXGKrnl - ok
17:49:40.0582 0x1810 [ 3395BEE2C5CFD2E3DB1206E3AA4F8E2D, 4957D271A8ACCE0BB33AE28891BDB659430F785C30599AF2CC9A49580EC865B0 ] e1dexpress      C:\WINDOWS\system32\DRIVERS\e1d65x64.sys
17:49:40.0588 0x1810 e1dexpress - ok
17:49:40.0590 0x1810 Eaphost - ok
17:49:40.0592 0x1810 ebdrv - ok
17:49:40.0594 0x1810 EFS - ok
17:49:40.0595 0x1810 EhStorClass - ok
17:49:40.0597 0x1810 EhStorTcgDrv - ok
17:49:40.0600 0x1810 embeddedmode - ok
17:49:40.0602 0x1810 EntAppSvc - ok
17:49:40.0603 0x1810 ErrDev - ok
17:49:40.0607 0x1810 EventSystem - ok
17:49:40.0609 0x1810 exfat - ok
17:49:40.0610 0x1810 fastfat - ok
17:49:40.0613 0x1810 Fax - ok
17:49:40.0615 0x1810 fdc - ok
17:49:40.0618 0x1810 fdPHost - ok
17:49:40.0620 0x1810 FDResPub - ok
17:49:40.0624 0x1810 fhsvc - ok
17:49:40.0627 0x1810 FileCrypt - ok
17:49:40.0630 0x1810 FileInfo - ok
17:49:40.0634 0x1810 Filetrace - ok
17:49:40.0636 0x1810 flpydisk - ok
17:49:40.0638 0x1810 FltMgr - ok
17:49:40.0640 0x1810 FontCache - ok
17:49:40.0644 0x1810 FontCache3.0.0.0 - ok
17:49:40.0647 0x1810 FsDepends - ok
17:49:40.0649 0x1810 Fs_Rec - ok
17:49:40.0651 0x1810 fvevol - ok
17:49:40.0653 0x1810 gagp30kx - ok
17:49:40.0655 0x1810 gencounter - ok
17:49:40.0657 0x1810 genericusbfn - ok
17:49:40.0678 0x1810 [ 061CC5C12C39899D7398CFEBFD19F69F, 62319596863A74665FA801C305C952A0F20AAA0F1CDC2195F2F69D662790C80B ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
17:49:40.0692 0x1810 GfExperienceService - ok
17:49:40.0695 0x1810 GPIOClx0101 - ok
17:49:40.0698 0x1810 gpsvc - ok
17:49:40.0701 0x1810 GpuEnergyDrv - ok
17:49:40.0703 0x1810 HDAudBus - ok
17:49:40.0706 0x1810 HidBatt - ok
17:49:40.0708 0x1810 HidBth - ok
17:49:40.0710 0x1810 hidi2c - ok
17:49:40.0713 0x1810 hidinterrupt - ok
17:49:40.0714 0x1810 HidIr - ok
17:49:40.0717 0x1810 hidserv - ok
17:49:40.0720 0x1810 HidUsb - ok
17:49:40.0722 0x1810 HomeGroupListener - ok
17:49:40.0725 0x1810 HomeGroupProvider - ok
17:49:40.0727 0x1810 HpSAMD - ok
17:49:40.0729 0x1810 HTTP - ok
17:49:40.0732 0x1810 hwpolicy - ok
17:49:40.0735 0x1810 hyperkbd - ok
17:49:40.0737 0x1810 i8042prt - ok
17:49:40.0739 0x1810 iai2c - ok
17:49:40.0741 0x1810 iaLPSS2i_I2C - ok
17:49:40.0744 0x1810 iaLPSSi_GPIO - ok
17:49:40.0746 0x1810 iaLPSSi_I2C - ok
17:49:40.0770 0x1810 [ 4A01E920E5D5B822B13351EA66F55999, ACEBB894D42E7626F481521FCA599F65D951ECC8A517A41A827061278DD82FE6 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
17:49:40.0787 0x1810 iaStorA - ok
17:49:40.0790 0x1810 iaStorAV - ok
17:49:40.0794 0x1810 [ 14E3DB5ADA7E2187A404129F4E5CE336, 5925C8E9DC00A6C682D6A3B37C6EBF2C325D37C8E4BF584F0B5AAC5A7B666E47 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
17:49:40.0794 0x1810 IAStorDataMgrSvc - ok
17:49:40.0796 0x1810 iaStorV - ok
17:49:40.0798 0x1810 ibbus - ok
17:49:40.0802 0x1810 icssvc - ok
17:49:40.0804 0x1810 IEEtwCollectorService - ok
17:49:40.0806 0x1810 IKEEXT - ok
17:49:40.0863 0x1810 [ 01262E2BE97708F54666E700482027DE, 7643FCFB6EBFABDD7D1A914C40FADE97DDC633C5D75BE2CADBAC61675564E5CD ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
17:49:40.0908 0x1810 IntcAzAudAddService - ok
17:49:40.0919 0x1810 [ 03CD3245E52C8A87E3B14832DC8A6A7D, C2AAB4E754479F0AA0AE86D51E721E5A11624681D5EC823E25E460EE146E70E9 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
17:49:40.0924 0x1810 Intel® PROSet Monitoring Service - ok
17:49:40.0926 0x1810 intelide - ok
17:49:40.0927 0x1810 intelpep - ok
17:49:40.0929 0x1810 intelppm - ok
17:49:40.0931 0x1810 IoQos - ok
17:49:40.0932 0x1810 IpFilterDriver - ok
17:49:40.0935 0x1810 iphlpsvc - ok
17:49:40.0936 0x1810 IPMIDRV - ok
17:49:40.0938 0x1810 IPNAT - ok
17:49:40.0940 0x1810 IRENUM - ok
17:49:40.0942 0x1810 isapnp - ok
