Edited by Himynameiskyle, 29 November 2017 - 02:10 AM.
I need help with an Alureon Virus
Started by
Himynameiskyle
, Nov 29 2017 12:30 AM
#1
Posted 29 November 2017 - 12:30 AM
Himynameiskyle
-
- Member
-
- 22 posts
Member
#2
Posted 29 November 2017 - 09:58 PM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
Need your FRST log:
- Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Check the Addition.txt box
- Press Scan button.
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please copy and paste log back here.
- It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Might as well try aswMBR:
Download aswMBR.exe to your desktop.
The link is a direct download so the page won't change.
Right click the aswMBR.exe and select Run As Administrator to run it
Wait until the AV Scan shows up at the bottom left.
Change AV Scan: from Quick Scan to C:\
Click the "Scan" button to start scan
If it asks you to allow the Avast engine to download then say Yes. It will take a while to finish.
On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply
If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.
and MBAR:
https://www.malwareb...om/antirootkit/
Make it easier on yourself and install TeamViewer the next time you visit. Then you can control her PC from yours.
When you set it up make sure you set a permanent password - otherwise you will have to call her and get the password of the day.
#3
Posted 01 December 2017 - 11:11 AM
Himynameiskyle
- Topic Starter
-
- Member
-
- 22 posts
Member
Okay I am about to head over there. Thanks for the remote access software. That will save me a ton of time! Quick question, your last bullet point in the first section where you talk about the same directory. That part was a hyperlink like I was supposed to download something. It didn't work, but I don't think that was a second program you needed me to download, right? The page wouldn't load for that one and I was trying to download everything on my computer before I go over there. Thanks!
#4
Posted 01 December 2017 - 01:29 PM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ https://files.avast.com/files/rootkit-scanner/aswmbr.exe https://www.malwarebytes.com/antirootkit/
All links work but the forum software likes to truncate them in the text so you can't just retype them. Above are the full URLs.
#5
Posted 01 December 2017 - 05:15 PM
Himynameiskyle
- Topic Starter
-
- Member
-
- 22 posts
Member
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Owner (administrator) on HP-DESKTOP (01-12-2017 14:35:18)
Running from F:\
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Supra) C:\dKEYUSBCradle\SyncService.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(Supra) C:\dKEYUSBCradle\ProxyDaemon.exe
() C:\dKEYUSBCradle\stunnel-4.10.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Supra) C:\dKEYUSBCradle\SyncInfoApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-05] (Hewlett-Packard )
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70080 2015-06-16] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [57446344 2017-11-16] (Skype Technologies S.A.)
HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\...\MountPoints2: E - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\...\MountPoints2: {fa696a82-d4c7-11e7-82d0-3010b326e15f} - "E:\LaunchU3.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DisplayKEY eSYNC Info.lnk [2016-11-16]
ShortcutTarget: DisplayKEY eSYNC Info.lnk -> C:\dKEYUSBCradle\SyncInfoApp.exe (Supra)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{86AD8D79-0E93-4DF3-B074-8F9C824C0DAE}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D65109DD-A864-4F63-834E-35604F19EAF5}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://home.mynmg.com/dana-cached/sc/JuniperSetupClient.cab
FireFox:
========
FF DefaultProfile: p85zmb8q.default
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default [2017-11-29]
FF Homepage: Mozilla\Firefox\Profiles\p85zmb8q.default -> hxxps://www.msn.com/
hxxps://www.msn.com/
FF NewTab: Mozilla\Firefox\Profiles\p85zmb8q.default -> hxxp://search.searchinfast.com?uid=7f6cf28c-82ce-4522-9e81-0073053f3f3f&uc=20160830&ap=appfocus5&source=googledisplay-bb8&page=newtab&implementation_id=dm_0.2.1
FF NewTabOverride: Mozilla\Firefox\Profiles\p85zmb8q.default -> Disabled: @Converter
FF NewTabOverride: Mozilla\Firefox\Profiles\p85zmb8q.default -> Disabled: @DownloadManager
FF Extension: (Converter) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\Extensions\@Converter.xpi [2017-11-19]
FF Extension: (Search Encrypt) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\Extensions\@searchencrypt.xpi [2017-11-17]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\Extensions\[email protected] [2016-08-17] [Lagacy]
FF Extension: (Adguard AdBlocker) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\Extensions\[email protected] [2017-11-28]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\features\{fdceb2ea-817f-4945-8dff-be20c3e18c8a}\[email protected] [2017-11-22] [Lagacy]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\searchplugins\yahoo! powered.xml [2017-11-18]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-11-28]
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-10]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-10]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-25]
CHR Extension: (Adguard AdBlocker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-11-28]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-25]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-10]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-25]
CHR Extension: (Search Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-01]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-25]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-28]
CHR HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 dKeySync; C:\dKEYUSBCradle\SyncService.exe [42496 2011-11-11] (Supra) [File not signed]
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [226240 2015-06-16] ()
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [6363792 2015-07-31] ()
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-11-29] (SurfRight B.V.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [File not signed]
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1156824 2015-10-13] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (VMware)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [533208 2015-10-14] (VMware, Inc.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 MpKsl3a3443a0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AEAEBECA-6400-44BD-9D30-F4EA56C8093E}\MpKsl3a3443a0.sys [58120 2017-11-29] (Microsoft Corporation)
S3 RTLU3E8023-W8-64; C:\Windows\system32\DRIVERS\rtu30x64w8.sys [92376 2013-10-11] (Realtek )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-01 14:35 - 2017-12-01 14:35 - 000000000 ____D C:\FRST
2017-11-29 11:26 - 2017-11-29 11:27 - 000005308 _____ C:\TDSSKiller.2.8.16.0_29.11.2017_11.26.51_log.txt
2017-11-29 00:22 - 2017-11-29 00:39 - 000141342 _____ C:\TDSSKiller.2.8.16.0_29.11.2017_00.22.12_log.txt
2017-11-29 00:18 - 2017-11-29 00:20 - 000141342 _____ C:\TDSSKiller.2.8.16.0_29.11.2017_00.18.20_log.txt
2017-11-29 00:15 - 2017-11-29 00:15 - 000012450 _____ C:\Users\Owner\Desktop\MBRCheck_11.29.17_00.15.25.txt
2017-11-29 00:11 - 2017-11-29 00:16 - 000141232 _____ C:\TDSSKiller.2.8.16.0_29.11.2017_00.11.51_log.txt
2017-11-29 00:09 - 2017-11-29 00:30 - 000000000 ____D C:\TDSSKiller_Quarantine
2017-11-29 00:09 - 2017-11-29 00:10 - 000277994 _____ C:\TDSSKiller.2.8.16.0_29.11.2017_00.09.13_log.txt
2017-11-29 00:08 - 2017-11-29 00:08 - 000001909 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-11-29 00:08 - 2017-11-29 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2017-11-29 00:08 - 2017-11-29 00:08 - 000000000 ____D C:\Program Files\HitmanPro
2017-11-29 00:07 - 2017-11-29 00:15 - 000000000 ____D C:\ProgramData\HitmanPro
2017-11-29 00:06 - 2017-11-29 00:07 - 000011126 _____ C:\Users\Owner\Desktop\MBRCheck_11.29.17_00.06.36.txt
2017-11-28 23:41 - 2017-11-29 00:09 - 000090582 _____ C:\Windows\ntbtlog.txt
2017-11-28 13:59 - 2017-11-28 13:59 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Adblock Plus for IE
2017-11-28 13:59 - 2017-11-28 13:59 - 000000000 ____D C:\Program Files\Adblock Plus for IE
2017-11-28 13:48 - 2017-11-28 14:13 - 000000000 ____D C:\Users\Owner\Documents\ConnectWiseControl
2017-11-28 12:46 - 2017-11-28 14:13 - 000000000 ____D C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0004_82786dc597925baa
2017-11-28 12:45 - 2017-11-28 12:45 - 000085272 _____ C:\Users\Owner\Downloads\ConnectWiseControl.Client.exe
2017-11-28 12:37 - 2017-11-28 12:37 - 000352151 _____ C:\Users\Owner\Desktop\Computer Bill.pdf
2017-11-28 11:16 - 2017-11-28 12:46 - 000000000 ____D C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0004_93709a72a0cf73c5
2017-11-28 10:43 - 2017-11-28 10:56 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\Owner\Downloads\flashplayer27_ka_install.exe
2017-11-27 02:00 - 2017-11-27 02:00 - 000189114 _____ C:\Users\Owner\Desktop\soft experts.pdf
2017-11-22 11:08 - 2017-11-28 13:52 - 000000000 ____D C:\Windows\Minidump
2017-11-18 20:26 - 2017-11-18 20:26 - 000003230 _____ C:\Windows\System32\Tasks\{EE0246C1-3455-44FF-8A58-3CAADCD84D78}
2017-11-18 10:22 - 2017-11-18 10:22 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Opera Software
2017-11-18 10:22 - 2017-11-18 10:22 - 000000000 ____D C:\Users\Owner\AppData\Local\Opera Software
2017-11-18 10:21 - 2017-11-18 10:21 - 000000065 _____ C:\Users\Owner\Downloads\Word_Setup [1].exe
2017-11-17 10:46 - 2017-11-17 10:47 - 140852175 _____ C:\Users\Owner\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US(1).exe
2017-11-17 10:46 - 2017-11-17 10:46 - 140852175 _____ C:\Users\Owner\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2017-11-17 10:44 - 2017-11-17 10:44 - 001668448 _____ ( ) C:\Users\Owner\Downloads\Word_Setup.exe
2017-11-15 09:08 - 2017-10-16 12:38 - 002013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 09:08 - 2017-10-14 02:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-15 09:08 - 2017-10-14 02:23 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-15 09:08 - 2017-10-14 02:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-15 09:08 - 2017-10-14 02:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-15 09:08 - 2017-10-14 01:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-15 09:08 - 2017-10-14 01:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-15 09:08 - 2017-10-14 01:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-15 09:08 - 2017-10-14 01:05 - 015431680 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 09:08 - 2017-10-14 00:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-15 09:08 - 2017-10-14 00:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-15 09:08 - 2017-10-14 00:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-15 09:08 - 2017-10-14 00:14 - 013317632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-15 09:08 - 2017-10-14 00:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-15 09:08 - 2017-10-10 09:38 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-15 09:08 - 2017-09-08 11:14 - 003084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2017-11-15 09:08 - 2017-09-08 10:50 - 002471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2017-11-15 09:08 - 2017-08-10 19:39 - 002779136 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-11-15 09:08 - 2017-08-10 19:30 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-11-15 09:07 - 2017-10-17 13:11 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-15 09:07 - 2017-10-14 07:04 - 001548624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-11-15 09:07 - 2017-10-14 02:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-15 09:07 - 2017-10-14 02:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-15 09:07 - 2017-10-14 01:36 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-11-15 09:07 - 2017-10-14 01:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-15 09:07 - 2017-10-14 01:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-15 09:07 - 2017-10-14 01:30 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-15 09:07 - 2017-10-14 01:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-15 09:07 - 2017-10-14 01:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-15 09:07 - 2017-10-14 01:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-15 09:07 - 2017-10-14 00:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-15 09:07 - 2017-10-14 00:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-15 09:07 - 2017-10-14 00:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-15 09:07 - 2017-10-14 00:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-11-15 09:07 - 2017-10-14 00:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-15 09:07 - 2017-10-14 00:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-15 09:07 - 2017-10-14 00:24 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-15 09:07 - 2017-10-14 00:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-15 09:07 - 2017-10-14 00:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-15 09:07 - 2017-10-14 00:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-15 09:07 - 2017-10-10 10:36 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 09:07 - 2017-10-10 09:38 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-11-15 09:07 - 2017-10-10 09:11 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-15 09:07 - 2017-10-10 09:08 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-11-15 09:07 - 2017-10-05 01:17 - 000380248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-11-15 09:07 - 2017-09-14 17:52 - 000986968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-11-15 09:07 - 2017-09-07 21:31 - 000685440 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-11-15 09:07 - 2017-09-07 21:28 - 000507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-11-15 09:07 - 2017-09-07 15:31 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\mgmtapi.dll
2017-11-15 09:07 - 2017-09-07 13:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mgmtapi.dll
2017-11-15 09:07 - 2017-09-07 11:20 - 000513456 _____ C:\Windows\SysWOW64\locale.nls
2017-11-15 09:07 - 2017-09-07 11:20 - 000513456 _____ C:\Windows\system32\locale.nls
2017-11-15 09:07 - 2017-09-07 07:40 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-15 09:07 - 2017-09-07 07:40 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-15 09:07 - 2017-09-06 17:07 - 000158552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-15 09:07 - 2017-09-06 15:17 - 000461144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-15 09:07 - 2017-09-06 15:17 - 000443224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-15 09:07 - 2017-09-06 08:14 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\regsvc.dll
2017-11-15 08:57 - 2017-10-11 01:35 - 000143016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-15 08:57 - 2017-10-10 09:21 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-15 08:57 - 2017-10-10 07:18 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 000402944 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-14 15:47 - 2017-11-14 15:47 - 000092928 _____ C:\Users\Owner\Downloads\resume 2015 (Kyle McManaman).docx - Microsoft Word Online.htm
2017-11-14 15:47 - 2017-11-14 15:47 - 000000000 ____D C:\Users\Owner\Downloads\resume 2015 (Kyle McManaman).docx - Microsoft Word Online_files
2017-11-14 10:42 - 2017-11-14 10:42 - 053914496 _____ (Skype Technologies S.A. ) C:\Users\Owner\Downloads\Skype-8.10.0.9 (1).exe
2017-11-13 20:30 - 2017-11-13 20:30 - 053914496 _____ (Skype Technologies S.A. ) C:\Users\Owner\Downloads\Skype-8.10.0.9.exe
2017-11-13 20:26 - 2017-11-22 11:26 - 000001326 _____ C:\Users\Public\Desktop\Skype.lnk
2017-11-13 20:26 - 2017-11-22 11:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-11-13 20:26 - 2017-11-13 20:26 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2017-11-13 13:21 - 2017-11-13 13:21 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-11-13 10:15 - 2017-11-13 10:15 - 000123362 _____ C:\Users\Owner\Downloads\GACB_2015.pdf
2017-11-10 08:28 - 2017-11-10 08:28 - 000071441 _____ C:\Users\Owner\Downloads\patient-billing-flow.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-01 14:36 - 2014-11-21 02:44 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-01 14:33 - 2016-08-29 18:49 - 000000000 __RDO C:\Users\Owner\OneDrive
2017-11-29 11:29 - 2016-11-30 00:16 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2017-11-29 11:29 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\Inf
2017-11-29 00:40 - 2013-08-22 08:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-29 00:39 - 2016-08-16 19:45 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-11-29 00:39 - 2013-08-22 07:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-11-29 00:27 - 2016-08-16 19:11 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3592585487-3101742847-3297218791-1001
2017-11-28 18:17 - 2016-08-17 12:49 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{06EA9419-B131-4841-A5DD-11FDC460B3F6}
2017-11-28 13:52 - 2016-08-16 18:39 - 000000000 ____D C:\Windows\Panther
2017-11-28 13:45 - 2016-08-16 21:13 - 000000000 ____D C:\Users\Owner
2017-11-28 12:46 - 2017-06-25 07:10 - 000000000 ____D C:\Users\Owner\AppData\Local\Deployment
2017-11-28 11:12 - 2017-01-19 19:46 - 000000000 ____D C:\Users\Owner\AppData\Roaming\VMware
2017-11-24 09:52 - 2016-08-16 22:56 - 000000000 ____D C:\Windows\system32\MRT
2017-11-24 09:49 - 2017-10-15 09:32 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-24 09:49 - 2016-08-16 22:56 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-22 11:08 - 2017-03-28 15:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-22 11:08 - 2016-08-17 12:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-21 14:45 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\NDF
2017-11-20 14:32 - 2016-08-21 10:08 - 000545440 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-11-19 10:36 - 2016-08-17 12:50 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-19 10:36 - 2016-08-17 12:50 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2017-11-18 10:37 - 2013-08-22 08:44 - 000337808 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-18 10:32 - 2016-08-16 23:01 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-17 08:57 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\AppReadiness
2017-11-17 08:56 - 2013-08-22 09:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-17 08:56 - 2013-08-22 09:20 - 000000000 ____D C:\Windows\CbsTemp
2017-11-14 13:49 - 2017-06-25 07:11 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-14 13:49 - 2017-06-25 07:11 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-13 15:43 - 2017-06-25 07:10 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-13 15:43 - 2017-06-25 07:10 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-03 18:41 - 2016-08-16 23:03 - 000835568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-03 18:41 - 2016-08-16 23:03 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some files in TEMP:
====================
2017-11-29 00:39 - 2017-11-28 13:08 - 002237968 _____ (Kaspersky Lab ZAO) C:\Users\Owner\AppData\Local\Temp\5DCF14FB-B215-4626-A436-6A5976778928.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-27 11:31
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Owner (01-12-2017 14:37:03)
Running from F:\
Windows 8.1 (Update) (X64) (2016-08-17 03:13:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3592585487-3101742847-3297218791-500 - Administrator - Disabled)
Guest (S-1-5-21-3592585487-3101742847-3297218791-501 - Limited - Disabled)
Owner (S-1-5-21-3592585487-3101742847-3297218791-1001 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MX330 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series) (Version: - )
DisplayKEY USB Cradle (HKLM\...\{BBA09DF4-4519-4BD0-B203-A58CACB92DFA}) (Version: 2.0.0.329 - Supra)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
Pulse Secure Setup Client (HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\...\Juniper_Setup_Client) (Version: 8.1.6.61491 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Skype version 8.11 (HKLM-x32\...\Skype_is1) (Version: 8.11 - Skype Technologies S.A.)
VMware Horizon Client (HKLM\...\{C7F8E8FA-0832-427E-B2B1-ABF6F8495C35}) (Version: 3.5.2.30397 - VMware, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {37E3E53A-7645-4BC9-A9E5-6AD32F4E1D7F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B42061CE-B050-4D93-9898-FDC821CAFA75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-25] (Google Inc.)