17:49:40.0944 0x1810 iScsiPrt - ok
17:49:40.0946 0x1810 kbdclass - ok
17:49:40.0948 0x1810 kbdhid - ok
17:49:40.0951 0x1810 kdnic - ok
17:49:40.0953 0x1810 KeyIso - ok
17:49:40.0954 0x1810 KSecDD - ok
17:49:40.0957 0x1810 KSecPkg - ok
17:49:40.0959 0x1810 ksthunk - ok
17:49:40.0961 0x1810 KtmRm - ok
17:49:40.0963 0x1810 LanmanServer - ok
17:49:40.0965 0x1810 LanmanWorkstation - ok
17:49:40.0969 0x1810 lfsvc - ok
17:49:40.0972 0x1810 [ 17325C9B9ADB2BB99049936D0C9812C8, 70ADDC85FD5757BC9C4B97F382B25A19851FF8275021FFC04A81E208A604F83E ] LGBusEnum       C:\WINDOWS\system32\drivers\LGBusEnum.sys
17:49:40.0972 0x1810 LGBusEnum - ok
17:49:40.0975 0x1810 [ 2D7F1C02B94D6F0F3E10107E5EA8E141, 93B266F38C3C3EAAB475D81597ABBD7CC07943035068BB6FD670DBBE15DE0131 ] LGCoreTemp      C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
17:49:40.0975 0x1810 LGCoreTemp - ok
17:49:40.0978 0x1810 [ C7AF05942E041D4B1F345ACF79993BB3, E8FAAE356C99A11F6CF17640FD9C67F87AFBFEFB70C458CB85178F2AD94DF848 ] LGJoyXlCore     C:\WINDOWS\system32\drivers\LGJoyXlCore.sys
17:49:40.0980 0x1810 LGJoyXlCore - ok
17:49:40.0982 0x1810 [ 07B1C1927BAE6431D3DFB1816DF05BBA, 9B296F6E801D14CE89F5E3EA9B3962EE99E1D3E22077D075F5B0EE4FE3CAB65E ] lgLowAudio      C:\WINDOWS\system32\drivers\lgLowAudio.sys
17:49:40.0983 0x1810 lgLowAudio - ok
17:49:40.0985 0x1810 [ 1DDB8DE3D6EEF31EDCF4977B2D2FAACC, 24291B522A596E2D9A1CDAC192DB1C7422D5DD0E87E5C8A5F5E2CAA90296BF23 ] LGVirHid        C:\WINDOWS\system32\drivers\LGVirHid.sys
17:49:40.0986 0x1810 LGVirHid - ok
17:49:40.0988 0x1810 LicenseManager - ok
17:49:40.0989 0x1810 lltdio - ok
17:49:40.0991 0x1810 lltdsvc - ok
17:49:40.0993 0x1810 lmhosts - ok
17:49:40.0997 0x1810 [ 6A854F3F93AAE34005A3C2EB21B2256C, 71FF43EEFAB7FD9E79C75E5E78F813FEF6F4E906CC52A8A7EFEF3E64C3D96A1F ] LogiRegistryService C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
17:49:41.0000 0x1810 LogiRegistryService - ok
17:49:41.0003 0x1810 LSI_SAS - ok
17:49:41.0005 0x1810 LSI_SAS2i - ok
17:49:41.0006 0x1810 LSI_SAS3i - ok
17:49:41.0008 0x1810 LSI_SSS - ok
17:49:41.0010 0x1810 LSM - ok
17:49:41.0012 0x1810 luafv - ok
17:49:41.0013 0x1810 MapsBroker - ok
17:49:41.0016 0x1810 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:49:41.0017 0x1810 MBAMProtector - ok
17:49:41.0035 0x1810 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
17:49:41.0048 0x1810 MBAMService - ok
17:49:41.0052 0x1810 [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520DE214081696B05 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
17:49:41.0053 0x1810 MBAMWebAccessControl - ok
17:49:41.0055 0x1810 megasas - ok
17:49:41.0057 0x1810 megasr - ok
17:49:41.0062 0x1810 [ 5AC258A5845A72B91C675F44050058B2, 69D298B5774F299DE2EECF7B9238BFD36CDC0BAFB167FD0927398E4A89A5D63B ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
17:49:41.0064 0x1810 MEIx64 - ok
17:49:41.0067 0x1810 MessagingService - ok
17:49:41.0071 0x1810 mlx4_bus - ok
17:49:41.0073 0x1810 MMCSS - ok
17:49:41.0075 0x1810 Modem - ok
17:49:41.0077 0x1810 monitor - ok
17:49:41.0079 0x1810 mouclass - ok
17:49:41.0081 0x1810 mouhid - ok
17:49:41.0083 0x1810 mountmgr - ok
17:49:41.0088 0x1810 [ 5961C5D8EDD2E2A3B99F1782AE1AC21F, C383A4724A335737C4C7C3211AFCFB82D373267EC634BC47EE078A1C66E1F62A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:49:41.0090 0x1810 MozillaMaintenance - ok
17:49:41.0092 0x1810 mpsdrv - ok
17:49:41.0094 0x1810 MpsSvc - ok
17:49:41.0096 0x1810 MRxDAV - ok
17:49:41.0098 0x1810 mrxsmb - ok
17:49:41.0099 0x1810 mrxsmb10 - ok
17:49:41.0101 0x1810 mrxsmb20 - ok
17:49:41.0103 0x1810 MsBridge - ok
17:49:41.0105 0x1810 MSDTC - ok
17:49:41.0109 0x1810 Msfs - ok
17:49:41.0111 0x1810 msgpiowin32 - ok
17:49:41.0113 0x1810 mshidkmdf - ok
17:49:41.0115 0x1810 mshidumdf - ok
17:49:41.0117 0x1810 msisadrv - ok
17:49:41.0119 0x1810 MSiSCSI - ok
17:49:41.0121 0x1810 msiserver - ok
17:49:41.0122 0x1810 MSKSSRV - ok
17:49:41.0124 0x1810 MsLldp - ok
17:49:41.0126 0x1810 MSPCLOCK - ok
17:49:41.0128 0x1810 MSPQM - ok
17:49:41.0130 0x1810 MsRPC - ok
17:49:41.0132 0x1810 mssmbios - ok
17:49:41.0135 0x1810 MSTEE - ok
17:49:41.0137 0x1810 MTConfig - ok
17:49:41.0139 0x1810 Mup - ok
17:49:41.0140 0x1810 mvumis - ok
17:49:41.0143 0x1810 NativeWifiP - ok
17:49:41.0145 0x1810 NcaSvc - ok
17:49:41.0147 0x1810 NcbService - ok
17:49:41.0149 0x1810 NcdAutoSetup - ok
17:49:41.0151 0x1810 ndfltr - ok
17:49:41.0154 0x1810 NDIS - ok
17:49:41.0156 0x1810 NdisCap - ok
17:49:41.0157 0x1810 NdisImPlatform - ok
17:49:41.0159 0x1810 NdisTapi - ok
17:49:41.0162 0x1810 Ndisuio - ok
17:49:41.0164 0x1810 NdisVirtualBus - ok
17:49:41.0167 0x1810 NdisWan - ok
17:49:41.0169 0x1810 ndiswanlegacy - ok
17:49:41.0170 0x1810 ndproxy - ok
17:49:41.0172 0x1810 Ndu - ok
17:49:41.0174 0x1810 NetBIOS - ok
17:49:41.0177 0x1810 NetBT - ok
17:49:41.0179 0x1810 Netlogon - ok
17:49:41.0181 0x1810 Netman - ok
17:49:41.0183 0x1810 netprofm - ok
17:49:41.0185 0x1810 NetSetupSvc - ok
17:49:41.0188 0x1810 NetTcpPortSharing - ok
17:49:41.0191 0x1810 NgcCtnrSvc - ok
17:49:41.0193 0x1810 NgcSvc - ok
17:49:41.0197 0x1810 [ 2F6ABF6376803BAB4E9F4E7D8E2FF84F, 6B60D6BD08E53B3ECF2B604C3169955EF7A22717446B3771A216A000F1D9D54A ] ngvss           C:\WINDOWS\system32\drivers\ngvss.sys
17:49:41.0199 0x1810 ngvss - ok
17:49:41.0201 0x1810 NlaSvc - ok
17:49:41.0203 0x1810 Npfs - ok
17:49:41.0205 0x1810 npggsvc - ok
17:49:41.0207 0x1810 npsvctrig - ok
17:49:41.0210 0x1810 nsi - ok
17:49:41.0212 0x1810 nsiproxy - ok
17:49:41.0215 0x1810 NTFS - ok
17:49:41.0218 0x1810 Null - ok
17:49:41.0223 0x1810 [ D812362E8AF615B521AD4DF19A93BD5A, B1F04122DFE9FCC3FC56BE327D86912D624C89F2EFB9684BE66FC22115D0E19F ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
17:49:41.0225 0x1810 NVHDA - ok
17:49:41.0396 0x1810 [ 2C5C31D18A238768346B896DCE154DBF, A6CD62787B1D57EE63A75B61063B0FEB2193571DF20845F52F6DBF42DC6C6110 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
17:49:41.0539 0x1810 nvlddmkm - ok
17:49:41.0578 0x1810 [ 1E3277F1C9F62F90488D02869A9522B7, 464870ACE9BDF7A6A9C46701209BEED5C33454CFF44CDABEAF871E06F23FEF17 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
17:49:41.0600 0x1810 NvNetworkService - ok
17:49:41.0603 0x1810 nvraid - ok
17:49:41.0604 0x1810 nvstor - ok
17:49:41.0607 0x1810 [ 59A8DE923619F3DC0C6C63DC33FB231E, 29D20EA3EB9599DE829A0630F2063D5DFD2263E9222CD4E3559725792D1454A5 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
17:49:41.0607 0x1810 NvStreamKms - ok
17:49:41.0698 0x1810 [ 9B4B3747C6756F49B986398A46EC1FE0, D0A25F07CBFB39B86DCB148A2EC8F01FDDD9B6D994418C54F49AA2B782CE9811 ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
17:49:41.0774 0x1810 NvStreamNetworkSvc - ok
17:49:41.0849 0x1810 [ 266512CCC3B2E195CDE3A7A2C98A353A, DCB6C88A32FE3EE11D4FF242DE6E52B3C576C2EA4E4A5A245B4451CDEDCE94B0 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
17:49:41.0903 0x1810 NvStreamSvc - ok
17:49:41.0928 0x1810 [ DAF8A50D2CFDFBEA9AE33F0EE5D1AE7B, C72B9FEC5354ED38F0CB08ACE64811307B97154B518EF618EA04F6E48376C5BE ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
17:49:41.0947 0x1810 nvsvc - ok
17:49:41.0948 0x1810 Object required for P2P: [ DAF8A50D2CFDFBEA9AE33F0EE5D1AE7B ] nvsvc
17:49:44.0954 0x1810 Object send P2P result: true
17:49:44.0964 0x1810 [ 64E8275CEAD43D3CA8E3A311B2F4B64A, 99E683890B9AF3243100B387317760B5F91745EF9F7FF2ABA2DC7B6551A6EAB6 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