Task: {E1A5D9C1-B602-4879-92C3-A63534EF021E} - System32\Tasks\{EE0246C1-3455-44FF-8A58-3CAADCD84D78} => C:\Windows\system32\pcalua.exe -a C:\Users\Owner\AppData\Local\{8E00B85C-AAA8-D4E4-C730-F10CE3580D94}\uninst.exe -c -P=/Uninstall /s /noun /DelSelfDir
Task: {E26968CF-C91C-4ECD-8592-53C9462086F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-25] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-09-01 17:12 - 2016-09-01 17:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-16 11:10 - 2015-06-16 11:10 - 000226240 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2015-07-31 15:42 - 2015-07-31 15:42 - 006363792 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
2011-11-11 14:27 - 2011-11-11 14:27 - 000073216 _____ () C:\dKEYUSBCradle\stunnel-4.10.exe
2015-06-16 11:04 - 2015-06-16 11:04 - 000239552 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
2005-03-29 00:58 - 2005-03-29 00:58 - 000847872 _____ () C:\dKEYUSBCradle\libeay32.dll
2010-03-16 09:52 - 2010-03-16 09:52 - 000159744 _____ () C:\dKEYUSBCradle\libssl32.dll
2017-11-13 20:26 - 2017-11-16 16:11 - 001551816 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2017-11-13 20:26 - 2017-11-16 16:08 - 000088064 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2017-11-13 20:26 - 2017-11-16 16:08 - 002559608 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2017-11-13 20:26 - 2017-11-16 16:08 - 000031864 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2017-11-13 20:26 - 2017-11-16 16:08 - 000400896 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2017-11-13 20:26 - 2017-11-16 16:08 - 000129536 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2017-11-13 20:26 - 2017-11-16 16:08 - 002130944 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42925105.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67090335.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72642326.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99224798.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42925105.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67090335.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72642326.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\99224798.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2017-11-28 13:54 - 000002514 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 answers.microsoft.com
127.0.0.1 www.scamadviser.com
127.0.0.1 www.answers.microsoft.com
127.0.0.1 www.reddit.com
127.0.0.1 www.bbb.org
127.0.0.1 reportscam.com
127.0.0.1 it.findeen.com
127.0.0.1 secure.logmeinrescue.com
127.0.0.1 helpme.net
127.0.0.1 www.helpme.net
127.0.0.1 teamviewer.com
127.0.0.1 www.teamviewer.com
127.0.0.1 ammyy.com
127.0.0.1 www.ammyy.com
127.0.0.1 supremocontrol.com
127.0.0.1 www.supercontrol.com
127.0.0.1 anydesk.com
127.0.0.1 www.anydesk.com
127.0.0.1 aeroadmin.com
127.0.0.1 www.aeroadmin.com
127.0.0.1 remoteutilities.com
127.0.0.1 www.remoteutilities.com
127.0.0.1 remotepc.com
127.0.0.1 www.remotepc.com
127.0.0.1 litemanager.com
127.0.0.1 www.litemanager.com
127.0.0.1 get.gotomypc.com
127.0.0.1 get.gotomypc.com
127.0.0.1 showmypc.com
127.0.0.1 www.showmypc.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img10.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B0F18B4F-919F-43AF-A627-9C194E0F3EA7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AA45BFFA-AF50-4204-936E-8298D71F48C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7DACB5A0-5615-411A-849C-65BF40578DC6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FAE5A5C7-FE13-40A9-AB2D-E05A72CF807B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{42DE9361-EAA2-4977-AC0A-B7F0B6C9F500}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9EAB687B-B006-41A3-9064-4C19CEC77E13}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6F5DD6F7-273C-4120-88F4-21075693C53D}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{653C3824-617F-428D-B923-667101E57C88}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{2F0DA2BF-4BC6-48F6-B1FE-526BEFBE03F2}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{06BE2CF4-D1FA-44D2-8E4A-7180A21CA29B}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{F3CECC4E-413A-4150-913D-3CFB88A0F371}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{8E917DD7-9FA7-48D9-BC8C-DE3C3F9818B5}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{72F5AA83-97BB-4815-AA2F-93BDB81022FF}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{AD42FE2C-FA6B-42E3-AC07-AA4D90ED436B}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{7349F58B-B9D1-4E0A-A317-53A03F2FF9AC}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{380A0B4C-5C08-493A-A13E-E90B145DF4C7}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{805B19D2-A89C-4037-BB86-AE3C567E2F5D}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{4B4FA0B1-B9A5-4F67-8736-C9DD5C9F37C1}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{7819CFC0-2C8D-4DBF-9C0C-536FE8552347}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{21B12A09-1673-4F5A-8A79-A7F0AFA5487A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6876DCAD-50FE-48DF-8E7C-585DB61594AC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{09E7FC8C-9F5A-41FE-988F-3F6484F09F07}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EF7D00EF-4397-492D-98BF-800DEC16BB01}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{EF5B2034-9891-437F-83CE-FFF59CF4DBD4}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
==================== Restore Points =========================
13-07-2017 19:01:45 Windows Update
23-07-2017 00:38:49 Windows Update
09-08-2017 07:06:25 Windows Modules Installer
12-08-2017 15:05:36 Windows Update
15-09-2017 04:39:34 Windows Update
15-10-2017 09:31:32 Windows Update
19-10-2017 04:49:09 Windows Update
17-11-2017 08:53:05 Windows Update
24-11-2017 09:48:48 Windows Update
28-11-2017 13:59:11 Installed Adblock Plus for IE (32-bit and 64-bit)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/29/2017 11:26:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 38712125
Error: (11/29/2017 11:26:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 38712125
Error: (11/29/2017 11:26:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/29/2017 12:05:25 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP-DESKTOP)
Description: Activation of app Microsoft.Reader_6.4.9926.18860_x64__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/29/2017 12:05:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP-DESKTOP)
Description: Activation of app Microsoft.Reader_6.4.9926.18860_x64__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/29/2017 12:05:07 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP-DESKTOP)
Description: Activation of app Microsoft.Reader_6.4.9926.18860_x64__8wekyb3d8bbwe:Microsoft.Reader.AppXqwpk1t4bvqdvwhxhbyg53psw2e2hmdrd.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (11/28/2017 11:40:58 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root/subscription namespace does not exist. The query will be ignored.
Error: (11/28/2017 11:40:58 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root/subscription namespace does not exist. The query will be ignored.
Error: (11/28/2017 11:40:58 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root/subscription namespace does not exist. The query will be ignored.
Error: (11/28/2017 11:40:58 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __ClassOperationEvent" whose target class "__ClassOperationEvent" in //./root/subscription namespace does not exist. The query will be ignored.
System errors:
=============
Error: (11/29/2017 12:10:24 AM) (Source: DCOM) (EventID: 10005) (User: HP-DESKTOP)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (11/29/2017 12:09:47 AM) (Source: DCOM) (EventID: 10005) (User: HP-DESKTOP)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (11/29/2017 12:09:11 AM) (Source: DCOM) (EventID: 10005) (User: HP-DESKTOP)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (11/29/2017 12:09:11 AM) (Source: DCOM) (EventID: 10005) (User: HP-DESKTOP)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (11/29/2017 12:09:11 AM) (Source: DCOM) (EventID: 10005) (User: HP-DESKTOP)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (11/29/2017 12:09:11 AM) (Source: DCOM) (EventID: 10005) (User: HP-DESKTOP)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (11/29/2017 12:09:11 AM) (Source: DCOM) (EventID: 10005) (User: HP-DESKTOP)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (11/29/2017 12:09:11 AM) (Source: DCOM) (EventID: 10005) (User: HP-DESKTOP)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (11/29/2017 12:09:11 AM) (Source: DCOM) (EventID: 10005) (User: HP-DESKTOP)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (11/29/2017 12:09:11 AM) (Source: DCOM) (EventID: 10005) (User: HP-DESKTOP)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
==================== Memory info ===========================
Processor: AMD A8-7600 Radeon R7, 10 Compute Cores 4C+6G
Percentage of memory in use: 19%
Total physical RAM: 7092.85 MB
Available physical RAM: 5714 MB
Total Virtual: 14260.85 MB
Available Virtual: 12851.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1862.5 GB) (Free:1819.22 GB) NTFS
Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:3.81 GB) (Free:1.24 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: D9D82C40)
Partition: GPT.
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: E44A23EB)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0B)
==================== End of Addition.txt ============================
Not sure if the MBR scan finished. It was stuck for a while. If I need to run it again, just let me know! Also, fix button was disabled.
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2017-12-01 14:44:13
-----------------------------
14:44:13.681 OS Version: Windows x64 6.2.9200
14:44:13.681 Number of processors: 4 586 0x3001
14:44:13.681 ComputerName: HP-DESKTOP UserName: Owner
14:44:15.087 Initialize success
14:44:15.087 VM: initialized successfully
14:44:15.087 VM: Amd CPU BiosDisabled
14:46:22.359 AVAST engine defs: 17030301
14:49:33.023 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
14:49:33.023 Disk 0 Vendor: ST2000DM001-1ER164 HP51 Size: 1907729MB BusType: 11
14:49:33.151 Disk 0 MBR read successfully
14:49:33.163 Disk 0 MBR scan
14:49:33.163 Disk 0 unknown MBR code
14:49:33.163 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
14:49:33.241 Disk 0 scanning C:\Windows\system32\drivers
14:49:50.530 Service scanning
14:50:20.265 Modules scanning
14:50:20.265 Disk 0 trace - called modules:
14:50:20.280 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys
14:50:20.280 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000f36b5770]
14:50:20.296 3 CLASSPNP.SYS[fffff801e1a81170] -> nt!IofCallDriver -> \Device\00000028[0xffffe000f34fc060]
14:50:21.939 AVAST engine scan C:\
17:13:22.180 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
17:13:22.259 The log file has been saved successfully to "F:\aswMBR.txt"
#6
Posted 01 December 2017 - 05:43 PM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
Uninstall:
Bonjour (your version is not working)
HitmanPro (not a very smart program. Often leaves the PC unbootable)
Your hosts file has been tampered with so that teamviewer won't work. Let's see if we can clear it up with a fixlist:
Download the attached fixlist.txt to the same location as FRST
[attachment=86306:fixlist.txt]
Run FRST and press Fix
A fix log will be generated please post that
Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.
Post your latest TDSSKiller log (C:\TDSSKiller.2.8.16.0_29.11.2017_11.26.51_log.txt )
Submit the mbr.dat file that aswMBR created for you to virustotal:
Easiest way to submit a file is to copy the path:
F:\MBR.dat
Then
Go to virustotal.com with your browser. Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear. Hit Open and it should return to the main page with MBR.dat chosen. Click on Scan it. If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis. In that case click on View Last Analysis. If it doesn't know the file it will take a minute to query 50+ different anti-virus companies. In either case, If the Detection ratio: is not 0 / 50+ then copy the Analysis page and paste it into the forum. You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.
pen an elevated command prompt:
http://www.howtogeek...-in-windows-10/
http://www.eightforu...indows-8-a.html
If you open an elevated command prompt it will by default open in c:\Windows\system32
Once you have an elevated command prompt:
Type:
DISM /Online /Cleanup-Image /RestoreHealth
(I use two spaces so you can be sure to see where one space goes.)
Hit Enter. This will take a while (10-20 minutes) to complete. Once the prompt returns:
Reboot. Open an elevated Command Prompt again and type (with an Enter after the line):
sfc /scannow
This will also take a few minutes.
When it finishes it will say one of the following:
Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
If you get the last result then type:
findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \junk.txt
Hit Enter. Then type::
notepad \junk.txt
Hit Enter.
Copy the text from notepad and paste it into a reply.
After you finish SFC, regardless of the result:
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
* System
4. Under 'Select type to list', select:
* Error
* Warning
Then use the 'Number of events' as follows:
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
#7
Posted 01 December 2017 - 05:49 PM
Himynameiskyle
- Topic Starter
-
- Member
-
- 22 posts
Member
Okay, I forgot to mention that Teamviewer did work from my laptop. I am uinstalling Bonjour right now and will reply with everything you asked for. Let me know if I need to remove teamviewer, but I did want to let you know that it did work fine.
#8
Posted 01 December 2017 - 06:00 PM
Himynameiskyle
- Topic Starter
-
- Member
-
- 22 posts
Member
Real quick too, I guess MBR is not finished. I went to apply the fix like you said and noticed it still scanning. I guess if you save the log, it just saves up to that point? I guess I figured that a warning message would pop up saying the scan is still in progress. I guess I should wait and post the log again once it has fully finished? Is there a way to tell that it has been completed? I guess the stop button will change to scan once it's done maybe? Thanks again for the help, I really appreciate this.
#9
Posted 01 December 2017 - 07:17 PM
Himynameiskyle
- Topic Starter
-
- Member
-
- 22 posts
Member
Latest TDSKiller:
19:17:26.0437 3460 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:17:26.0437 3460 UEFI system
19:17:28.0454 3460 ============================================================
19:17:28.0454 3460 Current date / time: 2017/12/01 19:17:28.0454
19:17:28.0454 3460 SystemInfo:
19:17:28.0454 3460
19:17:28.0454 3460 OS Version: 6.2.9200 ServicePack: 0.0
19:17:28.0454 3460 Product type: Workstation
19:17:28.0454 3460 ComputerName: HP-DESKTOP
19:17:28.0454 3460 UserName: Owner
19:17:28.0454 3460 Windows directory: C:\Windows
19:17:28.0454 3460 System windows directory: C:\Windows
19:17:28.0454 3460 Running under WOW64
19:17:28.0454 3460 Processor architecture: Intel x64
19:17:28.0454 3460 Number of processors: 4
19:17:28.0454 3460 Page size: 0x1000
19:17:28.0454 3460 Boot type: Normal boot
19:17:28.0454 3460 ============================================================
19:17:29.0127 3460 BG loaded
19:17:29.0391 3460 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:17:29.0407 3460 Drive \Device\Harddisk1\DR1 - Size: 0xF49D1C00 (3.82 Gb), SectorSize: 0x200, Cylinders: 0x1F2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:17:29.0407 3460 ============================================================
19:17:29.0407 3460 \Device\Harddisk0\DR0:
19:17:29.0407 3460 GPT partitions:
19:17:29.0407 3460 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {D247555E-D39B-464F-A1A6-73D996B00567}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
19:17:29.0407 3460 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {76457BAD-1730-4F8E-A20E-8F4A7D9F447B}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x32000
19:17:29.0407 3460 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {4F195DDA-4FA4-42B0-92A4-E9039210EB80}, Name: Microsoft reserved partition, StartLBA 0xC8800, BlocksNum 0x40000
19:17:29.0407 3460 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {9B4C8972-8B43-485B-94C6-1B4881B9DE50}, Name: Basic data partition, StartLBA 0x108800, BlocksNum 0xE8D00000
19:17:29.0407 3460 MBR partitions:
19:17:29.0407 3460 \Device\Harddisk1\DR1:
19:17:29.0407 3460 MBR partitions:
19:17:29.0407 3460 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x22, BlocksNum 0x79D48F
19:17:29.0407 3460 ============================================================
19:17:29.0422 3460 C: <-> \Device\Harddisk0\DR0\Partition4
19:17:29.0422 3460 ============================================================
19:17:29.0422 3460 Initialize success
19:17:29.0422 3460 ============================================================