17:49:44.0967 0x1810 nvvad_WaveExtensible - ok
17:49:44.0972 0x1810 nv_agp - ok
17:49:44.0981 0x1810 OneSyncSvc - ok
17:49:44.0990 0x1810 p2pimsvc - ok
17:49:44.0997 0x1810 p2psvc - ok
17:49:45.0001 0x1810 Parport - ok
17:49:45.0004 0x1810 partmgr - ok
17:49:45.0007 0x1810 PcaSvc - ok
17:49:45.0010 0x1810 pci - ok
17:49:45.0013 0x1810 pciide - ok
17:49:45.0016 0x1810 pcmcia - ok
17:49:45.0018 0x1810 pcw - ok
17:49:45.0021 0x1810 pdc - ok
17:49:45.0026 0x1810 PEAUTH - ok
17:49:45.0029 0x1810 percsas2i - ok
17:49:45.0031 0x1810 percsas3i - ok
17:49:45.0040 0x1810 PerfHost - ok
17:49:45.0045 0x1810 PhoneSvc - ok
17:49:45.0046 0x1810 PimIndexMaintenanceSvc - ok
17:49:45.0050 0x1810 pla - ok
17:49:45.0052 0x1810 PlugPlay - ok
17:49:45.0054 0x1810 PNRPAutoReg - ok
17:49:45.0055 0x1810 PNRPsvc - ok
17:49:45.0058 0x1810 PolicyAgent - ok
17:49:45.0061 0x1810 Power - ok
17:49:45.0063 0x1810 PptpMiniport - ok
17:49:45.0111 0x1810 [ 959F94AD1255BC749884EDDD14EC29C4, 2CD6DA9778EA36FA0B4080F6DB1C634712238E014E47546403CD3CDB35A1DCA8 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
17:49:45.0148 0x1810 PrintNotify - ok
17:49:45.0155 0x1810 Processor - ok
17:49:45.0157 0x1810 ProfSvc - ok
17:49:45.0159 0x1810 Psched - ok
17:49:45.0162 0x1810 QWAVE - ok
17:49:45.0163 0x1810 QWAVEdrv - ok
17:49:45.0165 0x1810 RasAcd - ok
17:49:45.0167 0x1810 RasAgileVpn - ok
17:49:45.0169 0x1810 RasAuto - ok
17:49:45.0170 0x1810 Rasl2tp - ok
17:49:45.0173 0x1810 RasMan - ok
17:49:45.0176 0x1810 RasPppoe - ok
17:49:45.0178 0x1810 RasSstp - ok
17:49:45.0180 0x1810 rdbss - ok
17:49:45.0183 0x1810 rdpbus - ok
17:49:45.0185 0x1810 RDPDR - ok
17:49:45.0188 0x1810 RdpVideoMiniport - ok
17:49:45.0190 0x1810 rdyboost - ok
17:49:45.0194 0x1810 ReFSv1 - ok
17:49:45.0195 0x1810 RemoteAccess - ok
17:49:45.0197 0x1810 RemoteRegistry - ok
17:49:45.0199 0x1810 RetailDemo - ok
17:49:45.0201 0x1810 RpcEptMapper - ok
17:49:45.0203 0x1810 RpcLocator - ok
17:49:45.0205 0x1810 RpcSs - ok
17:49:45.0207 0x1810 rspndr - ok
17:49:45.0210 0x1810 s3cap - ok
17:49:45.0212 0x1810 SamSs - ok
17:49:45.0214 0x1810 sbp2port - ok
17:49:45.0216 0x1810 SCardSvr - ok
17:49:45.0218 0x1810 ScDeviceEnum - ok
17:49:45.0220 0x1810 scfilter - ok
17:49:45.0223 0x1810 Schedule - ok
17:49:45.0226 0x1810 SCPolicySvc - ok
17:49:45.0228 0x1810 sdbus - ok
17:49:45.0234 0x1810 SDRSVC - ok
17:49:45.0238 0x1810 sdstor - ok
17:49:45.0241 0x1810 seclogon - ok
17:49:45.0244 0x1810 SENS - ok
17:49:45.0246 0x1810 SensorDataService - ok
17:49:45.0249 0x1810 SensorService - ok
17:49:45.0251 0x1810 SensrSvc - ok
17:49:45.0254 0x1810 SerCx - ok
17:49:45.0256 0x1810 SerCx2 - ok
17:49:45.0258 0x1810 Serenum - ok
17:49:45.0261 0x1810 Serial - ok
17:49:45.0263 0x1810 sermouse - ok
17:49:45.0269 0x1810 SessionEnv - ok
17:49:45.0272 0x1810 sfloppy - ok
17:49:45.0275 0x1810 SharedAccess - ok
17:49:45.0277 0x1810 ShellHWDetection - ok
17:49:45.0279 0x1810 SiSRaid2 - ok
17:49:45.0282 0x1810 SiSRaid4 - ok
17:49:45.0289 0x1810 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
17:49:45.0293 0x1810 SkypeUpdate - ok
17:49:45.0295 0x1810 smphost - ok
17:49:45.0297 0x1810 SmsRouter - ok
17:49:45.0302 0x1810 SNMPTRAP - ok
17:49:45.0308 0x1810 spaceport - ok
17:49:45.0310 0x1810 SpbCx - ok
17:49:45.0313 0x1810 Spooler - ok
17:49:45.0315 0x1810 sppsvc - ok
17:49:45.0317 0x1810 srv - ok
17:49:45.0319 0x1810 srv2 - ok
17:49:45.0321 0x1810 srvnet - ok
17:49:45.0324 0x1810 SSDPSRV - ok
17:49:45.0326 0x1810 SstpSvc - ok
17:49:45.0329 0x1810 StateRepository - ok
17:49:45.0345 0x1810 [ 591249EA969797C2A24629AF7C71A6F8, 61F28FB495657916514DE2A7FFD4AD833A1B2BBA5591616BE0C9CCD7DAFA40B7 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
17:49:45.0355 0x1810 Steam Client Service - ok
17:49:45.0363 0x1810 [ 361FCD486D585F388B576E48D11157B2, D14B73976F46ADAC70A08B07B0A25928D25DBC808CFC6297C3E45077749C1758 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:49:45.0368 0x1810 Stereo Service - ok
17:49:45.0370 0x1810 stexstor - ok
17:49:45.0372 0x1810 stisvc - ok
17:49:45.0374 0x1810 storahci - ok
17:49:45.0376 0x1810 storflt - ok
17:49:45.0379 0x1810 stornvme - ok
17:49:45.0381 0x1810 storqosflt - ok
17:49:45.0384 0x1810 StorSvc - ok
17:49:45.0387 0x1810 storufs - ok
17:49:45.0389 0x1810 storvsc - ok
17:49:45.0391 0x1810 svsvc - ok
17:49:45.0393 0x1810 swenum - ok
17:49:45.0396 0x1810 swprv - ok
17:49:45.0398 0x1810 Synth3dVsc - ok
17:49:45.0400 0x1810 SysMain - ok
17:49:45.0402 0x1810 SystemEventsBroker - ok
17:49:45.0404 0x1810 TabletInputService - ok
17:49:45.0406 0x1810 TapiSrv - ok
17:49:45.0408 0x1810 Tcpip - ok
17:49:45.0410 0x1810 Tcpip6 - ok
17:49:45.0412 0x1810 tcpipreg - ok
17:49:45.0415 0x1810 tdx - ok
17:49:45.0417 0x1810 terminpt - ok
17:49:45.0419 0x1810 TermService - ok
17:49:45.0421 0x1810 Themes - ok
17:49:45.0423 0x1810 TieringEngineService - ok
17:49:45.0426 0x1810 tiledatamodelsvc - ok
17:49:45.0428 0x1810 TimeBroker - ok
17:49:45.0430 0x1810 TPM - ok
17:49:45.0432 0x1810 TrkWks - ok
17:49:45.0435 0x1810 [ 0C997B061E3C66BD9E927C1288EB1CC7, 3807E9A1BC159B9E8FC0C7CAAD10D7213FF8ED8AD1CEA9EA552B093C81BF624B ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
17:49:45.0436 0x1810 TrueSight - ok
17:49:45.0438 0x1810 TrustedInstaller - ok
17:49:45.0441 0x1810 tsusbflt - ok
17:49:45.0443 0x1810 TsUsbGD - ok
17:49:45.0445 0x1810 tunnel - ok
17:49:45.0448 0x1810 tzautoupdate - ok
17:49:45.0450 0x1810 uagp35 - ok
17:49:45.0451 0x1810 UASPStor - ok
17:49:45.0454 0x1810 UcmCx0101 - ok
17:49:45.0455 0x1810 UcmUcsi - ok
17:49:45.0457 0x1810 Ucx01000 - ok
17:49:45.0461 0x1810 UdeCx - ok
17:49:45.0463 0x1810 udfs - ok
17:49:45.0464 0x1810 UEFI - ok
17:49:45.0466 0x1810 Ufx01000 - ok
17:49:45.0469 0x1810 UfxChipidea - ok
17:49:45.0470 0x1810 ufxsynopsys - ok
17:49:45.0475 0x1810 UI0Detect - ok
17:49:45.0477 0x1810 uliagpkx - ok
17:49:45.0480 0x1810 umbus - ok
17:49:45.0482 0x1810 UmPass - ok
17:49:45.0484 0x1810 UmRdpService - ok
17:49:45.0486 0x1810 UnistoreSvc - ok
17:49:45.0489 0x1810 upnphost - ok
17:49:45.0491 0x1810 UrsChipidea - ok
17:49:45.0494 0x1810 UrsCx01000 - ok
17:49:45.0498 0x1810 UrsSynopsys - ok
17:49:45.0500 0x1810 usbaudio - ok
17:49:45.0502 0x1810 usbccgp - ok
17:49:45.0504 0x1810 usbcir - ok
17:49:45.0506 0x1810 usbehci - ok
17:49:45.0508 0x1810 usbhub - ok
17:49:45.0510 0x1810 USBHUB3 - ok
17:49:45.0511 0x1810 usbohci - ok
17:49:45.0513 0x1810 usbprint - ok
17:49:45.0515 0x1810 usbser - ok
17:49:45.0517 0x1810 USBSTOR - ok
17:49:45.0519 0x1810 usbuhci - ok
17:49:45.0521 0x1810 USBXHCI - ok
17:49:45.0523 0x1810 UserDataSvc - ok
17:49:45.0527 0x1810 UserManager - ok
17:49:45.0531 0x1810 UsoSvc - ok
17:49:45.0531 0x1810 VaultSvc - ok
17:49:45.0541 0x1810 [ EE639C5EAC1186B6ACF0FABD243F3E29, F80128BEE028BB274EE11401915DDABD033E0B8AEDCDDE426CBA00BD4B1278E5 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
17:49:45.0545 0x1810 VBoxAswDrv - ok
17:49:45.0547 0x1810 vdrvroot - ok
17:49:45.0549 0x1810 vds - ok
17:49:45.0551 0x1810 VerifierExt - ok
17:49:45.0553 0x1810 vhdmp - ok
17:49:45.0555 0x1810 vhf - ok
17:49:45.0556 0x1810 vmbus - ok
17:49:45.0559 0x1810 VMBusHID - ok
17:49:45.0562 0x1810 vmicguestinterface - ok
17:49:45.0564 0x1810 vmicheartbeat - ok
17:49:45.0566 0x1810 vmickvpexchange - ok
17:49:45.0568 0x1810 vmicrdv - ok
17:49:45.0570 0x1810 vmicshutdown - ok
17:49:45.0572 0x1810 vmictimesync - ok