19:17:31.0157 6208 ============================================================
19:17:31.0157 6208 Scan started
19:17:31.0157 6208 Mode: Manual;
19:17:31.0157 6208 ============================================================
19:17:31.0970 6208 ================ Scan system memory ========================
19:17:31.0970 6208 System memory - ok
19:17:31.0970 6208 ================ Scan services =============================
19:17:32.0110 6208 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
19:17:32.0110 6208 1394ohci - ok
19:17:32.0126 6208 [ AD508A1A46EC21B740AB31C28EFDFDB1 ] 3ware C:\Windows\system32\drivers\3ware.sys
19:17:32.0126 6208 3ware - ok
19:17:32.0157 6208 [ E796AE43DDD1844281DB4D57294D17C0 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:17:32.0157 6208 ACPI - ok
19:17:32.0173 6208 [ AC8279D229398BCF05C3154ADCA86813 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
19:17:32.0173 6208 acpiex - ok
19:17:32.0189 6208 [ A8970D9BF23CD309E0403978A1B58F3F ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
19:17:32.0189 6208 acpipagr - ok
19:17:32.0221 6208 [ 111A89C99C5B4F1A7BCE5F643DD86F65 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
19:17:32.0221 6208 AcpiPmi - ok
19:17:32.0236 6208 [ 5758387D68A20AE7D3245011B07E36E7 ] acpitime C:\Windows\System32\drivers\acpitime.sys
19:17:32.0236 6208 acpitime - ok
19:17:32.0267 6208 [ 7C1FDF1B48298CBA7CE4BDD4978951AD ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
19:17:32.0282 6208 ADP80XX - ok
19:17:32.0345 6208 [ BCD58DACAA1EAAADC115EDD940478F6D ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:17:32.0345 6208 AeLookupSvc - ok
19:17:32.0376 6208 [ A460C3AF3755A2A79A3C8EFE72E147B5 ] AFD C:\Windows\system32\drivers\afd.sys
19:17:32.0392 6208 AFD - ok
19:17:32.0392 6208 [ 7DFAEBA9AD62D20102B576D5CAC45EC8 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:17:32.0392 6208 agp440 - ok
19:17:32.0424 6208 [ FE14D249D39368CA62D8DA6BC94AC694 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
19:17:32.0424 6208 ahcache - ok
19:17:32.0439 6208 [ 14A45BE6F5678339F0EC5752D9849410 ] ALG C:\Windows\System32\alg.exe
19:17:32.0439 6208 ALG - ok
19:17:32.0470 6208 [ BC54D9830300C8B4F2B483CD6E0FC4CB ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:17:32.0470 6208 AMD External Events Utility - ok
19:17:32.0501 6208 [ 7589DE749DB6F71A68489DCE04158729 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
19:17:32.0501 6208 AmdK8 - ok
19:17:32.0642 6208 [ 6398021B262BD1531E8523CF5DEFD600 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:17:32.0784 6208 amdkmdag - ok
19:17:32.0815 6208 [ BB4A8E585178DDAE35875D670C41C981 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:17:32.0815 6208 amdkmdap - ok
19:17:32.0831 6208 [ B46D2D89AFF8A9490FA8C98C7A5616E3 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
19:17:32.0831 6208 AmdPPM - ok
19:17:32.0831 6208 [ D2BF2F94A47D332814910FD47C6BBCD2 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:17:32.0846 6208 amdsata - ok
19:17:32.0846 6208 [ A8E04943C7BBA7219AA50400272C3C6E ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:17:32.0846 6208 amdsbs - ok
19:17:32.0862 6208 [ CEA5F4F27CFC08E3A44D576811B35F50 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:17:32.0862 6208 amdxata - ok
19:17:32.0893 6208 [ 415DD71628795197F7AFC176CBADC74E ] AppID C:\Windows\system32\drivers\appid.sys
19:17:32.0893 6208 AppID - ok
19:17:32.0909 6208 [ 942C8297400FCFB13CEE3F3CD89C5CE5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:17:32.0909 6208 AppIDSvc - ok
19:17:32.0942 6208 [ 734622FBA766DBD65B1803549B24A04A ] Appinfo C:\Windows\System32\appinfo.dll
19:17:32.0942 6208 Appinfo - ok
19:17:33.0034 6208 [ 7D811EA7A2AAA49B0446D42CBC1CD338 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:17:33.0034 6208 Apple Mobile Device Service - ok
19:17:33.0065 6208 [ 35E28923A23ADABAA5A1B43256D0AB58 ] AppReadiness C:\Windows\system32\AppReadiness.dll
19:17:33.0065 6208 AppReadiness - ok
19:17:33.0098 6208 [ E0F846ADE7DED88981D0908DE56FF160 ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
19:17:33.0112 6208 AppXSvc - ok
19:17:33.0128 6208 [ 65045784366F7EC5FB4E71BCF923187B ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:17:33.0128 6208 arcsas - ok
19:17:33.0143 6208 [ 74B14192CF79A72F7536B27CB8814FBD ] atapi C:\Windows\system32\drivers\atapi.sys
19:17:33.0159 6208 atapi - ok
19:17:33.0207 6208 [ 2C7676F892E88FD190F08D98048C7C6C ] athr C:\Windows\system32\DRIVERS\athw8x.sys
19:17:33.0253 6208 athr - ok
19:17:33.0284 6208 [ 431FE56F5A2F5937994CB2DA330B47DB ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
19:17:33.0284 6208 AudioEndpointBuilder - ok
19:17:33.0315 6208 [ 0F03CC00645D7F841879A048787D6AC7 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:17:33.0315 6208 Audiosrv - ok
19:17:33.0347 6208 [ 3C6ED74AF41DD1A5585CE5EF3D00915F ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:17:33.0347 6208 AxInstSV - ok
19:17:33.0362 6208 [ A4A73F631FE2AA2826FBE4A399B04DEF ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:17:33.0362 6208 b06bdrv - ok
19:17:33.0378 6208 [ 8CC7F7E4AFCBA605921B137ED7992C68 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
19:17:33.0378 6208 BasicDisplay - ok
19:17:33.0409 6208 [ 195BD339B4B782B42C19489DCFB4D110 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
19:17:33.0409 6208 BasicRender - ok
19:17:33.0409 6208 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
19:17:33.0409 6208 bcmfn2 - ok
19:17:33.0442 6208 [ 174394F4EF93C117BF7BE3878046A1B1 ] BDESVC C:\Windows\System32\bdesvc.dll
19:17:33.0442 6208 BDESVC - ok
19:17:33.0456 6208 [ EC19013E4CF87609534165DF897274D6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:17:33.0456 6208 Beep - ok
19:17:33.0487 6208 [ 5059D93764340D4EAEDF49C47133118F ] BFE C:\Windows\System32\bfe.dll
19:17:33.0503 6208 BFE - ok
19:17:33.0534 6208 [ 48554994279BFE17A3D2B00076D0CB1A ] BITS C:\Windows\System32\qmgr.dll
19:17:33.0534 6208 BITS - ok
19:17:33.0565 6208 [ 4938A9236300A356F97E378491EE4844 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:17:33.0565 6208 bowser - ok
19:17:33.0597 6208 [ FA601515FF2B59F25FDD8EDB1D2A1104 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
19:17:33.0597 6208 BrokerInfrastructure - ok
19:17:33.0612 6208 [ BC111AADACD0BF59D56547461D13AB6E ] Browser C:\Windows\System32\browser.dll
19:17:33.0612 6208 Browser - ok
19:17:33.0629 6208 [ A8F23D453A424FF4DE04989C4727ECC7 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
19:17:33.0629 6208 BthAvrcpTg - ok
19:17:33.0645 6208 [ 272A62B660A48AEF366F8A1836CED19F ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
19:17:33.0645 6208 BthHFEnum - ok
19:17:33.0660 6208 [ 71FE2A48E4C93DDB9798C024880B6C07 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
19:17:33.0660 6208 bthhfhid - ok
19:17:33.0677 6208 [ 9307A4B743D277C499CDA8E19E5687AC ] BthHFSrv C:\Windows\System32\BthHFSrv.dll
19:17:33.0677 6208 BthHFSrv - ok
19:17:33.0690 6208 [ EF4B9E7C9AD88C00C18A12B0D22D1894 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
19:17:33.0690 6208 BTHMODEM - ok
19:17:33.0706 6208 [ 043A0F37631BF453F16D478B71320F46 ] bthserv C:\Windows\system32\bthserv.dll
19:17:33.0706 6208 bthserv - ok
19:17:33.0721 6208 [ 2FA6510E33F7DEFEC03658B74101A9B9 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:17:33.0721 6208 cdfs - ok
19:17:33.0753 6208 [ C6796EA22B513E3457514D92DCDB1A3D ] cdrom C:\Windows\System32\drivers\cdrom.sys
19:17:33.0753 6208 cdrom - ok
19:17:33.0786 6208 [ ACFDC4EE40EC6E4A0AB91D923B8288C8 ] CertPropSvc C:\Windows\System32\certprop.dll
19:17:33.0786 6208 CertPropSvc - ok
19:17:33.0800 6208 [ BE9936EDD3267FAAFF94A7835867F00B ] circlass C:\Windows\System32\drivers\circlass.sys
19:17:33.0800 6208 circlass - ok
19:17:33.0832 6208 [ 39D72BA91AFE3C81C1AB0DE41AA07EF3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
19:17:33.0832 6208 CLFS - ok
19:17:33.0862 6208 [ EF6EF85DADC3184A10D8F2F7159973CB ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
19:17:33.0862 6208 CmBatt - ok
19:17:33.0909 6208 [ C8823A6ECE66B997C8E9F413D1D671E7 ] CNG C:\Windows\system32\Drivers\cng.sys
19:17:33.0909 6208 CNG - ok
19:17:33.0926 6208 [ 03AAED827C36F35D70900558B8274905 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
19:17:33.0926 6208 CompositeBus - ok
19:17:33.0926 6208 COMSysApp - ok
19:17:33.0940 6208 [ A1FF7DFBFBE164CF92603C651D304DD2 ] condrv C:\Windows\system32\drivers\condrv.sys
19:17:33.0940 6208 condrv - ok
19:17:33.0956 6208 [ 6324F0D18FB52833BA64BC828E29054C ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:17:33.0971 6208 CryptSvc - ok
19:17:33.0971 6208 [ 315BA4BC19316D72B2E037534E048B93 ] dam C:\Windows\system32\drivers\dam.sys
19:17:33.0987 6208 dam - ok
19:17:34.0018 6208 [ 20CC6E9FE25ACD34BE4FCDDB7B08364D ] DcomLaunch C:\Windows\system32\rpcss.dll
19:17:34.0018 6208 DcomLaunch - ok
19:17:34.0050 6208 [ 95E1ABFB27F8A62ED764805775F0D2F3 ] defragsvc C:\Windows\System32\defragsvc.dll
19:17:34.0050 6208 defragsvc - ok
19:17:34.0082 6208 [ FF086DEF5995558CCB1B5AAC2110195D ] DeviceAssociationService C:\Windows\system32\das.dll
19:17:34.0082 6208 DeviceAssociationService - ok
19:17:34.0096 6208 [ 2C02AFF8383D893F8DBEB07A84F6E77C ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
19:17:34.0096 6208 DeviceInstall - ok
19:17:34.0129 6208 [ 4FED6AD69C9EE1EE7FD3C88437138855 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
19:17:34.0129 6208 Dfsc - ok
19:17:34.0143 6208 [ 3EEAADA3125431980E5804ED7143458A ] Dhcp C:\Windows\system32\dhcpcore.dll
19:17:34.0143 6208 Dhcp - ok
19:17:34.0190 6208 [ 0AC9F83A5508935DE89C447473085EEA ] DiagTrack C:\Windows\system32\diagtrack.dll
19:17:34.0206 6208 DiagTrack - ok
19:17:34.0221 6208 [ BF6D8575DDF30384939B2D5251F27C1F ] disk C:\Windows\system32\drivers\disk.sys
19:17:34.0221 6208 disk - ok
19:17:34.0269 6208 [ CAF3719E7EBB5CAC650F72330D9C5BBE ] dKeySync C:\dKEYUSBCradle\SyncService.exe
19:17:34.0269 6208 dKeySync - ok
19:17:34.0285 6208 [ EB70A894708D1BC176AFD690FF06085F ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
19:17:34.0285 6208 dmvsc - ok
19:17:34.0315 6208 [ D9F407D006C916B7EC167858F88F13EB ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:17:34.0331 6208 Dnscache - ok
19:17:34.0362 6208 [ 811EACBCC7C51A03AE11F13CC27B2AB6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:17:34.0362 6208 dot3svc - ok
19:17:34.0379 6208 [ B99CB575986789A93A683DCF292A43A1 ] DPS C:\Windows\system32\dps.dll
19:17:34.0379 6208 DPS - ok
19:17:34.0393 6208 [ 00C594D5A1DBD22AD8B2902B9F6EFF94 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:17:34.0393 6208 drmkaud - ok
19:17:34.0409 6208 [ 263625A4F616538EB867B6306A6590DB ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
19:17:34.0409 6208 DsmSvc - ok
19:17:34.0456 6208 [ 670E7F15CEEA22C34CED8F4D0EC161BF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:17:34.0471 6208 DXGKrnl - ok
19:17:34.0490 6208 [ E253530BD5EDE28F1FF6AF93C4D8034D ] Eaphost C:\Windows\System32\eapsvc.dll
19:17:34.0503 6208 Eaphost - ok
19:17:34.0550 6208 [ 114BCFDF367FF37C3F1B0A96AF542E4D ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:17:34.0581 6208 ebdrv - ok
19:17:34.0596 6208 [ 382100E75B6F4668AEAEF228C6CEFFAD ] EFS C:\Windows\System32\lsass.exe
19:17:34.0612 6208 EFS - ok
19:17:34.0612 6208 [ 43531A5993380CC5113242C29D265FD9 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
19:17:34.0612 6208 EhStorClass - ok
19:17:34.0643 6208 [ 6F8E738A9505A388B1157FDDE7B3101B ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
19:17:34.0643 6208 EhStorTcgDrv - ok
19:17:34.0659 6208 [ DFFFAE1442BA4076E18EED5E406FA0D3 ] ErrDev C:\Windows\System32\drivers\errdev.sys
19:17:34.0659 6208 ErrDev - ok
19:17:34.0675 6208 [ F00C593994D57C75273F820653440536 ] EventSystem C:\Windows\system32\es.dll
19:17:34.0690 6208 EventSystem - ok
19:17:34.0707 6208 [ 7729D294A555C7AEB281ED8E4D0E01E4 ] exfat C:\Windows\system32\drivers\exfat.sys
19:17:34.0707 6208 exfat - ok
19:17:34.0723 6208 [ 7C4E0D5900B2A1D11EDD626D6DDB937B ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:17:34.0723 6208 fastfat - ok
19:17:34.0753 6208 [ 304B6AEC4639A7CCCCF544C6BA6177B2 ] Fax C:\Windows\system32\fxssvc.exe
19:17:34.0753 6208 Fax - ok
19:17:34.0753 6208 [ 5D8402613E778B3BD45E687A8372710B ] fdc C:\Windows\System32\drivers\fdc.sys
19:17:34.0768 6208 fdc - ok
19:17:34.0768 6208 [ 020D2F29009F893ADEFF4405B4B44565 ] fdPHost C:\Windows\system32\fdPHost.dll
19:17:34.0768 6208 fdPHost - ok
19:17:34.0784 6208 [ E80D2EDD2F88B6E20076A0A4F5A5A245 ] FDResPub C:\Windows\system32\fdrespub.dll
19:17:34.0784 6208 FDResPub - ok
19:17:34.0800 6208 [ 47AB7D16EDE434B934AA4D661456C2D5 ] fhsvc C:\Windows\system32\fhsvc.dll
19:17:34.0815 6208 fhsvc - ok
19:17:34.0815 6208 [ BCFD8B149B3ADF92D0DB1E909CAF0265 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:17:34.0815 6208 FileInfo - ok
19:17:34.0815 6208 [ A1A66C4FDAFD6B0289523232AFB7D8AF ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:17:34.0815 6208 Filetrace - ok
19:17:34.0833 6208 [ BE743083CF7063C486A4398E3AEFE59A ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
19:17:34.0833 6208 flpydisk - ok
19:17:34.0846 6208 [ C1FB505A73FA2E9019D32444AB33B75A ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:17:34.0846 6208 FltMgr - ok
19:17:34.0893 6208 [ 223CD19D2F84B7B42081F4FB530B658F ] FontCache C:\Windows\system32\FntCache.dll
19:17:34.0893 6208 FontCache - ok
19:17:35.0005 6208 [ 1C52387BF5A127F5F3BFB31288F30D93 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:17:35.0018 6208 FontCache3.0.0.0 - ok
19:17:35.0018 6208 [ A7C31B168F371E8E6796219F23E354DB ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:17:35.0018 6208 FsDepends - ok
19:17:35.0050 6208 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:17:35.0050 6208 Fs_Rec - ok
19:17:35.0065 6208 [ 9540C57068902DAA6F272D70E922C090 ] ftnlsv3hv C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
19:17:35.0081 6208 ftnlsv3hv - ok
19:17:35.0190 6208 [ AFC4552FB7F8A1C04FA0EE57A78933FC ] ftscanmgr C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
19:17:35.0253 6208 ftscanmgr - ok
19:17:35.0286 6208 [ D4AB6EE3D715BC44C00277FD934FAACF ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:17:35.0286 6208 fvevol - ok
19:17:35.0300 6208 [ 9591D0B9351ED489EAFD9D1CE52A8015 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
19:17:35.0300 6208 FxPPM - ok
19:17:35.0315 6208 [ FC3EF65EE20D39F8749C2218DBA681CA ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:17:35.0315 6208 gagp30kx - ok
19:17:35.0332 6208 [ 0BF5CAD281E25F1418E5B8875DC5ADD1 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
19:17:35.0346 6208 gencounter - ok
19:17:35.0346 6208 [ 8DF1254093B5C354CE725EB6B9B0DE19 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
19:17:35.0346 6208 GPIOClx0101 - ok
19:17:35.0393 6208 [ 2DAFF4F76A90E3C523C2FE50338537E9 ] gpsvc C:\Windows\System32\gpsvc.dll
19:17:35.0409 6208 gpsvc - ok
19:17:35.0471 6208 [ 0545A3EB959CFA4790D267BFB8C1ACA4 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:17:35.0471 6208 gupdate - ok
19:17:35.0471 6208 [ 0545A3EB959CFA4790D267BFB8C1ACA4 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:17:35.0471 6208 gupdatem - ok
19:17:35.0487 6208 [ FA4AC219AA758EA46D7148059BB9D36E ] hcmon C:\Windows\system32\drivers\hcmon.sys
19:17:35.0487 6208 hcmon - ok
19:17:35.0518 6208 [ 56F69F7C25FB67C970997D7066DBC593 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:17:35.0518 6208 HdAudAddService - ok
19:17:35.0534 6208 [ D4B7ED39C7900384D9E5C1283F1E7926 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
19:17:35.0534 6208 HDAudBus - ok
19:17:35.0550 6208 [ 10A70BC1871CD955D85CD88372724906 ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
19:17:35.0550 6208 HidBatt - ok
19:17:35.0565 6208 [ 42F88B57CAE42FC10059C887B3FCFCEA ] HidBth C:\Windows\System32\drivers\hidbth.sys
19:17:35.0565 6208 HidBth - ok
19:17:35.0581 6208 [ C241A8BAFBBFC90176EA0F5240EACC17 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
19:17:35.0581 6208 hidi2c - ok
19:17:35.0597 6208 [ 9BDDEE26255421017E161CCB9D5EDA95 ] HidIr C:\Windows\System32\drivers\hidir.sys
19:17:35.0597 6208 HidIr - ok
19:17:35.0612 6208 [ EA85B5093DF7B5C3E80362B053740AE2 ] hidserv C:\Windows\system32\hidserv.dll
19:17:35.0612 6208 hidserv - ok
19:17:35.0644 6208 [ 49676FEC898AB2A11B157F848269A56E ] HidUsb C:\Windows\System32\drivers\hidusb.sys
19:17:35.0644 6208 HidUsb - ok
19:17:35.0675 6208 [ A6FFE56E72D6C500A0D2AA0843630D40 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
19:17:35.0675 6208 HitmanProScheduler - ok
19:17:35.0691 6208 [ 93C4315F47F8D635C6DB0DF49FCE10EE ] hkmsvc C:\Windows\system32\kmsvc.dll
19:17:35.0691 6208 hkmsvc - ok
19:17:35.0721 6208 [ AC49522ED106BD4B545D6614D71C2445 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:17:35.0721 6208 HomeGroupListener - ok
19:17:35.0753 6208 [ 99932E30CE0283B73BB6E5019E150394 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:17:35.0753 6208 HomeGroupProvider - ok
19:17:35.0769 6208 [ A6AACEA4C785789BDA5912AD1FEDA80D ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:17:35.0769 6208 HpSAMD - ok
19:17:35.0800 6208 [ 0821D9404151398E43B794828DFBFB07 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:17:35.0800 6208 HTTP - ok
19:17:35.0832 6208 [ 90656C0B3864804B090434EFC582404F ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:17:35.0832 6208 hwpolicy - ok
19:17:35.0846 6208 [ 6D6F9E3BF0484967E52F7E846BFF1CA1 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
19:17:35.0846 6208 hyperkbd - ok
19:17:35.0846 6208 [ 907C870F8C31F8DDD6F090857B46AB25 ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
19:17:35.0846 6208 HyperVideo - ok
19:17:35.0880 6208 [ 49EE0AE9E5B64FFBBD06D55C4984B598 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
19:17:35.0880 6208 i8042prt - ok
19:17:35.0893 6208 [ 5D90E32E36CE5D4C535D17CE08AEAF05 ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
19:17:35.0893 6208 iaLPSSi_GPIO - ok
19:17:35.0893 6208 [ DD05E7E80F52ADE9AEB292819920F32C ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
19:17:35.0893 6208 iaLPSSi_I2C - ok
19:17:35.0925 6208 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
19:17:35.0925 6208 iaStorAV - ok
19:17:35.0956 6208 [ A2200C3033FA4EF249FC096A7A7D02A2 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:17:35.0956 6208 iaStorV - ok
19:17:35.0956 6208 IEEtwCollectorService - ok
19:17:35.0987 6208 [ 02211401EFFC4965C014C8F9696539A2 ] IKEEXT C:\Windows\System32\ikeext.dll
19:17:36.0004 6208 IKEEXT - ok
19:17:36.0004 6208 [ 4E448FCFFD00E8D657CD9E48D3E47157 ] intelide C:\Windows\system32\drivers\intelide.sys
19:17:36.0004 6208 intelide - ok
19:17:36.0035 6208 [ A770340FC02B999EF0DE6C2A6BC8437C ] intelpep C:\Windows\system32\drivers\intelpep.sys
19:17:36.0035 6208 intelpep - ok
19:17:36.0050 6208 [ 47E74A8E53C7C24DCE38311E1451C1D9 ] intelppm C:\Windows\System32\drivers\intelppm.sys
19:17:36.0050 6208 intelppm - ok
19:17:36.0159 6208 [ 9DB76D7F9E4E53EFE5DD8C53DE837514 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:17:36.0159 6208 IpFilterDriver - ok
19:17:36.0193 6208 [ B452623C1DE60544054E784D94A7AA47 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:17:36.0206 6208 iphlpsvc - ok
19:17:36.0223 6208 [ C800DCD904016B2BF6AB541083770A3A ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
19:17:36.0223 6208 IPMIDRV - ok
19:17:36.0253 6208 [ B7342B3C58E91107F6E946A93D9D4EFD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:17:36.0253 6208 IPNAT - ok
19:17:36.0284 6208 [ 97C9EBB84A761D48DC17E0E6B913C164 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:17:36.0284 6208 iPod Service - ok
19:17:36.0300 6208 [ AE44C526AB5F8A487D941CEB57B10C97 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:17:36.0300 6208 IRENUM - ok
19:17:36.0315 6208 [ 8AFEEA3955AA43616A60F133B1D25F21 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:17:36.0315 6208 isapnp - ok
19:17:36.0346 6208 [ C378ED678D1316721A40E1F60FB76184 ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
19:17:36.0346 6208 iScsiPrt - ok
19:17:36.0379 6208 [ 5917AFE4A3F695A54B99C1849C8207FE ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
19:17:36.0379 6208 kbdclass - ok
19:17:36.0393 6208 [ 8CD840A062F6BDF41DDE3ACB96164B72 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
19:17:36.0393 6208 kbdhid - ok
19:17:36.0393 6208 [ 813871C7D402A05F2E3A7075F9584A05 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
19:17:36.0393 6208 kdnic - ok
19:17:36.0426 6208 [ 382100E75B6F4668AEAEF228C6CEFFAD ] KeyIso C:\Windows\system32\lsass.exe
19:17:36.0426 6208 KeyIso - ok
19:17:36.0441 6208 [ 304DA394D958BC3B62AF6DF514005B01 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:17:36.0441 6208 KSecDD - ok
19:17:36.0487 6208 [ 3D4AE520CD6F6FFE549DD195C1F515BE ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:17:36.0487 6208 KSecPkg - ok
19:17:36.0503 6208 [ 11AFB527AA370B1DAFD5C36F35F6D45F ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:17:36.0503 6208 ksthunk - ok
19:17:36.0535 6208 [ C1591A66028C71147A3E2EAB0B1CCB7E ] KtmRm C:\Windows\system32\msdtckrm.dll
19:17:36.0535 6208 KtmRm - ok
19:17:36.0581 6208 [ B75ADC97905F43C7C946F1465A8697BD ] LanmanServer C:\Windows\system32\srvsvc.dll
19:17:36.0581 6208 LanmanServer - ok
19:17:36.0614 6208 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:17:36.0614 6208 LanmanWorkstation - ok
19:17:36.0659 6208 [ 8B9F3796EC1762CF255BDB324E5529C8 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll
19:17:36.0659 6208 lfsvc - ok
19:17:36.0675 6208 [ C09010B3680860131631F53E8FE7BAD8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:17:36.0675 6208 lltdio - ok
19:17:36.0706 6208 [ DAE98CC96C5EE308BF4EA7B18F226CB8 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:17:36.0722 6208 lltdsvc - ok
19:17:36.0738 6208 [ 1E2662D847B7D9995C65D90D254A7E0F ] lmhosts C:\Windows\System32\lmhsvc.dll
19:17:36.0738 6208 lmhosts - ok
19:17:36.0769 6208 [ C755AE4635457AA2A11F79C0DF857ABC ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:17:36.0769 6208 LSI_SAS - ok
19:17:36.0785 6208 [ ADAC09CBE7A2040B7F68B5E5C9A75141 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:17:36.0785 6208 LSI_SAS2 - ok
19:17:36.0800 6208 [ 04D1274BB9BBCCF12BD12374002AA191 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys
19:17:36.0800 6208 LSI_SAS3 - ok
19:17:36.0831 6208 [ 327469EEF3833D0C584B7E88A76AEC0C ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
19:17:36.0831 6208 LSI_SSS - ok
19:17:36.0847 6208 [ 9A7A7E45DAED2E8C2816716D8D28236A ] LSM C:\Windows\System32\lsm.dll
19:17:36.0863 6208 LSM - ok
19:17:36.0895 6208 [ B0AF753AF28303BB69C67BD85F06FFC9 ] luafv C:\Windows\system32\drivers\luafv.sys
19:17:36.0895 6208 luafv - ok
19:17:36.0956 6208 [ EB5C03A070F30D64A6DF80E53B22F53F ] megasas C:\Windows\system32\drivers\megasas.sys
19:17:36.0956 6208 megasas - ok
19:17:36.0972 6208 [ F6F13533196DE7A582D422B0241E4363 ] megasr C:\Windows\system32\drivers\megasr.sys
19:17:36.0972 6208 megasr - ok
19:17:36.0988 6208 [ 4C5179DB61B9E14BEC15CDC4B152B2E9 ] MMCSS C:\Windows\system32\mmcss.dll
19:17:37.0003 6208 MMCSS - ok
19:17:37.0036 6208 [ 8B38C44F69259987C95135C9627E2378 ] Modem C:\Windows\system32\drivers\modem.sys
19:17:37.0036 6208 Modem - ok
19:17:37.0036 6208 [ 601589000CC90F0DF8DA2CC254A3CCC9 ] monitor C:\Windows\System32\drivers\monitor.sys
19:17:37.0036 6208 monitor - ok
19:17:37.0050 6208 [ 08374E4E5B8914DE6067CBA99F61E930 ] mouclass C:\Windows\System32\drivers\mouclass.sys
19:17:37.0050 6208 mouclass - ok
19:17:37.0066 6208 [ 5FCBAB60598AE119E02B4C27DE6B99EA ] mouhid C:\Windows\System32\drivers\mouhid.sys
19:17:37.0066 6208 mouhid - ok
19:17:37.0097 6208 [ E5E8665272EBCD87A0A632314F0D221D ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:17:37.0097 6208 mountmgr - ok
19:17:37.0145 6208 [ 30813D30C0F03BB6D2B584C665C83F25 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:17:37.0145 6208 MozillaMaintenance - ok
19:17:37.0222 6208 [ BF2513029E231BE96D82F7C3ABFF87F4 ] MpKslc5795e0e C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A4C5EC7D-7B65-4CAD-9630-D1D3FE65AF28}\MpKslc5795e0e.sys
19:17:37.0222 6208 MpKslc5795e0e - ok
19:17:37.0253 6208 [ 6FC047578785B0435F4E2660946D1ADC ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:17:37.0253 6208 mpsdrv - ok
19:17:37.0269 6208 [ D1418745A5472F3930A288E05B9E2C05 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:17:37.0285 6208 MpsSvc - ok
19:17:37.0312 6208 [ 3F818C1518DA702C8F10259095C9BDE0 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:17:37.0313 6208 MRxDAV - ok
19:17:37.0345 6208 [ E2FC654EC895E92A022794329BFC53EC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:17:37.0345 6208 mrxsmb - ok
19:17:37.0393 6208 [ AFE6DC2E57E876175BA074AD2CB5594F ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:17:37.0393 6208 mrxsmb10 - ok
19:17:37.0423 6208 [ B37B58F9F80A51098C42663D5FA5F2BA ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:17:37.0423 6208 mrxsmb20 - ok
19:17:37.0439 6208 [ F3C060444777A59FC63D920719E43CCD ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
19:17:37.0439 6208 MsBridge - ok
19:17:37.0470 6208 [ 915747E010A9414B069173284A9B93F4 ] MSDTC C:\Windows\System32\msdtc.exe
19:17:37.0470 6208 MSDTC - ok
19:17:37.0485 6208 [ D13329FBF8345B28AB30F44CC247DC08 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:17:37.0485 6208 Msfs - ok
19:17:37.0501 6208 [ C6B474E46F9E543B875981ED3FFE6ADD ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
19:17:37.0501 6208 msgpiowin32 - ok
19:17:37.0516 6208 [ 65C92EB9D08DB5C69F28C7FFD4E84E31 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:17:37.0516 6208 mshidkmdf - ok
19:17:37.0516 6208 [ 52299F086AC2DAFD100DD5DC4A8614BA ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
19:17:37.0516 6208 mshidumdf - ok
19:17:37.0532 6208 [ 36D92AF3343C3A3E57FEF11C449AEA4C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:17:37.0532 6208 msisadrv - ok
19:17:37.0563 6208 [ A06142B3850B06972F1C89748FAA2C02 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:17:37.0563 6208 MSiSCSI - ok
19:17:37.0563 6208 msiserver - ok
19:17:37.0579 6208 [ A9BBBD2BAE6142253B9195E949AC2E8D ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:17:37.0579 6208 MSKSSRV - ok
19:17:37.0595 6208 [ 51B3AC0560848CD6D65AC2033E293113 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
19:17:37.0595 6208 MsLldp - ok
19:17:37.0595 6208 [ 7B2128EB875DCBC006E6A913211006D6 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:17:37.0595 6208 MSPCLOCK - ok
19:17:37.0595 6208 [ 1E88171579B218115C7A772F8DE04BD8 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:17:37.0595 6208 MSPQM - ok
19:17:37.0641 6208 [ BBE2A455053E63BECBF42C2F9B21FAE0 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:17:37.0641 6208 MsRPC - ok
19:17:37.0658 6208 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
19:17:37.0658 6208 mssmbios - ok
19:17:37.0673 6208 [ 115019AE01E0EB9C048530D2928AB4A2 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:17:37.0673 6208 MSTEE - ok
19:17:37.0673 6208 [ 96D604A35070360F0DD4A7A8AF410B5E ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
19:17:37.0673 6208 MTConfig - ok
19:17:37.0704 6208 [ 438EA7A2D8D4F9B8AFB64748ACA70BA8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:17:37.0704 6208 Mup - ok
19:17:37.0720 6208 [ B8C35C94DCB2DFEAF03BB42131F2F77F ] mvumis C:\Windows\system32\drivers\mvumis.sys
19:17:37.0720 6208 mvumis - ok
19:17:37.0752 6208 [ 8DF30698BDD9492A9D45A4B94FB4A82A ] napagent C:\Windows\system32\qagentRT.dll
19:17:37.0752 6208 napagent - ok
19:17:37.0784 6208 [ BB78990894F14D725EBD301E1945BF0F ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:17:37.0784 6208 NativeWifiP - ok
19:17:37.0798 6208 [ BFCE1225D10619029E68946929CEB64C ] NcaSvc C:\Windows\System32\ncasvc.dll
19:17:37.0798 6208 NcaSvc - ok
19:17:37.0813 6208 [ 267C97373110B7AFD3B46DF60B6CBB85 ] NcbService C:\Windows\System32\ncbservice.dll
19:17:37.0813 6208 NcbService - ok
19:17:37.0846 6208 [ 0813B71EAF097208DC76CE0605B48AF0 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
19:17:37.0846 6208 NcdAutoSetup - ok
19:17:37.0892 6208 [ FFAA6C6E798FBA448FA7628A1B277F5C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:17:37.0892 6208 NDIS - ok
19:17:37.0907 6208 [ 8CECC8DA55F3274181FD1EA28AD76664 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:17:37.0923 6208 NdisCap - ok
19:17:37.0923 6208 [ 269882812E9A68FFF1AFE1283D428322 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
19:17:37.0923 6208 NdisImPlatform - ok
19:17:37.0954 6208 [ 82821F4EEC776B4CF11695A38F3ABA46 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:17:37.0954 6208 NdisTapi - ok
19:17:37.0970 6208 [ B832B35055BA2B7B4181861FF94D8E59 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:17:37.0970 6208 Ndisuio - ok
19:17:37.0985 6208 [ 1F58E48EF75F34C35D8E93A0DC535CFE ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys
19:17:37.0985 6208 NdisVirtualBus - ok
19:17:38.0001 6208 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:17:38.0001 6208 NdisWan - ok
19:17:38.0001 6208 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys
19:17:38.0001 6208 NdisWanLegacy - ok
19:17:38.0016 6208 [ DDD7F92A83F74D1476B71FBA9530A8DC ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:17:38.0016 6208 NDProxy - ok
19:17:38.0048 6208 [ 3083926D1CC5B56EA0786527B557DD1B ] Ndu C:\Windows\system32\drivers\Ndu.sys
19:17:38.0048 6208 Ndu - ok
19:17:38.0063 6208 [ 42FF4975D032CAE558AE4BB8448F6E5A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:17:38.0079 6208 NetBIOS - ok
19:17:38.0110 6208 [ 0FE750800DEEE91D22399D081371BA79 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:17:38.0110 6208 NetBT - ok
19:17:38.0126 6208 [ 382100E75B6F4668AEAEF228C6CEFFAD ] Netlogon C:\Windows\system32\lsass.exe
19:17:38.0126 6208 Netlogon - ok
19:17:38.0142 6208 [ 8F074B62E66B6117D9598C62A12069C5 ] Netman C:\Windows\System32\netman.dll
19:17:38.0157 6208 Netman - ok
19:17:38.0188 6208 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45 ] netprofm C:\Windows\System32\netprofmsvc.dll
19:17:38.0188 6208 netprofm - ok
19:17:38.0235 6208 [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:17:38.0235 6208 NetTcpPortSharing - ok
19:17:38.0251 6208 [ D4DCE03870314D3354F3501F9DDD4123 ] netvsc C:\Windows\System32\drivers\netvsc63.sys
19:17:38.0251 6208 netvsc - ok
19:17:38.0266 6208 [ E94EB2A95D7D016E119C4D6868788831 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:17:38.0282 6208 NlaSvc - ok
19:17:38.0299 6208 [ 8F44A2F57C9F1A19AC9C6288C10FB351 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:17:38.0299 6208 Npfs - ok
19:17:38.0313 6208 [ CBDB4F0871C88DF930FC0E8588CA67FC ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
19:17:38.0313 6208 npsvctrig - ok
19:17:38.0329 6208 [ 0F12A72A753CFD7FB0631EE8D08FE983 ] nsi C:\Windows\system32\nsisvc.dll
19:17:38.0345 6208 nsi - ok
19:17:38.0360 6208 [ 018510D88536798852DAE12F9BA6E138 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:17:38.0360 6208 nsiproxy - ok
19:17:38.0423 6208 [ 9907FCC207E470F94B9DB6BD037E79C4 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:17:38.0423 6208 Ntfs - ok
19:17:38.0454 6208 [ EF1B290FC9F0E47CC0B537292BEE5904 ] Null C:\Windows\system32\drivers\Null.sys
19:17:38.0454 6208 Null - ok
19:17:38.0470 6208 [ BC6B5942AFF25EBAF62DE43C3807EDF8 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:17:38.0470 6208 nvraid - ok
19:17:38.0485 6208 [ 1F43ABFFAC3D6CA356851D517392966E ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:17:38.0485 6208 nvstor - ok
19:17:38.0502 6208 [ 6934A936A7369DFE37B7DBA93F5E5E49 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:17:38.0502 6208 nv_agp - ok
19:17:38.0534 6208 [ 26657F3B4F39A0E64AF859278B599C4E ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:17:38.0534 6208 p2pimsvc - ok
19:17:38.0565 6208 [ FD8F61F0D1F64BBB3D835F39A3F979C9 ] p2psvc C:\Windows\system32\p2psvc.dll
19:17:38.0565 6208 p2psvc - ok
19:17:38.0595 6208 [ 57DCE4FB0467986AE78E1C6FC5240D32 ] Parport C:\Windows\System32\drivers\parport.sys
19:17:38.0595 6208 Parport - ok
19:17:38.0628 6208 [ BAFF6122CFC9F95CA175AD8C348179A4 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:17:38.0628 6208 partmgr - ok
19:17:38.0660 6208 [ C37AFACC6F809061A9CB5A8A863894F2 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:17:38.0673 6208 PcaSvc - ok
19:17:38.0690 6208 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4 ] pci C:\Windows\system32\drivers\pci.sys
19:17:38.0704 6208 pci - ok
19:17:38.0720 6208 [ 346E38FCC6859A727DD28AFAD1F0AFF4 ] pciide C:\Windows\system32\drivers\pciide.sys
19:17:38.0720 6208 pciide - ok
19:17:38.0737 6208 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:17:38.0737 6208 pcmcia - ok
19:17:38.0737 6208 [ BF28771D1436C88BE1D297D3098B0F7D ] pcw C:\Windows\system32\drivers\pcw.sys
19:17:38.0737 6208 pcw - ok
19:17:38.0766 6208 [ E6B3ACBA06BAF48594557FCCBFA66FD2 ] pdc C:\Windows\system32\drivers\pdc.sys
19:17:38.0766 6208 pdc - ok
19:17:38.0799 6208 [ 0ECEE590F2E2EF969FB74A6FC583A1E6 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:17:38.0799 6208 PEAUTH - ok
19:17:38.0861 6208 [ 8E3C640FFF5A963F570233AE99C0FFF3 ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:17:38.0861 6208 PerfHost - ok
19:17:38.0907 6208 [ 70B39E7241F750A248798CE82C44596D ] pla C:\Windows\system32\pla.dll
19:17:38.0907 6208 pla - ok
19:17:38.0939 6208 [ 2C02AFF8383D893F8DBEB07A84F6E77C ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:17:38.0939 6208 PlugPlay - ok
19:17:39.0016 6208 [ 4570F8A37D221660F3A09D6F4DD4BA94 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:17:39.0016 6208 PNRPAutoReg - ok
19:17:39.0032 6208 [ 26657F3B4F39A0E64AF859278B599C4E ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:17:39.0032 6208 PNRPsvc - ok
19:17:39.0079 6208 [ 0FF8507A8B901B904E98EB36B9E347EE ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:17:39.0079 6208 PolicyAgent - ok
19:17:39.0095 6208 [ C8DD82C3035E60D671B8CC5DF128D3A9 ] Power C:\Windows\system32\umpo.dll
19:17:39.0095 6208 Power - ok
19:17:39.0188 6208 [ F6EA63145C20A23732AD2CA1EBA65FA1 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
19:17:39.0221 6208 PrintNotify - ok
19:17:39.0253 6208 [ ECD373F9571C745894367CC2635EA44F ] Processor C:\Windows\System32\drivers\processr.sys