17:49:45.0573 0x1810 vmicvmsession - ok
17:49:45.0576 0x1810 vmicvss - ok
17:49:45.0577 0x1810 volmgr - ok
17:49:45.0579 0x1810 volmgrx - ok
17:49:45.0581 0x1810 volsnap - ok
17:49:45.0584 0x1810 vpci - ok
17:49:45.0585 0x1810 vsmraid - ok
17:49:45.0587 0x1810 VSS - ok
17:49:45.0589 0x1810 VSTXRAID - ok
17:49:45.0592 0x1810 vwifibus - ok
17:49:45.0594 0x1810 vwififlt - ok
17:49:45.0596 0x1810 W32Time - ok
17:49:45.0598 0x1810 WacomPen - ok
17:49:45.0600 0x1810 WalletService - ok
17:49:45.0603 0x1810 wanarp - ok
17:49:45.0605 0x1810 wanarpv6 - ok
17:49:45.0606 0x1810 wbengine - ok
17:49:45.0609 0x1810 WbioSrvc - ok
17:49:45.0611 0x1810 Wcmsvc - ok
17:49:45.0612 0x1810 wcncsvc - ok
17:49:45.0614 0x1810 WcsPlugInService - ok
17:49:45.0616 0x1810 WdBoot - ok
17:49:45.0618 0x1810 [ A556768CC1FA4F36022BEE2F0EDE2566, 3A4BC9DE614F43CD94FA354A565C66B2E1E36C0608D84C6288010B97B9D811AA ] WDC_SAM         C:\WINDOWS\System32\drivers\wdcsam64.sys
17:49:45.0620 0x1810 WDC_SAM - ok
17:49:45.0621 0x1810 Wdf01000 - ok
17:49:45.0623 0x1810 WdFilter - ok
17:49:45.0626 0x1810 WdiServiceHost - ok
17:49:45.0628 0x1810 WdiSystemHost - ok
17:49:45.0629 0x1810 wdiwifi - ok
17:49:45.0631 0x1810 WdNisDrv - ok
17:49:45.0633 0x1810 WdNisSvc - ok
17:49:45.0636 0x1810 WebClient - ok
17:49:45.0638 0x1810 Wecsvc - ok
17:49:45.0639 0x1810 WEPHOSTSVC - ok
17:49:45.0643 0x1810 wercplsupport - ok
17:49:45.0646 0x1810 WerSvc - ok
17:49:45.0648 0x1810 WFPLWFS - ok
17:49:45.0650 0x1810 WiaRpc - ok
17:49:45.0652 0x1810 WIMMount - ok
17:49:45.0653 0x1810 WinDefend - ok
17:49:45.0658 0x1810 WindowsTrustedRT - ok
17:49:45.0660 0x1810 WindowsTrustedRTProxy - ok
17:49:45.0662 0x1810 WinHttpAutoProxySvc - ok
17:49:45.0664 0x1810 WinMad - ok
17:49:45.0666 0x1810 Winmgmt - ok
17:49:45.0669 0x1810 WinRM - ok
17:49:45.0673 0x1810 WINUSB - ok
17:49:45.0674 0x1810 WinVerbs - ok
17:49:45.0678 0x1810 WlanSvc - ok
17:49:45.0680 0x1810 wlidsvc - ok
17:49:45.0681 0x1810 WmiAcpi - ok
17:49:45.0685 0x1810 wmiApSrv - ok
17:49:45.0686 0x1810 WMPNetworkSvc - ok
17:49:45.0690 0x1810 [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
17:49:45.0694 0x1810 Wof - ok
17:49:45.0697 0x1810 workfolderssvc - ok
17:49:45.0699 0x1810 wpcfltr - ok
17:49:45.0701 0x1810 WPDBusEnum - ok
17:49:45.0703 0x1810 WpdUpFltr - ok
17:49:45.0706 0x1810 WpnService - ok
17:49:45.0708 0x1810 ws2ifsl - ok
17:49:45.0711 0x1810 wscsvc - ok
17:49:45.0712 0x1810 WSearch - ok
17:49:45.0716 0x1810 WSService - ok
17:49:45.0718 0x1810 wuauserv - ok
17:49:45.0720 0x1810 WudfPf - ok
17:49:45.0722 0x1810 WUDFRd - ok
17:49:45.0724 0x1810 wudfsvc - ok
17:49:45.0727 0x1810 WUDFWpdFs - ok
17:49:45.0730 0x1810 WwanSvc - ok
17:49:45.0731 0x1810 XblAuthManager - ok
17:49:45.0734 0x1810 XblGameSave - ok
17:49:45.0736 0x1810 xboxgip - ok
17:49:45.0738 0x1810 XboxNetApiSvc - ok
17:49:45.0740 0x1810 xinputhid - ok
17:49:45.0742 0x1810 ================ Scan global ===============================
17:49:45.0750 0x1810 [ Global ] - ok
17:49:45.0750 0x1810 ================ Scan MBR ==================================
17:49:45.0751 0x1810 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:49:45.0787 0x1810 \Device\Harddisk0\DR0 - ok
17:49:45.0789 0x1810 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
17:49:45.0962 0x1810 \Device\Harddisk1\DR1 - ok
17:49:45.0962 0x1810 ================ Scan VBR ==================================
17:49:45.0967 0x1810 [ 1C41DC45F4CE112B783CB80A9CC1DFCD ] \Device\Harddisk0\DR0\Partition1
17:49:45.0971 0x1810 \Device\Harddisk0\DR0\Partition1 - ok
17:49:45.0976 0x1810 [ 44E36DD635888294EA95BC9BC33F6D61 ] \Device\Harddisk0\DR0\Partition2
17:49:45.0979 0x1810 \Device\Harddisk0\DR0\Partition2 - ok
17:49:45.0985 0x1810 [ EBF9AACE2BD2A75891EE7458BCB0C294 ] \Device\Harddisk1\DR1\Partition1
17:49:45.0988 0x1810 \Device\Harddisk1\DR1\Partition1 - ok
17:49:45.0991 0x1810 [ 93B233F979503DBFFD1AFF5F7953803F ] \Device\Harddisk1\DR1\Partition2
17:49:45.0994 0x1810 \Device\Harddisk1\DR1\Partition2 - ok
17:49:45.0995 0x1810 ================ Scan generic autorun ======================
17:49:46.0208 0x1810 [ 37C6C318D6AFAFA2EBA99820EDF21DA6, 5693AA141B947761EE41FBDC6F16FDC5BBB5BA8EBE1DEC90AD6EF33BFAF885A5 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:49:46.0363 0x1810 RTHDVCPL - ok
17:49:46.0373 0x1810 Object required for P2P: [ 37C6C318D6AFAFA2EBA99820EDF21DA6 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
17:49:49.0348 0x1810 Object send P2P result: true
17:49:49.0351 0x1810 [ 1E2F9B14D8446286E6BA950EF7E6D54C, 299D025095029A1032DDCD585FE39C51FCBE3892983396A18028C92D58386E3E ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
17:49:49.0352 0x1810 IAStorIcon - ok
17:49:49.0396 0x1810 [ E445C0DB7E5E89C657FC89C0C4CCEDE5, ABD7A9B36CFD6740CE06456B152D9EB1856C11CD7FB2A34E06D63BAD0639B2A0 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
17:49:49.0425 0x1810 NvBackend - ok
17:49:49.0430 0x1810 ShadowPlay - ok
17:49:49.0644 0x1810 [ 222A34C1E04D3A8DAF9BA6A0414958FB, 5B32621DD9CAAC79CA798E7E6CA0D9EDD3B36CA87734FB37034B3B451EC9DECC ] C:\Program Files\Logitech Gaming Software\LCore.exe
17:49:49.0813 0x1810 Launch LCore - ok
17:49:49.0923 0x1810 [ A97BC7CE8465551393872C6677FA6AF1, DDCF29A0EC321D499AAACE90796E67B0EE351F9303FCD705838E01754C8B657C ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
17:49:49.0999 0x1810 AvastUI.exe - ok
17:49:50.0003 0x1810 Object required for P2P: [ A97BC7CE8465551393872C6677FA6AF1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
17:49:52.0967 0x1810 Object send P2P result: true
17:49:53.0054 0x1810 OneDriveSetup - ok
17:49:53.0058 0x1810 OneDriveSetup - ok
17:49:53.0146 0x1810 [ 1F93DAF10BC91666F52FC5B9632C86EB, 3D2AE1090198AAEE7CDB587ED1D2784B9FF4E4B03F4F65BC2F46E28B136F3F01 ] C:\Users\David\AppData\Local\Microsoft\OneDrive\OneDrive.exe
17:49:53.0164 0x1810 OneDrive - ok
17:49:53.0167 0x1810 RESTART_STICKY_NOTES - ok
17:49:53.0168 0x1810 Skype - ok
17:49:53.0235 0x1810 [ 928466D2DD5BE2BCDABC6D770E13DA8A, 437CFB67EF43A67575446AA9E818BF372847D399CD8AD505E92401722B088074 ] C:\Program Files (x86)\Gyazo\GyStation.exe
17:49:53.0272 0x1810 Gyazo - ok
17:49:53.0275 0x1810 Object required for P2P: [ 928466D2DD5BE2BCDABC6D770E13DA8A ] C:\Program Files (x86)\Gyazo\GyStation.exe
17:49:56.0263 0x1810 Object send P2P result: true
17:49:56.0439 0x1810 [ CE1DEC053DA24927E89D9AA196D31281, 39DD431CFCD10AA4E176062E33A0262FEE5806E192B37037C97439B1CEF232C8 ] C:\Program Files\CCleaner\CCleaner64.exe
17:49:56.0527 0x1810 CCleaner Monitoring - ok
17:49:56.0548 0x1810 [ 44A9229022A519ED45294A1934C05EEC, 6DEF0DB5F9B50E9B0AFEE1CF50066BEB4FB7E15E2DC829A499509925660D6992 ] C:\Users\David\AppData\Local\FluxSoftware\Flux\flux.exe
17:49:56.0559 0x1810 f.lux - ok
17:49:56.0563 0x1810 Uninstall C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_2\amd64 - ok
17:49:56.0566 0x1810 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x60100 ( disabled : updated )
17:49:56.0567 0x1810 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2253.1653 ), 0x41000 ( enabled : updated )
17:49:56.0568 0x1810 Win FW state via NFP2: enabled ( trusted )
17:49:59.0201 0x1810 ============================================================
17:49:59.0201 0x1810 Scan finished
17:49:59.0201 0x1810 ============================================================
17:49:59.0207 0x2308 Detected object count: 0
17:49:59.0207 0x2308 Actual detected object count: 0