19:17:39.0253 6208 Processor - ok
19:17:39.0282 6208 [ 6E409D818C6B342544EAE741B1422B85 ] ProfSvc C:\Windows\system32\profsvc.dll
19:17:39.0282 6208 ProfSvc - ok
19:17:39.0298 6208 [ FC0141B4A5AD6D637D883C1A89FC45C5 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:17:39.0313 6208 Psched - ok
19:17:39.0345 6208 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5 ] QWAVE C:\Windows\system32\qwave.dll
19:17:39.0345 6208 QWAVE - ok
19:17:39.0376 6208 [ 83868EB2924E6BC21A54337C65D614D1 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:17:39.0376 6208 QWAVEdrv - ok
19:17:39.0396 6208 [ B337B1F1E82A83E20A1743E008E25C0F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:17:39.0396 6208 RasAcd - ok
19:17:39.0409 6208 [ 044638489B4A5FE5334F46C5314A0826 ] RasAuto C:\Windows\System32\rasauto.dll
19:17:39.0409 6208 RasAuto - ok
19:17:39.0455 6208 [ 0A655DD285E4E1E2975CEAB8FDE75295 ] RasMan C:\Windows\System32\rasmans.dll
19:17:39.0470 6208 RasMan - ok
19:17:39.0501 6208 [ 5247F308C4103CDC4FE12AE1D235800A ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:17:39.0501 6208 RasPppoe - ok
19:17:39.0532 6208 [ D67ED4AB59D1EF66B05AD1A81AC28B26 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:17:39.0532 6208 rdbss - ok
19:17:39.0563 6208 [ 6B21EBF892CD8CACB71669B35AB5DE32 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
19:17:39.0563 6208 rdpbus - ok
19:17:39.0563 6208 [ 680C1DAE268B6FB67FA21B389A8B79EF ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:17:39.0580 6208 RDPDR - ok
19:17:39.0610 6208 [ BC8A79C625568DDB7DCA49D0C2741A64 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:17:39.0627 6208 RdpVideoMiniport - ok
19:17:39.0641 6208 [ A26AEC49F318FEE141DDDB2C5F99B3E6 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:17:39.0641 6208 rdyboost - ok
19:17:39.0676 6208 [ 2D39BCFA4DD1081B8F282B623456B858 ] ReFS C:\Windows\system32\drivers\ReFS.sys
19:17:39.0688 6208 ReFS - ok
19:17:39.0706 6208 [ DF78648AC3C8DC9D70E6714AF785382F ] RemoteAccess C:\Windows\System32\mprdim.dll
19:17:39.0706 6208 RemoteAccess - ok
19:17:39.0738 6208 [ 7594FEFBAD6BA4645CE7AA175C19BAD0 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:17:39.0738 6208 RemoteRegistry - ok
19:17:39.0770 6208 [ 65B9FDE300A6DECC03BA44C4616DCAD6 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:17:39.0770 6208 RpcEptMapper - ok
19:17:39.0800 6208 [ A737B433ABAF3F2DCB2BD7B4CC582B26 ] RpcLocator C:\Windows\system32\locator.exe
19:17:39.0800 6208 RpcLocator - ok
19:17:39.0831 6208 [ 20CC6E9FE25ACD34BE4FCDDB7B08364D ] RpcSs C:\Windows\system32\rpcss.dll
19:17:39.0846 6208 RpcSs - ok
19:17:39.0846 6208 [ 2D05A5508F4685412F2B89E8C2189ABC ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:17:39.0846 6208 rspndr - ok
19:17:39.0878 6208 [ 3AB1AA5155684F40E2F5215A258D2471 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
19:17:39.0893 6208 RTL8168 - ok
19:17:39.0909 6208 [ AAC76DA735718DB96E95509BCFCD75CB ] RTLU3E8023-W8-64 C:\Windows\system32\DRIVERS\rtu30x64w8.sys
19:17:39.0909 6208 RTLU3E8023-W8-64 - ok
19:17:39.0925 6208 [ 1A063730F221B2746FF00457AE17E4F0 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
19:17:39.0925 6208 s3cap - ok
19:17:39.0940 6208 [ 382100E75B6F4668AEAEF228C6CEFFAD ] SamSs C:\Windows\system32\lsass.exe
19:17:39.0940 6208 SamSs - ok
19:17:39.0973 6208 [ C624A1B32211C3166EDB3F4AB02A30B7 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:17:39.0973 6208 sbp2port - ok
19:17:40.0128 6208 [ 74A3B67F03877D06B09B1B40C5ED582E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:17:40.0143 6208 SCardSvr - ok
19:17:40.0175 6208 [ 92D2FA1870F4EB4A9BA767DB6E0DEF6F ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
19:17:40.0175 6208 ScDeviceEnum - ok
19:17:40.0207 6208 [ FA7ABD857DEB0FE3C94CC39A4C845E66 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:17:40.0207 6208 scfilter - ok
19:17:40.0253 6208 [ 3151A020E03DDE31AAC49F35C5EFB4DB ] Schedule C:\Windows\system32\schedsvc.dll
19:17:40.0269 6208 Schedule - ok
19:17:40.0300 6208 [ ACFDC4EE40EC6E4A0AB91D923B8288C8 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:17:40.0300 6208 SCPolicySvc - ok
19:17:40.0315 6208 [ C54B6B2170BF628FD42F799A66956D75 ] sdbus C:\Windows\System32\drivers\sdbus.sys
19:17:40.0315 6208 sdbus - ok
19:17:40.0346 6208 [ 0B1E929D11A8E358106955603FAC65E8 ] sdstor C:\Windows\System32\drivers\sdstor.sys
19:17:40.0346 6208 sdstor - ok
19:17:40.0362 6208 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:17:40.0362 6208 secdrv - ok
19:17:40.0394 6208 [ 6627154693B6C2B8A59727F5B38728E8 ] seclogon C:\Windows\system32\seclogon.dll
19:17:40.0394 6208 seclogon - ok
19:17:40.0428 6208 [ 81FE9A81EDF8016816C9E91FBFBF7D35 ] SENS C:\Windows\System32\sens.dll
19:17:40.0428 6208 SENS - ok
19:17:40.0440 6208 [ 6E4012AE67F09F867EF620C8D5524C0B ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:17:40.0440 6208 SensrSvc - ok
19:17:40.0456 6208 [ DB2FF24CE0BDD15FE75870AFE312BA89 ] SerCx C:\Windows\system32\drivers\SerCx.sys
19:17:40.0456 6208 SerCx - ok
19:17:40.0473 6208 [ 0044B31F93946D5D41982314381FE431 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys
19:17:40.0473 6208 SerCx2 - ok
19:17:40.0487 6208 [ 1F0135949A6AD6025F363F80FE268251 ] Serenum C:\Windows\System32\drivers\serenum.sys
19:17:40.0503 6208 Serenum - ok
19:17:40.0519 6208 [ 81633C87B42B63BA484A6177179AC750 ] Serial C:\Windows\System32\drivers\serial.sys
19:17:40.0519 6208 Serial - ok
19:17:40.0534 6208 [ 148195AE95D9BC7375A08846439FDAC1 ] sermouse C:\Windows\System32\drivers\sermouse.sys
19:17:40.0550 6208 sermouse - ok
19:17:40.0581 6208 [ 624BB76941938B9F5776DEA56004D33E ] SessionEnv C:\Windows\system32\sessenv.dll
19:17:40.0581 6208 SessionEnv - ok
19:17:40.0596 6208 [ 472B7A5AC181C050888DB454663DD764 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
19:17:40.0596 6208 sfloppy - ok
19:17:40.0628 6208 [ 8081FF3DAE8159FE8956B09BC29CE983 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:17:40.0628 6208 SharedAccess - ok
19:17:40.0660 6208 [ 7FD9A61A3523A61FC135D61D6E160314 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:17:40.0675 6208 ShellHWDetection - ok
19:17:40.0690 6208 [ 693C0C1A4F89BED4CEA1FA291638C02B ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys
19:17:40.0690 6208 silabenm - ok
19:17:40.0707 6208 [ CD54DDA4898439ADB7A2E26EB9133028 ] silabser C:\Windows\system32\DRIVERS\silabser.sys
19:17:40.0707 6208 silabser - ok
19:17:40.0721 6208 [ 2F518D13DD6F3053837FE606F1A2EA1F ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:17:40.0721 6208 SiSRaid2 - ok
19:17:40.0741 6208 [ 1AC9A200A9C49C4508F04AAFFCA34A3F ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:17:40.0741 6208 SiSRaid4 - ok
19:17:40.0769 6208 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3 ] smphost C:\Windows\System32\smphost.dll
19:17:40.0769 6208 smphost - ok
19:17:40.0801 6208 [ 961507DB02D7AC0B7A7828D457143B8E ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:17:40.0801 6208 SNMPTRAP - ok
19:17:40.0831 6208 [ F6AF6499C3788105EA7AF1DA27769A77 ] spaceport C:\Windows\system32\drivers\spaceport.sys
19:17:40.0831 6208 spaceport - ok
19:17:40.0848 6208 [ F337BE11071818FC3F5DC2940B6BDE34 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
19:17:40.0848 6208 SpbCx - ok
19:17:40.0894 6208 [ FCB156A6745631A67DEA61827061D483 ] Spooler C:\Windows\System32\spoolsv.exe
19:17:40.0894 6208 Spooler - ok
19:17:40.0987 6208 [ F264662C057A54AA2DE41B3C7551712F ] sppsvc C:\Windows\system32\sppsvc.exe
19:17:41.0034 6208 sppsvc - ok
19:17:41.0065 6208 [ 3D0CA97EA01210E0BC032EB6FDCCF03D ] srv C:\Windows\system32\DRIVERS\srv.sys
19:17:41.0081 6208 srv - ok
19:17:41.0112 6208 [ FD4A645C5BA587257A97D7AC46212F4A ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:17:41.0112 6208 srv2 - ok
19:17:41.0144 6208 [ D3EAE998706531157CBEA3F5218435BC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:17:41.0144 6208 srvnet - ok
19:17:41.0177 6208 [ CF6C3037839CF78421A94F9060C2886F ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:17:41.0177 6208 SSDPSRV - ok
19:17:41.0206 6208 [ 198A737DBA666F4808D62E9A8277A6B7 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:17:41.0206 6208 SstpSvc - ok
19:17:41.0285 6208 [ 857693A4DA826BCD422C48114AA72B10 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
19:17:41.0285 6208 STacSV - ok
19:17:41.0300 6208 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:17:41.0300 6208 stexstor - ok
19:17:41.0331 6208 [ A73F13903345464F04D463B84890A271 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
19:17:41.0331 6208 STHDA - ok
19:17:41.0362 6208 [ 63E9CE568CF1192771A5F0460DE7D2B9 ] stisvc C:\Windows\System32\wiaservc.dll
19:17:41.0362 6208 stisvc - ok
19:17:41.0378 6208 [ 0ED2E318ABB68C1A35A8B8038BDB4C90 ] storahci C:\Windows\system32\drivers\storahci.sys
19:17:41.0378 6208 storahci - ok
19:17:41.0393 6208 [ 8B9486B64E5FC17FB9CC04CA10B77A34 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:17:41.0393 6208 storflt - ok
19:17:41.0425 6208 [ 1D5A045F59D216448FCDE3A8D69970E2 ] stornvme C:\Windows\system32\drivers\stornvme.sys
19:17:41.0425 6208 stornvme - ok
19:17:41.0440 6208 [ A45F5AC9D8069D0EC66E3CA73103073B ] StorSvc C:\Windows\system32\storsvc.dll
19:17:41.0440 6208 StorSvc - ok
19:17:41.0456 6208 [ 548759755BC73DAD663250239D7E0B9F ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:17:41.0456 6208 storvsc - ok
19:17:41.0471 6208 [ E395BE02F80A79A6CF973BA38DBB8135 ] svsvc C:\Windows\system32\svsvc.dll
19:17:41.0471 6208 svsvc - ok
19:17:41.0471 6208 [ 65454187E0F8B6C0DCECB0287D06EC43 ] swenum C:\Windows\System32\drivers\swenum.sys
19:17:41.0471 6208 swenum - ok
19:17:41.0503 6208 [ 1C71D72D4997A284128FBEE770726330 ] swprv C:\Windows\System32\swprv.dll
19:17:41.0503 6208 swprv - ok
19:17:41.0535 6208 [ 7E85DB0463AD2403AE84AD162B162279 ] SysMain C:\Windows\system32\sysmain.dll
19:17:41.0550 6208 SysMain - ok
19:17:41.0581 6208 [ D73DBBB96CEE90C2856164AAD8543425 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
19:17:41.0581 6208 SystemEventsBroker - ok
19:17:41.0613 6208 [ 54A1F83B166F1062000A0D816CB3B43A ] TabletInputService C:\Windows\System32\TabSvc.dll
19:17:41.0613 6208 TabletInputService - ok
19:17:41.0629 6208 [ 5A5BAB1CA9621E73E25EE4744B67CDA6 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:17:41.0629 6208 TapiSrv - ok
19:17:41.0675 6208 [ 4C58B60C1E6A2946D6E3D67A36E5E03E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:17:41.0690 6208 Tcpip - ok
19:17:41.0737 6208 [ 4C58B60C1E6A2946D6E3D67A36E5E03E ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:17:41.0737 6208 TCPIP6 - ok
19:17:41.0770 6208 [ 41CF802064F72E55F50CA0A221FD36D4 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:17:41.0770 6208 tcpipreg - ok
19:17:41.0802 6208 [ 576FA545FAB846B06E79B324160DE25C ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:17:41.0802 6208 tdx - ok
19:17:42.0143 6208 [ F38A3CBCB78CBEF1E986A626D3F46943 ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
19:17:42.0206 6208 TeamViewer - ok
19:17:42.0240 6208 [ 232D185D2337F141311D0CF1983E1431 ] terminpt C:\Windows\System32\drivers\terminpt.sys
19:17:42.0240 6208 terminpt - ok
19:17:42.0284 6208 [ 76938862B2674EFED79E814CD36E6A08 ] TermService C:\Windows\System32\termsrv.dll
19:17:42.0284 6208 TermService - ok
19:17:42.0315 6208 [ 2180DBCE75B914E5E5BBFFFAAE97AA21 ] Themes C:\Windows\system32\themeservice.dll
19:17:42.0331 6208 Themes - ok
19:17:42.0346 6208 [ 4C5179DB61B9E14BEC15CDC4B152B2E9 ] THREADORDER C:\Windows\system32\mmcss.dll
19:17:42.0346 6208 THREADORDER - ok
19:17:42.0410 6208 [ B5ED9CC61798C7D44BD535D40B89EFB5 ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
19:17:42.0410 6208 TimeBroker - ok
19:17:42.0444 6208 [ 80A2FC1A089A71F2DBE5D8394FFB009F ] TPM C:\Windows\system32\drivers\tpm.sys
19:17:42.0444 6208 TPM - ok
19:17:42.0456 6208 [ 884113C2BB703FE806C8608B75F34831 ] TrkWks C:\Windows\System32\trkwks.dll
19:17:42.0456 6208 TrkWks - ok
19:17:42.0487 6208 [ 44A94FB4C76528D2382FFE04B05827C3 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:17:42.0487 6208 TrustedInstaller - ok
19:17:42.0487 6208 [ BF8F54CA37E9C9D6582C31C5761F8C93 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:17:42.0487 6208 TsUsbFlt - ok
19:17:42.0503 6208 [ 20185BEB7512EDE4EFECDFA148AC9F99 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
19:17:42.0503 6208 TsUsbGD - ok
19:17:42.0518 6208 [ E85916632CD3B9E9B546968DB950BF42 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:17:42.0518 6208 tunnel - ok
19:17:42.0534 6208 [ F6EEAD052943B5A3104C1405BB856C54 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:17:42.0534 6208 uagp35 - ok
19:17:42.0550 6208 [ FE6067B1FD4E63650C667B33D080565B ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
19:17:42.0550 6208 UASPStor - ok
19:17:42.0565 6208 [ 807F8CF3E973305FC435C61CBBEE2A49 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
19:17:42.0565 6208 UCX01000 - ok
19:17:42.0597 6208 [ C61EAF8E1E4B2F62BA4FDF457440B2C6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:17:42.0597 6208 udfs - ok
19:17:42.0614 6208 [ 9578691F297E1B1F519970FE6D47CB21 ] UEFI C:\Windows\System32\drivers\UEFI.sys
19:17:42.0614 6208 UEFI - ok
19:17:42.0643 6208 [ A867F0F978EE64C87FADC3B100869EE4 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:17:42.0643 6208 UI0Detect - ok
19:17:42.0659 6208 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:17:42.0659 6208 uliagpkx - ok
19:17:42.0675 6208 [ DA34C39A18E60E7C3FA0630566408034 ] umbus C:\Windows\System32\drivers\umbus.sys
19:17:42.0675 6208 umbus - ok
19:17:42.0690 6208 [ AE8294875E5446E359B1E8035D40C05E ] UmPass C:\Windows\System32\drivers\umpass.sys
19:17:42.0690 6208 UmPass - ok
19:17:42.0722 6208 [ 87743CF5FF2FB3F2B424F0D8DFF8FD8C ] UmRdpService C:\Windows\System32\umrdp.dll
19:17:42.0722 6208 UmRdpService - ok
19:17:42.0753 6208 [ C98493DD8E6A50154FAC75C15E1C36BB ] upnphost C:\Windows\System32\upnphost.dll
19:17:42.0753 6208 upnphost - ok
19:17:42.0784 6208 [ F957092C63CD71D85903CA0D8370F473 ] USBAAPL64 C:\Windows\System32\Drivers\usbaapl64.sys
19:17:42.0784 6208 USBAAPL64 - ok
19:17:42.0815 6208 [ 621317D14B93CBFBD5694767EFB6B40A ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
19:17:42.0815 6208 usbccgp - ok
19:17:42.0847 6208 [ 0139248F6B95CF0D837B5B46A2722D40 ] usbcir C:\Windows\System32\drivers\usbcir.sys
19:17:42.0847 6208 usbcir - ok
19:17:42.0880 6208 [ C996CBEF922B5653A01E3F50DDCE2F86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
19:17:42.0880 6208 usbehci - ok
19:17:42.0894 6208 [ E30B159760053C5A1297D2CD08046CD7 ] usbhub C:\Windows\System32\drivers\usbhub.sys
19:17:42.0894 6208 usbhub - ok
19:17:42.0926 6208 [ 5C90D5379B53590FBB24BBAD4FA682EE ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
19:17:42.0926 6208 USBHUB3 - ok
19:17:42.0988 6208 [ A0F0484C97D6441ED6A75D7426ECCC9E ] usbohci C:\Windows\System32\drivers\usbohci.sys
19:17:42.0988 6208 usbohci - ok
19:17:43.0003 6208 [ 4D655E3B684BE9B0F7FFD8A2935C348C ] usbprint C:\Windows\System32\drivers\usbprint.sys
19:17:43.0003 6208 usbprint - ok
19:17:43.0019 6208 [ 0F030491BA4A27BD46F8B8ACEEE83F1A ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:17:43.0019 6208 usbscan - ok
19:17:43.0065 6208 [ 9D168BFA334D47BE404367EB58D4E130 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
19:17:43.0065 6208 USBSTOR - ok
19:17:43.0083 6208 [ FC974B03C8B87455F44F734C8F31A3C8 ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
19:17:43.0083 6208 usbuhci - ok
19:17:43.0112 6208 [ 44603DA5A87FB491EF59C889EBBB4DDB ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
19:17:43.0112 6208 USBXHCI - ok
19:17:43.0129 6208 [ 382100E75B6F4668AEAEF228C6CEFFAD ] VaultSvc C:\Windows\system32\lsass.exe
19:17:43.0129 6208 VaultSvc - ok
19:17:43.0144 6208 [ FEB26E3B8345A7E8D62F945C4AE86562 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:17:43.0144 6208 vdrvroot - ok
19:17:43.0175 6208 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A ] vds C:\Windows\System32\vds.exe
19:17:43.0190 6208 vds - ok
19:17:43.0208 6208 [ A026EDEAA5EECAE0B08E2748B616D4BD ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
19:17:43.0208 6208 VerifierExt - ok
19:17:43.0237 6208 [ 8ABB4BABF59F092DF0B43778D8FD1884 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
19:17:43.0237 6208 vhdmp - ok
19:17:43.0253 6208 [ 06D38968028E9AB19DE9B618C7B6D199 ] viaide C:\Windows\system32\drivers\viaide.sys
19:17:43.0253 6208 viaide - ok
19:17:43.0253 6208 [ 511AD3FF957A0127E6BD336FF6F89C38 ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:17:43.0269 6208 vmbus - ok
19:17:43.0269 6208 [ DA40BEA0A863CE768C940CA9723BF81F ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
19:17:43.0269 6208 VMBusHID - ok
19:17:43.0300 6208 [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
19:17:43.0300 6208 vmicguestinterface - ok
19:17:43.0300 6208 [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
19:17:43.0315 6208 vmicheartbeat - ok
19:17:43.0315 6208 [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
19:17:43.0315 6208 vmickvpexchange - ok
19:17:43.0331 6208 [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmicrdv C:\Windows\System32\ICSvc.dll