#26
dbreeze

Posted 17 February 2016 - 01:00 AM

Trusted Helper

Malware Removal
2,216 posts

Thank you for the log. I believe this rules out a rootkit type infection. Can you check the date and time on your system please?

I am going to confer with my colleagues on this matter and will get back to you as soon as possible.

#27
itsdave

Posted 17 February 2016 - 01:19 AM

Member

Topic Starter
Member
50 posts

The current date and time on my system?

8:18pm, 17th Feb

Appreciate it. Let me know when you can!

#28
dbreeze

Posted 17 February 2016 - 10:32 AM

Trusted Helper

Malware Removal
2,216 posts

FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Vegas Pro 12.0 (64-bit)

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

SECOND >>>>

FRST File Search

Right click on FRST64.exe on your desktop and select "Run as Administrator..." When the tool opens click Yes to disclaimer.
Type hao1* into the Search Box.
Press the Search Files button.
It will produce a log called search.txt in the same directory the tool is run from. Please rename this file File_search.txt.
Please copy and paste log back here.

LAST >>>>

FRST Registry Search

Right click on FRST64.exe on your desktop and select "Run as Administrator..." When the tool opens click Yes to disclaimer.
Type hao1* into the Search Box.
Press the Search Registry button.
It will produce a log called search.txt in the same directory the tool is run from. Please rename this file Reg_search.txt.
Please copy and paste log back here.

Note: There is a possibility that the log file could be very large. If that is the case, please attach the files instead of copying and pasting. Thank you.

#29
itsdave

Posted 17 February 2016 - 10:51 PM

Member

Topic Starter
Member
50 posts

FIRST:

Vegas Pro 12.0 (64-bit) has been uninstalled.

SECOND:

Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by David (2016-02-18 17:44:05)
Running from D:\Users\user\Desktop
Boot Mode: Normal

================== Search Files: "hao1*" =============

====== End of Search ======

LAST:

Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by David (2016-02-18 17:47:57)
Running from D:\Users\user\Desktop
Boot Mode: Normal

================== Search Registry: "hao1" ===========

====== End of Search ======

edit: with the registery scan I put "hao1*" into the field despite it saying "hao1"

Edited by itsdave, 17 February 2016 - 11:00 PM.

#30
dbreeze

Posted 18 February 2016 - 12:30 AM

Trusted Helper

Malware Removal
2,216 posts

I applogize but I missed one important command in the Zoek script the last time. If you still have the program on your desktop, you do not have to download it again.

Download zoek.exe from here: Zoek.exe at Bleepingcomputer

Close/disable all anti virus and anti malware programs so they do not interfere download or run of Zoek.exe
(Here or here you can read a instructions on how to disable your security applications.)
Double click zoek.exe to start the program.
Copy and paste the following script in the code box:
Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:

createsrpoint;
autoclean;
emptyalltemp;
emptyclsid;
IEdefaults;
chrdefaults;
FFdefaults;
bitsadmin /reset /allusers >>"%temp%\log.txt";b
ipconfig /flushdns >>"%temp%\log.txt";b
resetIEproxy;

Close any open browsers.
Make sure the "Scan All Users" button is selected.
Click the "Run script" button and wait patiently.
When finished the log file will be opened in notepad.
If a reboot is needed the log file will be opened after reboot.
The zoek-results.log can also be found on your system drive (typically this is C: drive.).
Please post the log file for further review in your next comment.