19:17:43.0331 6208 vmicrdv - ok
19:17:43.0347 6208 [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmicshutdown C:\Windows\System32\ICSvc.dll
19:17:43.0347 6208 vmicshutdown - ok
19:17:43.0362 6208 [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmictimesync C:\Windows\System32\ICSvc.dll
19:17:43.0362 6208 vmictimesync - ok
19:17:43.0378 6208 [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmicvss C:\Windows\System32\ICSvc.dll
19:17:43.0378 6208 vmicvss - ok
19:17:43.0456 6208 [ 0E068DF0796A33D2922EC69652A2C043 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
19:17:43.0456 6208 VMUSBArbService - ok
19:17:43.0550 6208 [ 6DBA40D936A02CDE219D43FD47C845F8 ] vmware-view-usbd C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
19:17:43.0550 6208 vmware-view-usbd - ok
19:17:43.0581 6208 [ 771D3F512B2738338E321556D9D4690F ] vmwsprrdpwks C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
19:17:43.0581 6208 vmwsprrdpwks - ok
19:17:43.0612 6208 [ 436E1A724E7E683F6B612D3D58F04241 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:17:43.0612 6208 volmgr - ok
19:17:43.0628 6208 [ 7DD4EAE2E680948D9AFF3E1B5234C1D3 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:17:43.0645 6208 volmgrx - ok
19:17:43.0675 6208 [ 17F7B0F2298D97F4B6C7A69511033D3D ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:17:43.0690 6208 volsnap - ok
19:17:43.0708 6208 [ DAC438FB5FF85A9E72806E2341D5D732 ] vpci C:\Windows\System32\drivers\vpci.sys
19:17:43.0708 6208 vpci - ok
19:17:43.0725 6208 [ 4539F45F9F4C9757A86A56C949421E07 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:17:43.0737 6208 vsmraid - ok
19:17:43.0769 6208 [ D0CBA7B3531CCF2ADB985856D5F92434 ] VSS C:\Windows\system32\vssvc.exe
19:17:43.0784 6208 VSS - ok
19:17:43.0800 6208 [ 0849B7260F26FE05EA56DED0672E2F4B ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
19:17:43.0800 6208 VSTXRAID - ok
19:17:43.0817 6208 [ 71066FF95C487327E44C8AF1B72EBE8B ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:17:43.0817 6208 vwifibus - ok
19:17:43.0831 6208 [ 29AB43937FFDA0B0FB56984226E698C6 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:17:43.0831 6208 vwififlt - ok
19:17:43.0847 6208 [ 8B8624A93E3F88CB923AEB05B6313227 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:17:43.0862 6208 vwifimp - ok
19:17:43.0878 6208 [ DC821E811EFBB65CDD77FBB8B6ECA385 ] W32Time C:\Windows\system32\w32time.dll
19:17:43.0894 6208 W32Time - ok
19:17:43.0911 6208 [ 0910AB9ED404C1434E2D0376C2AD5D8B ] WacomPen C:\Windows\System32\drivers\wacompen.sys
19:17:43.0911 6208 WacomPen - ok
19:17:43.0925 6208 [ 841345442390953CBC8801B95D3D0540 ] wbengine C:\Windows\system32\wbengine.exe
19:17:43.0940 6208 wbengine - ok
19:17:43.0973 6208 [ 0F1DFA2FED73FA78B8C3CDE332A870F6 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:17:43.0973 6208 WbioSrvc - ok
19:17:43.0987 6208 [ 0EAEC313B24837613621B4A2536ED382 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
19:17:43.0987 6208 Wcmsvc - ok
19:17:44.0019 6208 [ F6B4C2280FF7C7156AC8A4687B9DA35E ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:17:44.0019 6208 wcncsvc - ok
19:17:44.0034 6208 [ B7BF1D783F5B2484E8CE1C0C78257F16 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:17:44.0034 6208 WcsPlugInService - ok
19:17:44.0067 6208 [ F2E08D1C067FEFC3A42D21FD4810F1D3 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
19:17:44.0067 6208 WdBoot - ok
19:17:44.0081 6208 [ CB6C63FF8342B467E2EF76E98D5B934D ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:17:44.0097 6208 Wdf01000 - ok
19:17:44.0112 6208 [ E234820E6B84ABA5E84E00227F505AE8 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
19:17:44.0128 6208 WdFilter - ok
19:17:44.0128 6208 [ F581F9C9D6953FABFA24E67105F0B614 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:17:44.0128 6208 WdiServiceHost - ok
19:17:44.0144 6208 [ F581F9C9D6953FABFA24E67105F0B614 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:17:44.0144 6208 WdiSystemHost - ok
19:17:44.0161 6208 [ A74AD6D80AC26E1B5DD276FC927F2BAC ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
19:17:44.0161 6208 WdNisDrv - ok
19:17:44.0176 6208 WdNisSvc - ok
19:17:44.0206 6208 [ A70CAF5EA36CBA5FCA24244306D4D5C6 ] WebClient C:\Windows\System32\webclnt.dll
19:17:44.0206 6208 WebClient - ok
19:17:44.0223 6208 [ 384E1D04FE20845B2559D292F17A9FA1 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:17:44.0223 6208 Wecsvc - ok
19:17:44.0239 6208 [ 455014F4E48B67EBE0F032E2B0E06BF2 ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
19:17:44.0239 6208 WEPHOSTSVC - ok
19:17:44.0253 6208 [ F13DBA57CEA9B7074B95EDCA6AD2635E ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:17:44.0253 6208 wercplsupport - ok
19:17:44.0270 6208 [ FD7E58B6AA3EABF2D12B9762A20E11E4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:17:44.0270 6208 WerSvc - ok
19:17:44.0301 6208 [ 715ABA3DD164D06457A2A3C92F6EA9D5 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
19:17:44.0301 6208 WFPLWFS - ok
19:17:44.0317 6208 [ 8C840E1FD7584E74BD0CC1EA581EC187 ] WiaRpc C:\Windows\System32\wiarpc.dll
19:17:44.0317 6208 WiaRpc - ok
19:17:44.0364 6208 [ 5F66B7BB330AA80067FC66149A692620 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:17:44.0364 6208 WIMMount - ok
19:17:44.0364 6208 WinDefend - ok
19:17:44.0394 6208 [ 0E70990EC2E5D2331AA5E88DB0CFB826 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
19:17:44.0409 6208 WinHttpAutoProxySvc - ok
19:17:44.0456 6208 [ FC8BD690321216C32BB58B035B6D5674 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:17:44.0456 6208 Winmgmt - ok
19:17:44.0519 6208 [ B56BFFFB740D76E634DB7B4802E36E4E ] WinRM C:\Windows\system32\WsmSvc.dll
19:17:44.0534 6208 WinRM - ok
19:17:44.0581 6208 [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:17:44.0581 6208 WinUsb - ok
19:17:44.0612 6208 [ F6F13FB009D43CE75FDBC35A5A46F9BB ] WlanSvc C:\Windows\System32\wlansvc.dll
19:17:44.0628 6208 WlanSvc - ok
19:17:44.0675 6208 [ 06BF5897949A8F24893F792E876B71F5 ] wlidsvc C:\Windows\system32\wlidsvc.dll
19:17:44.0690 6208 wlidsvc - ok
19:17:44.0706 6208 [ 2834D9D3B4F554A39C72F00EA3F0E128 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
19:17:44.0706 6208 WmiAcpi - ok
19:17:44.0737 6208 [ B96F7A1236C3F21212DE2C40A3DDB005 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:17:44.0737 6208 wmiApSrv - ok
19:17:44.0753 6208 WMPNetworkSvc - ok
19:17:44.0753 6208 [ 7FC5667DF73D4B04AA457CC3A4180E09 ] Wof C:\Windows\system32\drivers\Wof.sys
19:17:44.0770 6208 Wof - ok
19:17:44.0815 6208 [ EDFA5CEDBE174FAAA4A09A6B297AEA42 ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
19:17:44.0815 6208 workfolderssvc - ok
19:17:44.0847 6208 [ A2468CC3509394A33C4C32F99563D845 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
19:17:44.0847 6208 wpcfltr - ok
19:17:44.0862 6208 [ 19F4DF69876DA7E9C4965351560FE6B7 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:17:44.0862 6208 WPCSvc - ok
19:17:44.0894 6208 [ 25BE82B325AC22FE563A58A1AC29F4C1 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:17:44.0894 6208 WPDBusEnum - ok
19:17:44.0894 6208 [ 9F2904B55F6CECCD1A8D986B5CE2609A ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
19:17:44.0894 6208 WpdUpFltr - ok
19:17:44.0925 6208 [ AE072B0339D0A18E455DC21666CAD572 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:17:44.0925 6208 ws2ifsl - ok
19:17:44.0940 6208 [ 501D5EFAB9711039479AE48401386D2B ] wscsvc C:\Windows\System32\wscsvc.dll
19:17:44.0940 6208 wscsvc - ok
19:17:44.0956 6208 WSearch - ok
19:17:44.0972 6208 [ 552BD369EF502489AF40899BDBFF35C6 ] wsnm C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
19:17:44.0988 6208 wsnm - ok
19:17:45.0034 6208 [ 6B2D71124C1EA86B74412F414C42431D ] WSService C:\Windows\System32\WSService.dll
19:17:45.0050 6208 WSService - ok
19:17:45.0112 6208 [ F8AAE8C41092D195C470EE7EF2D0BB01 ] wuauserv C:\Windows\system32\wuaueng.dll
19:17:45.0128 6208 wuauserv - ok
19:17:45.0144 6208 [ 481286719402E4BAEFEA0604AB1B5113 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:17:45.0144 6208 WudfPf - ok
19:17:45.0159 6208 [ D7B4859227B02BCC1055B279A63C937F ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
19:17:45.0159 6208 WUDFRd - ok
19:17:45.0159 6208 [ D7B4859227B02BCC1055B279A63C937F ] WUDFSensorLP C:\Windows\system32\DRIVERS\WUDFRd.sys
19:17:45.0159 6208 WUDFSensorLP - ok
19:17:45.0175 6208 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:17:45.0175 6208 wudfsvc - ok
19:17:45.0191 6208 [ D7B4859227B02BCC1055B279A63C937F ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
19:17:45.0191 6208 WUDFWpdFs - ok
19:17:45.0206 6208 [ D7B4859227B02BCC1055B279A63C937F ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
19:17:45.0206 6208 WUDFWpdMtp - ok
19:17:45.0237 6208 [ A0900F8F628B5AF6841414EB3CF11E50 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:17:45.0237 6208 WwanSvc - ok
19:17:45.0253 6208 ================ Scan global ===============================
19:17:45.0285 6208 [ 3500AF0BA2EF095BF313EEB75D2366C6 ] C:\Windows\system32\basesrv.dll
19:17:45.0300 6208 [ EAB311B0A7A8EA0346F14F08D4BC8F46 ] C:\Windows\system32\winsrv.dll
19:17:45.0315 6208 [ 3600ED7EA8AED849E20700551C0BD63B ] C:\Windows\system32\sxssrv.dll
19:17:45.0347 6208 [ E0C7813A97CA7947FF5C18A8F3B61A45 ] C:\Windows\system32\services.exe
19:17:45.0362 6208 [Global] - ok
19:17:45.0362 6208 ================ Scan MBR ==================================
19:17:45.0362 6208 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
19:17:45.0378 6208 \Device\Harddisk0\DR0 - ok
19:17:45.0378 6208 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
19:17:45.0411 6208 \Device\Harddisk1\DR1 - ok
19:17:45.0426 6208 ================ Scan VBR ==================================
19:17:45.0426 6208 [ 7B6E0BBDB7BB60CBDAC4EA9DBBCFB1D1 ] \Device\Harddisk0\DR0\Partition1
19:17:45.0426 6208 \Device\Harddisk0\DR0\Partition1 - ok
19:17:45.0440 6208 [ 725FF3117B2345BE9DDD1B451FCC0501 ] \Device\Harddisk0\DR0\Partition2
19:17:45.0457 6208 \Device\Harddisk0\DR0\Partition2 - ok
19:17:45.0457 6208 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
19:17:45.0472 6208 \Device\Harddisk0\DR0\Partition3 - ok
19:17:45.0472 6208 [ 9A46419798180A728FEAE1618C879082 ] \Device\Harddisk0\DR0\Partition4
19:17:45.0488 6208 \Device\Harddisk0\DR0\Partition4 - ok
19:17:45.0488 6208 [ 2C53E5B3F10C385F7AEFC58C957A3377 ] \Device\Harddisk1\DR1\Partition1
19:17:45.0488 6208 \Device\Harddisk1\DR1\Partition1 - ok
19:17:45.0488 6208 ============================================================
19:17:45.0488 6208 Scan finished
19:17:45.0488 6208 ============================================================
19:17:45.0504 6248 Detected object count: 0
19:17:45.0504 6248 Actual detected object count: 0
*Finished MBR Scan:
00:22:12.0381 1476 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:22:12.0381 1476 UEFI system
00:22:12.0491 1476 ============================================================
00:22:12.0491 1476 Current date / time: 2017/11/29 00:22:12.0491
00:22:12.0491 1476 SystemInfo:
00:22:12.0491 1476
00:22:12.0491 1476 OS Version: 6.2.9200 ServicePack: 0.0
00:22:12.0491 1476 Product type: Workstation
00:22:12.0491 1476 ComputerName: HP-DESKTOP
00:22:12.0491 1476 UserName: Owner
00:22:12.0491 1476 Windows directory: C:\Windows
00:22:12.0491 1476 System windows directory: C:\Windows
00:22:12.0491 1476 Running under WOW64
00:22:12.0491 1476 Processor architecture: Intel x64
00:22:12.0491 1476 Number of processors: 4
00:22:12.0491 1476 Page size: 0x1000
00:22:12.0491 1476 Boot type: Normal boot
00:22:12.0491 1476 ============================================================
00:22:12.0868 1476 BG loaded
00:22:13.0602 1476 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:22:13.0696 1476 Drive \Device\Harddisk1\DR1 - Size: 0xF49D1C00 (3.82 Gb), SectorSize: 0x200, Cylinders: 0x1F2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:22:13.0696 1476 ============================================================
00:22:13.0696 1476 \Device\Harddisk0\DR0:
00:22:13.0696 1476 GPT partitions:
00:22:13.0711 1476 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {D247555E-D39B-464F-A1A6-73D996B00567}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
00:22:13.0711 1476 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {76457BAD-1730-4F8E-A20E-8F4A7D9F447B}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x32000
00:22:13.0711 1476 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {4F195DDA-4FA4-42B0-92A4-E9039210EB80}, Name: Microsoft reserved partition, StartLBA 0xC8800, BlocksNum 0x40000
00:22:13.0711 1476 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {9B4C8972-8B43-485B-94C6-1B4881B9DE50}, Name: Basic data partition, StartLBA 0x108800, BlocksNum 0xE8D00000
00:22:13.0711 1476 MBR partitions:
00:22:13.0711 1476 \Device\Harddisk1\DR1:
00:22:13.0711 1476 MBR partitions:
00:22:13.0711 1476 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x22, BlocksNum 0x79D48F
00:22:13.0711 1476 ============================================================
00:22:13.0742 1476 C: <-> \Device\Harddisk0\DR0\Partition4
00:22:13.0742 1476 ============================================================
00:22:13.0742 1476 Initialize success
00:22:13.0742 1476 ============================================================
00:22:20.0885 3488 ============================================================
00:22:20.0885 3488 Scan started
00:22:20.0885 3488 Mode: Manual;
00:22:20.0885 3488 ============================================================
00:22:22.0464 3488 ================ Scan system memory ========================
00:22:22.0464 3488 System memory - ok
00:22:22.0464 3488 ================ Scan services =============================
00:22:23.0120 3488 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
00:22:23.0135 3488 1394ohci - ok
00:22:23.0167 3488 [ AD508A1A46EC21B740AB31C28EFDFDB1 ] 3ware C:\Windows\system32\drivers\3ware.sys
00:22:23.0167 3488 3ware - ok
00:22:23.0167 3488 Suspicious service (Hidden): 99224798
00:22:23.0182 3488 99224798 ( HiddenService.Multi.Generic ) - warning
00:22:23.0182 3488 99224798 - detected HiddenService.Multi.Generic (1)
00:22:23.0229 3488 [ E796AE43DDD1844281DB4D57294D17C0 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:22:23.0229 3488 ACPI - ok
00:22:23.0245 3488 [ AC8279D229398BCF05C3154ADCA86813 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
00:22:23.0245 3488 acpiex - ok
00:22:23.0276 3488 [ A8970D9BF23CD309E0403978A1B58F3F ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
00:22:23.0276 3488 acpipagr - ok
00:22:23.0292 3488 [ 111A89C99C5B4F1A7BCE5F643DD86F65 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
00:22:23.0292 3488 AcpiPmi - ok
00:22:23.0292 3488 [ 5758387D68A20AE7D3245011B07E36E7 ] acpitime C:\Windows\System32\drivers\acpitime.sys
00:22:23.0307 3488 acpitime - ok
00:22:23.0323 3488 [ 7C1FDF1B48298CBA7CE4BDD4978951AD ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
00:22:23.0323 3488 ADP80XX - ok
00:22:23.0356 3488 [ BCD58DACAA1EAAADC115EDD940478F6D ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:22:23.0356 3488 AeLookupSvc - ok
00:22:23.0370 3488 [ A460C3AF3755A2A79A3C8EFE72E147B5 ] AFD C:\Windows\system32\drivers\afd.sys
00:22:23.0385 3488 AFD - ok
00:22:23.0401 3488 [ 7DFAEBA9AD62D20102B576D5CAC45EC8 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:22:23.0417 3488 agp440 - ok
00:22:23.0435 3488 [ FE14D249D39368CA62D8DA6BC94AC694 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
00:22:23.0435 3488 ahcache - ok
00:22:23.0448 3488 [ 14A45BE6F5678339F0EC5752D9849410 ] ALG C:\Windows\System32\alg.exe
00:22:23.0465 3488 ALG - ok
00:22:23.0479 3488 [ BC54D9830300C8B4F2B483CD6E0FC4CB ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:22:23.0479 3488 AMD External Events Utility - ok
00:22:23.0495 3488 [ 7589DE749DB6F71A68489DCE04158729 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
00:22:23.0495 3488 AmdK8 - ok
00:22:23.0870 3488 [ 6398021B262BD1531E8523CF5DEFD600 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:22:24.0010 3488 amdkmdag - ok
00:22:24.0058 3488 [ BB4A8E585178DDAE35875D670C41C981 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
00:22:24.0058 3488 amdkmdap - ok
00:22:24.0089 3488 [ B46D2D89AFF8A9490FA8C98C7A5616E3 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
00:22:24.0089 3488 AmdPPM - ok
00:22:24.0105 3488 [ D2BF2F94A47D332814910FD47C6BBCD2 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:22:24.0105 3488 amdsata - ok
00:22:24.0120 3488 [ A8E04943C7BBA7219AA50400272C3C6E ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
00:22:24.0120 3488 amdsbs - ok
00:22:24.0152 3488 [ CEA5F4F27CFC08E3A44D576811B35F50 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:22:24.0152 3488 amdxata - ok
00:22:24.0167 3488 [ 415DD71628795197F7AFC176CBADC74E ] AppID C:\Windows\system32\drivers\appid.sys
00:22:24.0214 3488 AppID - ok
00:22:24.0245 3488 [ 942C8297400FCFB13CEE3F3CD89C5CE5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:22:24.0245 3488 AppIDSvc - ok
00:22:24.0278 3488 [ 734622FBA766DBD65B1803549B24A04A ] Appinfo C:\Windows\System32\appinfo.dll
00:22:24.0278 3488 Appinfo - ok
00:22:24.0434 3488 [ 7D811EA7A2AAA49B0446D42CBC1CD338 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:22:24.0434 3488 Apple Mobile Device Service - ok
00:22:24.0510 3488 [ 35E28923A23ADABAA5A1B43256D0AB58 ] AppReadiness C:\Windows\system32\AppReadiness.dll
00:22:24.0557 3488 AppReadiness - ok
00:22:24.0589 3488 [ E0F846ADE7DED88981D0908DE56FF160 ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
00:22:24.0604 3488 AppXSvc - ok
00:22:24.0621 3488 [ 65045784366F7EC5FB4E71BCF923187B ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:22:24.0621 3488 arcsas - ok
00:22:24.0651 3488 [ 74B14192CF79A72F7536B27CB8814FBD ] atapi C:\Windows\system32\drivers\atapi.sys
00:22:24.0651 3488 atapi - ok
00:22:24.0698 3488 [ 2C7676F892E88FD190F08D98048C7C6C ] athr C:\Windows\system32\DRIVERS\athw8x.sys
00:22:24.0761 3488 athr - ok
00:22:24.0778 3488 [ 431FE56F5A2F5937994CB2DA330B47DB ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
00:22:24.0778 3488 AudioEndpointBuilder - ok
00:22:24.0856 3488 [ 0F03CC00645D7F841879A048787D6AC7 ] Audiosrv C:\Windows\System32\Audiosrv.dll
00:22:24.0856 3488 Audiosrv - ok
00:22:24.0917 3488 [ 3C6ED74AF41DD1A5585CE5EF3D00915F ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:22:24.0933 3488 AxInstSV - ok
00:22:24.0950 3488 [ A4A73F631FE2AA2826FBE4A399B04DEF ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
00:22:24.0950 3488 b06bdrv - ok
00:22:24.0964 3488 [ 8CC7F7E4AFCBA605921B137ED7992C68 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
00:22:24.0964 3488 BasicDisplay - ok
00:22:25.0027 3488 [ 195BD339B4B782B42C19489DCFB4D110 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
00:22:25.0027 3488 BasicRender - ok
00:22:25.0042 3488 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
00:22:25.0042 3488 bcmfn2 - ok
00:22:25.0073 3488 [ 174394F4EF93C117BF7BE3878046A1B1 ] BDESVC C:\Windows\System32\bdesvc.dll
00:22:25.0073 3488 BDESVC - ok
00:22:25.0089 3488 [ EC19013E4CF87609534165DF897274D6 ] Beep C:\Windows\system32\drivers\Beep.sys
00:22:25.0089 3488 Beep - ok
00:22:25.0120 3488 [ 5059D93764340D4EAEDF49C47133118F ] BFE C:\Windows\System32\bfe.dll
00:22:25.0120 3488 BFE - ok
00:22:25.0229 3488 [ 48554994279BFE17A3D2B00076D0CB1A ] BITS C:\Windows\System32\qmgr.dll
00:22:25.0261 3488 BITS - ok
00:22:25.0292 3488 [ B5C2F92EE1106DFE7BB1CCE4D35B6037 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:22:25.0292 3488 Bonjour Service - ok
00:22:25.0308 3488 [ 4938A9236300A356F97E378491EE4844 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:22:25.0308 3488 bowser - ok
00:22:25.0355 3488 [ FA601515FF2B59F25FDD8EDB1D2A1104 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
00:22:25.0355 3488 BrokerInfrastructure - ok
00:22:25.0417 3488 [ BC111AADACD0BF59D56547461D13AB6E ] Browser C:\Windows\System32\browser.dll
00:22:25.0417 3488 Browser - ok
00:22:25.0433 3488 [ A8F23D453A424FF4DE04989C4727ECC7 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
00:22:25.0433 3488 BthAvrcpTg - ok
00:22:25.0464 3488 [ 272A62B660A48AEF366F8A1836CED19F ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
00:22:25.0479 3488 BthHFEnum - ok
00:22:25.0479 3488 [ 71FE2A48E4C93DDB9798C024880B6C07 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
00:22:25.0479 3488 bthhfhid - ok
00:22:25.0511 3488 [ 9307A4B743D277C499CDA8E19E5687AC ] BthHFSrv C:\Windows\System32\BthHFSrv.dll
00:22:25.0511 3488 BthHFSrv - ok
00:22:25.0526 3488 [ EF4B9E7C9AD88C00C18A12B0D22D1894 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
00:22:25.0526 3488 BTHMODEM - ok
00:22:25.0542 3488 [ 043A0F37631BF453F16D478B71320F46 ] bthserv C:\Windows\system32\bthserv.dll
00:22:25.0542 3488 bthserv - ok
00:22:25.0558 3488 [ 2FA6510E33F7DEFEC03658B74101A9B9 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:22:25.0574 3488 cdfs - ok
00:22:25.0590 3488 [ C6796EA22B513E3457514D92DCDB1A3D ] cdrom C:\Windows\System32\drivers\cdrom.sys
00:22:25.0604 3488 cdrom - ok
00:22:25.0636 3488 [ ACFDC4EE40EC6E4A0AB91D923B8288C8 ] CertPropSvc C:\Windows\System32\certprop.dll
00:22:25.0636 3488 CertPropSvc - ok
00:22:25.0667 3488 [ BE9936EDD3267FAAFF94A7835867F00B ] circlass C:\Windows\System32\drivers\circlass.sys
00:22:25.0667 3488 circlass - ok
00:22:25.0698 3488 [ 39D72BA91AFE3C81C1AB0DE41AA07EF3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
00:22:25.0714 3488 CLFS - ok
00:22:25.0729 3488 [ EF6EF85DADC3184A10D8F2F7159973CB ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
00:22:25.0729 3488 CmBatt - ok
00:22:25.0776 3488 [ C8823A6ECE66B997C8E9F413D1D671E7 ] CNG C:\Windows\system32\Drivers\cng.sys
00:22:25.0823 3488 CNG - ok
00:22:25.0870 3488 [ 03AAED827C36F35D70900558B8274905 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
00:22:25.0870 3488 CompositeBus - ok
00:22:25.0870 3488 COMSysApp - ok
00:22:25.0886 3488 [ A1FF7DFBFBE164CF92603C651D304DD2 ] condrv C:\Windows\system32\drivers\condrv.sys
00:22:25.0886 3488 condrv - ok
00:22:25.0934 3488 [ 6324F0D18FB52833BA64BC828E29054C ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:22:25.0934 3488 CryptSvc - ok
00:22:25.0948 3488 [ 315BA4BC19316D72B2E037534E048B93 ] dam C:\Windows\system32\drivers\dam.sys
00:22:25.0964 3488 dam - ok
00:22:26.0012 3488 [ 20CC6E9FE25ACD34BE4FCDDB7B08364D ] DcomLaunch C:\Windows\system32\rpcss.dll
00:22:26.0026 3488 DcomLaunch - ok
00:22:26.0104 3488 [ 95E1ABFB27F8A62ED764805775F0D2F3 ] defragsvc C:\Windows\System32\defragsvc.dll
00:22:26.0120 3488 defragsvc - ok
00:22:26.0292 3488 [ FF086DEF5995558CCB1B5AAC2110195D ] DeviceAssociationService C:\Windows\system32\das.dll
00:22:26.0292 3488 DeviceAssociationService - ok
00:22:26.0324 3488 [ 2C02AFF8383D893F8DBEB07A84F6E77C ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
00:22:26.0339 3488 DeviceInstall - ok
00:22:26.0370 3488 [ 4FED6AD69C9EE1EE7FD3C88437138855 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
00:22:26.0370 3488 Dfsc - ok
00:22:26.0386 3488 [ 3EEAADA3125431980E5804ED7143458A ] Dhcp C:\Windows\system32\dhcpcore.dll
00:22:26.0401 3488 Dhcp - ok
00:22:26.0433 3488 [ 0AC9F83A5508935DE89C447473085EEA ] DiagTrack C:\Windows\system32\diagtrack.dll
00:22:26.0448 3488 DiagTrack - ok
00:22:26.0479 3488 [ BF6D8575DDF30384939B2D5251F27C1F ] disk C:\Windows\system32\drivers\disk.sys
00:22:26.0479 3488 disk - ok
00:22:26.0526 3488 [ CAF3719E7EBB5CAC650F72330D9C5BBE ] dKeySync C:\dKEYUSBCradle\SyncService.exe
00:22:26.0683 3488 dKeySync - ok
00:22:26.0699 3488 [ EB70A894708D1BC176AFD690FF06085F ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
00:22:26.0699 3488 dmvsc - ok
00:22:26.0730 3488 [ D9F407D006C916B7EC167858F88F13EB ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:22:26.0730 3488 Dnscache - ok
00:22:26.0777 3488 [ 811EACBCC7C51A03AE11F13CC27B2AB6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:22:26.0777 3488 dot3svc - ok
00:22:26.0810 3488 [ B99CB575986789A93A683DCF292A43A1 ] DPS C:\Windows\system32\dps.dll
00:22:26.0810 3488 DPS - ok
00:22:26.0824 3488 [ 00C594D5A1DBD22AD8B2902B9F6EFF94 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:22:26.0824 3488 drmkaud - ok
00:22:26.0860 3488 [ 263625A4F616538EB867B6306A6590DB ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
00:22:26.0870 3488 DsmSvc - ok
00:22:26.0980 3488 [ 670E7F15CEEA22C34CED8F4D0EC161BF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:22:26.0997 3488 DXGKrnl - ok
00:22:27.0027 3488 [ E253530BD5EDE28F1FF6AF93C4D8034D ] Eaphost C:\Windows\System32\eapsvc.dll
00:22:27.0027 3488 Eaphost - ok
00:22:27.0153 3488 [ 114BCFDF367FF37C3F1B0A96AF542E4D ] ebdrv C:\Windows\system32\drivers\evbda.sys
00:22:27.0199 3488 ebdrv - ok
00:22:27.0230 3488 [ 382100E75B6F4668AEAEF228C6CEFFAD ] EFS C:\Windows\System32\lsass.exe
00:22:27.0230 3488 EFS - ok
00:22:27.0292 3488 [ 43531A5993380CC5113242C29D265FD9 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
00:22:27.0308 3488 EhStorClass - ok
00:22:27.0324 3488 [ 6F8E738A9505A388B1157FDDE7B3101B ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
00:22:27.0324 3488 EhStorTcgDrv - ok
00:22:27.0339 3488 [ DFFFAE1442BA4076E18EED5E406FA0D3 ] ErrDev C:\Windows\System32\drivers\errdev.sys
00:22:27.0339 3488 ErrDev - ok
00:22:27.0370 3488 [ F00C593994D57C75273F820653440536 ] EventSystem C:\Windows\system32\es.dll
00:22:27.0386 3488 EventSystem - ok
00:22:27.0403 3488 [ 7729D294A555C7AEB281ED8E4D0E01E4 ] exfat C:\Windows\system32\drivers\exfat.sys
00:22:27.0403 3488 exfat - ok
00:22:27.0433 3488 [ 7C4E0D5900B2A1D11EDD626D6DDB937B ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:22:27.0433 3488 fastfat - ok
00:22:27.0480 3488 [ 304B6AEC4639A7CCCCF544C6BA6177B2 ] Fax C:\Windows\system32\fxssvc.exe
00:22:27.0495 3488 Fax - ok
00:22:27.0495 3488 [ 5D8402613E778B3BD45E687A8372710B ] fdc C:\Windows\System32\drivers\fdc.sys
00:22:27.0495 3488 fdc - ok
00:22:27.0511 3488 [ 020D2F29009F893ADEFF4405B4B44565 ] fdPHost C:\Windows\system32\fdPHost.dll
00:22:27.0527 3488 fdPHost - ok
00:22:27.0542 3488 [ E80D2EDD2F88B6E20076A0A4F5A5A245 ] FDResPub C:\Windows\system32\fdrespub.dll
00:22:27.0542 3488 FDResPub - ok
00:22:27.0542 3488 [ 47AB7D16EDE434B934AA4D661456C2D5 ] fhsvc C:\Windows\system32\fhsvc.dll
00:22:27.0558 3488 fhsvc - ok
00:22:27.0558 3488 [ BCFD8B149B3ADF92D0DB1E909CAF0265 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:22:27.0558 3488 FileInfo - ok
00:22:27.0574 3488 [ A1A66C4FDAFD6B0289523232AFB7D8AF ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:22:27.0574 3488 Filetrace - ok
00:22:27.0574 3488 [ BE743083CF7063C486A4398E3AEFE59A ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
00:22:27.0589 3488 flpydisk - ok
00:22:27.0589 3488 [ C1FB505A73FA2E9019D32444AB33B75A ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:22:27.0605 3488 FltMgr - ok
00:22:27.0716 3488 [ 223CD19D2F84B7B42081F4FB530B658F ] FontCache C:\Windows\system32\FntCache.dll
00:22:27.0730 3488 FontCache - ok
00:22:27.0824 3488 [ 1C52387BF5A127F5F3BFB31288F30D93 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:22:27.0840 3488 FontCache3.0.0.0 - ok
00:22:27.0855 3488 [ A7C31B168F371E8E6796219F23E354DB ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:22:27.0855 3488 FsDepends - ok
00:22:27.0886 3488 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:22:27.0902 3488 Fs_Rec - ok
00:22:27.0996 3488 [ 9540C57068902DAA6F272D70E922C090 ] ftnlsv3hv C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
00:22:27.0996 3488 ftnlsv3hv - ok
00:22:28.0183 3488 [ AFC4552FB7F8A1C04FA0EE57A78933FC ] ftscanmgr C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
00:22:28.0214 3488 ftscanmgr - ok
00:22:28.0277 3488 [ D4AB6EE3D715BC44C00277FD934FAACF ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:22:28.0292 3488 fvevol - ok
00:22:28.0324 3488 [ 9591D0B9351ED489EAFD9D1CE52A8015 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
00:22:28.0324 3488 FxPPM - ok
00:22:28.0339 3488 [ FC3EF65EE20D39F8749C2218DBA681CA ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:22:28.0339 3488 gagp30kx - ok
00:22:28.0370 3488 [ 0BF5CAD281E25F1418E5B8875DC5ADD1 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
00:22:28.0370 3488 gencounter - ok
00:22:28.0386 3488 [ 8DF1254093B5C354CE725EB6B9B0DE19 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
00:22:28.0386 3488 GPIOClx0101 - ok
00:22:28.0417 3488 [ 2DAFF4F76A90E3C523C2FE50338537E9 ] gpsvc C:\Windows\System32\gpsvc.dll
00:22:28.0434 3488 gpsvc - ok
00:22:28.0511 3488 [ 0545A3EB959CFA4790D267BFB8C1ACA4 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:22:28.0511 3488 gupdate - ok
00:22:28.0527 3488 [ 0545A3EB959CFA4790D267BFB8C1ACA4 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:22:28.0527 3488 gupdatem - ok
00:22:28.0559 3488 [ FA4AC219AA758EA46D7148059BB9D36E ] hcmon C:\Windows\system32\drivers\hcmon.sys
00:22:28.0559 3488 hcmon - ok
00:22:28.0574 3488 [ 56F69F7C25FB67C970997D7066DBC593 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:22:28.0574 3488 HdAudAddService - ok
00:22:28.0605 3488 [ D4B7ED39C7900384D9E5C1283F1E7926 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
00:22:28.0620 3488 HDAudBus - ok
00:22:28.0620 3488 [ 10A70BC1871CD955D85CD88372724906 ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
00:22:28.0620 3488 HidBatt - ok
00:22:28.0652 3488 [ 42F88B57CAE42FC10059C887B3FCFCEA ] HidBth C:\Windows\System32\drivers\hidbth.sys
00:22:28.0668 3488 HidBth - ok
00:22:28.0685 3488 [ C241A8BAFBBFC90176EA0F5240EACC17 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
00:22:28.0685 3488 hidi2c - ok
00:22:28.0701 3488 [ 9BDDEE26255421017E161CCB9D5EDA95 ] HidIr C:\Windows\System32\drivers\hidir.sys
00:22:28.0701 3488 HidIr - ok
00:22:28.0732 3488 [ EA85B5093DF7B5C3E80362B053740AE2 ] hidserv C:\Windows\system32\hidserv.dll
00:22:28.0732 3488 hidserv - ok
00:22:28.0780 3488 [ 49676FEC898AB2A11B157F848269A56E ] HidUsb C:\Windows\System32\drivers\hidusb.sys
00:22:28.0780 3488 HidUsb - ok
00:22:28.0843 3488 [ A6FFE56E72D6C500A0D2AA0843630D40 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
00:22:28.0843 3488 HitmanProScheduler - ok
00:22:28.0875 3488 [ 93C4315F47F8D635C6DB0DF49FCE10EE ] hkmsvc C:\Windows\system32\kmsvc.dll
00:22:28.0875 3488 hkmsvc - ok
00:22:28.0935 3488 [ AC49522ED106BD4B545D6614D71C2445 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:22:28.0952 3488 HomeGroupListener - ok
00:22:29.0030 3488 [ 99932E30CE0283B73BB6E5019E150394 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:22:29.0030 3488 HomeGroupProvider - ok
00:22:29.0249 3488 [ A6AACEA4C785789BDA5912AD1FEDA80D ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:22:29.0249 3488 HpSAMD - ok
00:22:29.0671 3488 [ 0821D9404151398E43B794828DFBFB07 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:22:29.0685 3488 HTTP - ok
00:22:29.0763 3488 [ 90656C0B3864804B090434EFC582404F ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:22:29.0763 3488 hwpolicy - ok
00:22:29.0873 3488 [ 6D6F9E3BF0484967E52F7E846BFF1CA1 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
00:22:29.0873 3488 hyperkbd - ok
00:22:29.0888 3488 [ 907C870F8C31F8DDD6F090857B46AB25 ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
00:22:29.0888 3488 HyperVideo - ok
00:22:30.0013 3488 [ 49EE0AE9E5B64FFBBD06D55C4984B598 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
00:22:30.0029 3488 i8042prt - ok
00:22:30.0092 3488 [ 5D90E32E36CE5D4C535D17CE08AEAF05 ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
00:22:30.0123 3488 iaLPSSi_GPIO - ok
00:22:30.0154 3488 [ DD05E7E80F52ADE9AEB292819920F32C ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
00:22:30.0154 3488 iaLPSSi_I2C - ok
00:22:30.0529 3488 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
00:22:30.0529 3488 iaStorAV - ok
00:22:30.0685 3488 [ A2200C3033FA4EF249FC096A7A7D02A2 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:22:30.0719 3488 iaStorV - ok
00:22:30.0719 3488 IEEtwCollectorService - ok
00:22:30.0810 3488 [ 02211401EFFC4965C014C8F9696539A2 ] IKEEXT C:\Windows\System32\ikeext.dll
00:22:30.0841 3488 IKEEXT - ok
00:22:30.0857 3488 [ 4E448FCFFD00E8D657CD9E48D3E47157 ] intelide C:\Windows\system32\drivers\intelide.sys
00:22:30.0873 3488 intelide - ok
00:22:30.0889 3488 [ A770340FC02B999EF0DE6C2A6BC8437C ] intelpep C:\Windows\system32\drivers\intelpep.sys
00:22:30.0889 3488 intelpep - ok
00:22:30.0936 3488 [ 47E74A8E53C7C24DCE38311E1451C1D9 ] intelppm C:\Windows\System32\drivers\intelppm.sys
00:22:30.0936 3488 intelppm - ok
00:22:30.0968 3488 [ 9DB76D7F9E4E53EFE5DD8C53DE837514 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:22:30.0968 3488 IpFilterDriver - ok
00:22:31.0138 3488 [ B452623C1DE60544054E784D94A7AA47 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:22:31.0154 3488 iphlpsvc - ok
00:22:31.0216 3488 [ C800DCD904016B2BF6AB541083770A3A ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
00:22:31.0216 3488 IPMIDRV - ok
00:22:31.0279 3488 [ B7342B3C58E91107F6E946A93D9D4EFD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:22:31.0279 3488 IPNAT - ok
00:22:31.0279 3488 [ 97C9EBB84A761D48DC17E0E6B913C164 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:22:31.0295 3488 iPod Service - ok
00:22:31.0295 3488 [ AE44C526AB5F8A487D941CEB57B10C97 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:22:31.0295 3488 IRENUM - ok
00:22:31.0373 3488 [ 8AFEEA3955AA43616A60F133B1D25F21 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:22:31.0373 3488 isapnp - ok
00:22:31.0466 3488 [ C378ED678D1316721A40E1F60FB76184 ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
00:22:31.0482 3488 iScsiPrt - ok
00:22:31.0513 3488 [ 5917AFE4A3F695A54B99C1849C8207FE ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
00:22:31.0513 3488 kbdclass - ok
00:22:31.0545 3488 [ 8CD840A062F6BDF41DDE3ACB96164B72 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
00:22:31.0545 3488 kbdhid - ok
00:22:31.0591 3488 [ 813871C7D402A05F2E3A7075F9584A05 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
00:22:31.0591 3488 kdnic - ok
00:22:31.0623 3488 [ 382100E75B6F4668AEAEF228C6CEFFAD ] KeyIso C:\Windows\system32\lsass.exe
00:22:31.0623 3488 KeyIso - ok
00:22:31.0701 3488 [ 304DA394D958BC3B62AF6DF514005B01 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:22:31.0701 3488 KSecDD - ok
00:22:31.0748 3488 [ 3D4AE520CD6F6FFE549DD195C1F515BE ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:22:31.0763 3488 KSecPkg - ok
00:22:31.0806 3488 [ 11AFB527AA370B1DAFD5C36F35F6D45F ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:22:31.0806 3488 ksthunk - ok
00:22:31.0869 3488 [ C1591A66028C71147A3E2EAB0B1CCB7E ] KtmRm C:\Windows\system32\msdtckrm.dll
00:22:31.0884 3488 KtmRm - ok
00:22:31.0947 3488 [ B75ADC97905F43C7C946F1465A8697BD ] LanmanServer C:\Windows\system32\srvsvc.dll
00:22:31.0947 3488 LanmanServer - ok
00:22:32.0026 3488 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:22:32.0103 3488 LanmanWorkstation - ok
00:22:32.0166 3488 [ 8B9F3796EC1762CF255BDB324E5529C8 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll
00:22:32.0166 3488 lfsvc - ok
00:22:32.0212 3488 [ C09010B3680860131631F53E8FE7BAD8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:22:32.0212 3488 lltdio - ok
00:22:32.0244 3488 [ DAE98CC96C5EE308BF4EA7B18F226CB8 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:22:32.0244 3488 lltdsvc - ok
00:22:32.0275 3488 [ 1E2662D847B7D9995C65D90D254A7E0F ] lmhosts C:\Windows\System32\lmhsvc.dll
00:22:32.0275 3488 lmhosts - ok
00:22:32.0290 3488 [ C755AE4635457AA2A11F79C0DF857ABC ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:22:32.0290 3488 LSI_SAS - ok
00:22:32.0306 3488 [ ADAC09CBE7A2040B7F68B5E5C9A75141 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
00:22:32.0306 3488 LSI_SAS2 - ok
00:22:32.0322 3488 [ 04D1274BB9BBCCF12BD12374002AA191 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys
00:22:32.0322 3488 LSI_SAS3 - ok
00:22:32.0353 3488 [ 327469EEF3833D0C584B7E88A76AEC0C ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
00:22:32.0353 3488 LSI_SSS - ok
00:22:32.0509 3488 [ 9A7A7E45DAED2E8C2816716D8D28236A ] LSM C:\Windows\System32\lsm.dll
00:22:32.0509 3488 LSM - ok
00:22:32.0557 3488 [ B0AF753AF28303BB69C67BD85F06FFC9 ] luafv C:\Windows\system32\drivers\luafv.sys
00:22:32.0681 3488 luafv - ok
00:22:32.0744 3488 [ EB5C03A070F30D64A6DF80E53B22F53F ] megasas C:\Windows\system32\drivers\megasas.sys
00:22:32.0744 3488 megasas - ok
00:22:32.0806 3488 [ F6F13533196DE7A582D422B0241E4363 ] megasr C:\Windows\system32\drivers\megasr.sys
00:22:32.0806 3488 megasr - ok
00:22:32.0853 3488 [ 4C5179DB61B9E14BEC15CDC4B152B2E9 ] MMCSS C:\Windows\system32\mmcss.dll
00:22:32.0853 3488 MMCSS - ok
00:22:32.0884 3488 [ 8B38C44F69259987C95135C9627E2378 ] Modem C:\Windows\system32\drivers\modem.sys
00:22:32.0884 3488 Modem - ok
00:22:32.0915 3488 [ 601589000CC90F0DF8DA2CC254A3CCC9 ] monitor C:\Windows\System32\drivers\monitor.sys
00:22:32.0915 3488 monitor - ok
00:22:32.0947 3488 [ 08374E4E5B8914DE6067CBA99F61E930 ] mouclass C:\Windows\System32\drivers\mouclass.sys
00:22:32.0947 3488 mouclass - ok
00:22:33.0009 3488 [ 5FCBAB60598AE119E02B4C27DE6B99EA ] mouhid C:\Windows\System32\drivers\mouhid.sys
00:22:33.0009 3488 mouhid - ok
00:22:33.0087 3488 [ E5E8665272EBCD87A0A632314F0D221D ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:22:33.0087 3488 mountmgr - ok
00:22:33.0119 3488 [ 30813D30C0F03BB6D2B584C665C83F25 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:22:33.0134 3488 MozillaMaintenance - ok
00:22:33.0150 3488 [ 6FC047578785B0435F4E2660946D1ADC ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:22:33.0150 3488 mpsdrv - ok
00:22:33.0181 3488 [ D1418745A5472F3930A288E05B9E2C05 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:22:33.0181 3488 MpsSvc - ok
00:22:33.0212 3488 [ 3F818C1518DA702C8F10259095C9BDE0 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:22:33.0212 3488 MRxDAV - ok
00:22:33.0290 3488 [ E2FC654EC895E92A022794329BFC53EC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:22:33.0322 3488 mrxsmb - ok
00:22:33.0353 3488 [ AFE6DC2E57E876175BA074AD2CB5594F ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:22:33.0634 3488 mrxsmb10 - ok
00:22:33.0744 3488 [ B37B58F9F80A51098C42663D5FA5F2BA ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:22:33.0775 3488 mrxsmb20 - ok
00:22:33.0790 3488 [ F3C060444777A59FC63D920719E43CCD ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
00:22:33.0807 3488 MsBridge - ok
00:22:33.0825 3488 [ 915747E010A9414B069173284A9B93F4 ] MSDTC C:\Windows\System32\msdtc.exe
00:22:33.0838 3488 MSDTC - ok
00:22:33.0869 3488 [ D13329FBF8345B28AB30F44CC247DC08 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:22:33.0869 3488 Msfs - ok
00:22:33.0931 3488 [ C6B474E46F9E543B875981ED3FFE6ADD ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
00:22:33.0931 3488 msgpiowin32 - ok
00:22:33.0947 3488 [ 65C92EB9D08DB5C69F28C7FFD4E84E31 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:22:33.0947 3488 mshidkmdf - ok
00:22:33.0947 3488 [ 52299F086AC2DAFD100DD5DC4A8614BA ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
00:22:33.0962 3488 mshidumdf - ok
00:22:33.0980 3488 [ 36D92AF3343C3A3E57FEF11C449AEA4C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:22:33.0980 3488 msisadrv - ok
00:22:34.0040 3488 [ A06142B3850B06972F1C89748FAA2C02 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:22:34.0056 3488 MSiSCSI - ok
00:22:34.0056 3488 msiserver - ok
00:22:34.0088 3488 [ A9BBBD2BAE6142253B9195E949AC2E8D ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:22:34.0088 3488 MSKSSRV - ok
00:22:34.0103 3488 [ 51B3AC0560848CD6D65AC2033E293113 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
00:22:34.0103 3488 MsLldp - ok
00:22:34.0103 3488 [ 7B2128EB875DCBC006E6A913211006D6 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:22:34.0103 3488 MSPCLOCK - ok
00:22:34.0134 3488 [ 1E88171579B218115C7A772F8DE04BD8 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:22:34.0134 3488 MSPQM - ok
00:22:34.0197 3488 [ BBE2A455053E63BECBF42C2F9B21FAE0 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:22:34.0228 3488 MsRPC - ok
00:22:34.0262 3488 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
00:22:34.0262 3488 mssmbios - ok
00:22:34.0290 3488 [ 115019AE01E0EB9C048530D2928AB4A2 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:22:34.0290 3488 MSTEE - ok
00:22:34.0290 3488 [ 96D604A35070360F0DD4A7A8AF410B5E ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
00:22:34.0306 3488 MTConfig - ok
00:22:34.0354 3488 [ 438EA7A2D8D4F9B8AFB64748ACA70BA8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:22:34.0354 3488 Mup - ok
00:22:34.0384 3488 [ B8C35C94DCB2DFEAF03BB42131F2F77F ] mvumis C:\Windows\system32\drivers\mvumis.sys
00:22:34.0400 3488 mvumis - ok
00:22:34.0478 3488 [ 8DF30698BDD9492A9D45A4B94FB4A82A ] napagent C:\Windows\system32\qagentRT.dll
00:22:34.0478 3488 napagent - ok
00:22:34.0526 3488 [ BB78990894F14D725EBD301E1945BF0F ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:22:34.0603 3488 NativeWifiP - ok
00:22:34.0619 3488 [ BFCE1225D10619029E68946929CEB64C ] NcaSvc C:\Windows\System32\ncasvc.dll
00:22:34.0634 3488 NcaSvc - ok
00:22:34.0681 3488 [ 267C97373110B7AFD3B46DF60B6CBB85 ] NcbService C:\Windows\System32\ncbservice.dll
00:22:34.0697 3488 NcbService - ok
00:22:34.0729 3488 [ 0813B71EAF097208DC76CE0605B48AF0 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
00:22:34.0729 3488 NcdAutoSetup - ok
00:22:34.0807 3488 [ FFAA6C6E798FBA448FA7628A1B277F5C ] NDIS C:\Windows\system32\drivers\ndis.sys
00:22:34.0827 3488 NDIS - ok
00:22:34.0838 3488 [ 8CECC8DA55F3274181FD1EA28AD76664 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:22:34.0854 3488 NdisCap - ok
00:22:34.0885 3488 [ 269882812E9A68FFF1AFE1283D428322 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
00:22:34.0885 3488 NdisImPlatform - ok
00:22:34.0932 3488 [ 82821F4EEC776B4CF11695A38F3ABA46 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:22:34.0932 3488 NdisTapi - ok
00:22:34.0947 3488 [ B832B35055BA2B7B4181861FF94D8E59 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:22:34.0947 3488 Ndisuio - ok
00:22:34.0980 3488 [ 1F58E48EF75F34C35D8E93A0DC535CFE ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys
00:22:34.0980 3488 NdisVirtualBus - ok
00:22:35.0057 3488 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:22:35.0057 3488 NdisWan - ok
00:22:35.0057 3488 [ C3755FCF9A0B5C6FE8ED9E873B85D3CE ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys
00:22:35.0073 3488 NdisWanLegacy - ok
00:22:35.0073 3488 [ DDD7F92A83F74D1476B71FBA9530A8DC ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:22:35.0073 3488 NDProxy - ok
00:22:35.0121 3488 [ 3083926D1CC5B56EA0786527B557DD1B ] Ndu C:\Windows\system32\drivers\Ndu.sys
00:22:35.0121 3488 Ndu - ok
00:22:35.0135 3488 [ 42FF4975D032CAE558AE4BB8448F6E5A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:22:35.0135 3488 NetBIOS - ok
00:22:35.0182 3488 [ 0FE750800DEEE91D22399D081371BA79 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:22:35.0276 3488 NetBT - ok
00:22:35.0291 3488 [ 382100E75B6F4668AEAEF228C6CEFFAD ] Netlogon C:\Windows\system32\lsass.exe
00:22:35.0291 3488 Netlogon - ok
00:22:35.0338 3488 [ 8F074B62E66B6117D9598C62A12069C5 ] Netman C:\Windows\System32\netman.dll
00:22:35.0338 3488 Netman - ok
00:22:35.0448 3488 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45 ] netprofm C:\Windows\System32\netprofmsvc.dll
00:22:35.0448 3488 netprofm - ok
00:22:35.0526 3488 [ 10D5997E2F5F16FE3BC3BD1A4BF31EA8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:22:35.0541 3488 NetTcpPortSharing - ok
00:22:35.0573 3488 [ D4DCE03870314D3354F3501F9DDD4123 ] netvsc C:\Windows\System32\drivers\netvsc63.sys
00:22:35.0573 3488 netvsc - ok
00:22:35.0604 3488 [ E94EB2A95D7D016E119C4D6868788831 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:22:35.0604 3488 NlaSvc - ok
00:22:35.0620 3488 [ 8F44A2F57C9F1A19AC9C6288C10FB351 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:22:35.0620 3488 Npfs - ok
00:22:35.0650 3488 [ CBDB4F0871C88DF930FC0E8588CA67FC ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
00:22:35.0650 3488 npsvctrig - ok
00:22:35.0666 3488 [ 0F12A72A753CFD7FB0631EE8D08FE983 ] nsi C:\Windows\system32\nsisvc.dll
00:22:35.0713 3488 nsi - ok
00:22:35.0744 3488 [ 018510D88536798852DAE12F9BA6E138 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:22:35.0760 3488 nsiproxy - ok
00:22:35.0807 3488 [ 9907FCC207E470F94B9DB6BD037E79C4 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:22:35.0822 3488 Ntfs - ok
00:22:35.0839 3488 [ EF1B290FC9F0E47CC0B537292BEE5904 ] Null C:\Windows\system32\drivers\Null.sys
00:22:35.0854 3488 Null - ok
00:22:35.0885 3488 [ BC6B5942AFF25EBAF62DE43C3807EDF8 ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:22:35.0885 3488 nvraid - ok
00:22:35.0900 3488 [ 1F43ABFFAC3D6CA356851D517392966E ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:22:35.0900 3488 nvstor - ok
00:22:35.0916 3488 [ 6934A936A7369DFE37B7DBA93F5E5E49 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:22:35.0916 3488 nv_agp - ok
00:22:35.0932 3488 [ 26657F3B4F39A0E64AF859278B599C4E ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:22:35.0947 3488 p2pimsvc - ok
00:22:35.0979 3488 [ FD8F61F0D1F64BBB3D835F39A3F979C9 ] p2psvc C:\Windows\system32\p2psvc.dll
00:22:35.0979 3488 p2psvc - ok
00:22:36.0010 3488 [ 57DCE4FB0467986AE78E1C6FC5240D32 ] Parport C:\Windows\System32\drivers\parport.sys
00:22:36.0010 3488 Parport - ok
00:22:36.0026 3488 [ BAFF6122CFC9F95CA175AD8C348179A4 ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:22:36.0026 3488 partmgr - ok
00:22:36.0073 3488 [ C37AFACC6F809061A9CB5A8A863894F2 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:22:36.0073 3488 PcaSvc - ok
00:22:36.0166 3488 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4 ] pci C:\Windows\system32\drivers\pci.sys
00:22:36.0182 3488 pci - ok
00:22:36.0182 3488 [ 346E38FCC6859A727DD28AFAD1F0AFF4 ] pciide C:\Windows\system32\drivers\pciide.sys
00:22:36.0182 3488 pciide - ok
00:22:36.0197 3488 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:22:36.0197 3488 pcmcia - ok
00:22:36.0229 3488 [ BF28771D1436C88BE1D297D3098B0F7D ] pcw C:\Windows\system32\drivers\pcw.sys
00:22:36.0229 3488 pcw - ok
00:22:36.0244 3488 [ E6B3ACBA06BAF48594557FCCBFA66FD2 ] pdc C:\Windows\system32\drivers\pdc.sys
00:22:36.0307 3488 pdc - ok
00:22:36.0339 3488 [ 0ECEE590F2E2EF969FB74A6FC583A1E6 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:22:36.0339 3488 PEAUTH - ok
00:22:36.0401 3488 [ 8E3C640FFF5A963F570233AE99C0FFF3 ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:22:36.0401 3488 PerfHost - ok
00:22:36.0588 3488 [ 70B39E7241F750A248798CE82C44596D ] pla C:\Windows\system32\pla.dll
00:22:36.0619 3488 pla - ok
00:22:36.0666 3488 [ 2C02AFF8383D893F8DBEB07A84F6E77C ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:22:36.0666 3488 PlugPlay - ok
00:22:36.0683 3488 [ 4570F8A37D221660F3A09D6F4DD4BA94 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:22:36.0683 3488 PNRPAutoReg - ok
00:22:36.0745 3488 [ 26657F3B4F39A0E64AF859278B599C4E ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:22:36.0745 3488 PNRPsvc - ok
00:22:36.0808 3488 [ 0FF8507A8B901B904E98EB36B9E347EE ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:22:36.0822 3488 PolicyAgent - ok
00:22:36.0838 3488 [ C8DD82C3035E60D671B8CC5DF128D3A9 ] Power C:\Windows\system32\umpo.dll
00:22:36.0838 3488 Power - ok
00:22:36.0947 3488 [ F6EA63145C20A23732AD2CA1EBA65FA1 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
00:22:37.0588 3488 PrintNotify - ok
00:22:37.0668 3488 [ ECD373F9571C745894367CC2635EA44F ] Processor C:\Windows\System32\drivers\processr.sys
00:22:37.0668 3488 Processor - ok
00:22:37.0761 3488 [ 6E409D818C6B342544EAE741B1422B85 ] ProfSvc C:\Windows\system32\profsvc.dll
00:22:37.0761 3488 ProfSvc - ok
00:22:37.0809 3488 [ FC0141B4A5AD6D637D883C1A89FC45C5 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:22:37.0809 3488 Psched - ok
00:22:37.0918 3488 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5 ] QWAVE C:\Windows\system32\qwave.dll
00:22:37.0918 3488 QWAVE - ok
00:22:37.0963 3488 [ 83868EB2924E6BC21A54337C65D614D1 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:22:37.0963 3488 QWAVEdrv - ok
00:22:37.0979 3488 [ B337B1F1E82A83E20A1743E008E25C0F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:22:37.0979 3488 RasAcd - ok
00:22:38.0041 3488 [ 044638489B4A5FE5334F46C5314A0826 ] RasAuto C:\Windows\System32\rasauto.dll
00:22:38.0057 3488 RasAuto - ok
00:22:38.0168 3488 [ 0A655DD285E4E1E2975CEAB8FDE75295 ] RasMan C:\Windows\System32\rasmans.dll
00:22:38.0198 3488 RasMan - ok
00:22:38.0230 3488 [ 5247F308C4103CDC4FE12AE1D235800A ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:22:38.0230 3488 RasPppoe - ok
00:22:38.0307 3488 [ D67ED4AB59D1EF66B05AD1A81AC28B26 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:22:38.0307 3488 rdbss - ok
00:22:38.0338 3488 [ 6B21EBF892CD8CACB71669B35AB5DE32 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
00:22:38.0338 3488 rdpbus - ok
00:22:38.0371 3488 [ 680C1DAE268B6FB67FA21B389A8B79EF ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
00:22:38.0371 3488 RDPDR - ok
00:22:38.0449 3488 [ BC8A79C625568DDB7DCA49D0C2741A64 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:22:38.0463 3488 RdpVideoMiniport - ok
00:22:38.0496 3488 [ A26AEC49F318FEE141DDDB2C5F99B3E6 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:22:38.0496 3488 rdyboost - ok
00:22:38.0619 3488 [ 2D39BCFA4DD1081B8F282B623456B858 ] ReFS C:\Windows\system32\drivers\ReFS.sys
00:22:38.0666 3488 ReFS - ok
00:22:38.0713 3488 [ DF78648AC3C8DC9D70E6714AF785382F ] RemoteAccess C:\Windows\System32\mprdim.dll
00:22:38.0729 3488 RemoteAccess - ok
00:22:38.0776 3488 [ 7594FEFBAD6BA4645CE7AA175C19BAD0 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:22:38.0776 3488 RemoteRegistry - ok
00:22:38.0854 3488 [ 65B9FDE300A6DECC03BA44C4616DCAD6 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:22:38.0869 3488 RpcEptMapper - ok
00:22:38.0963 3488 [ A737B433ABAF3F2DCB2BD7B4CC582B26 ] RpcLocator C:\Windows\system32\locator.exe
00:22:38.0963 3488 RpcLocator - ok
00:22:39.0104 3488 [ 20CC6E9FE25ACD34BE4FCDDB7B08364D ] RpcSs C:\Windows\system32\rpcss.dll
00:22:39.0119 3488 RpcSs - ok
00:22:39.0183 3488 [ 2D05A5508F4685412F2B89E8C2189ABC ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:22:39.0183 3488 rspndr - ok
00:22:39.0260 3488 [ 3AB1AA5155684F40E2F5215A258D2471 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
00:22:39.0277 3488 RTL8168 - ok
00:22:39.0369 3488 [ AAC76DA735718DB96E95509BCFCD75CB ] RTLU3E8023-W8-64 C:\Windows\system32\DRIVERS\rtu30x64w8.sys
00:22:39.0385 3488 RTLU3E8023-W8-64 - ok
00:22:39.0465 3488 [ 1A063730F221B2746FF00457AE17E4F0 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
00:22:39.0479 3488 s3cap - ok
00:22:39.0494 3488 [ 382100E75B6F4668AEAEF228C6CEFFAD ] SamSs C:\Windows\system32\lsass.exe
00:22:39.0494 3488 SamSs - ok
00:22:39.0541 3488 [ C624A1B32211C3166EDB3F4AB02A30B7 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:22:39.0541 3488 sbp2port - ok
00:22:39.0776 3488 [ 74A3B67F03877D06B09B1B40C5ED582E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:22:39.0776 3488 SCardSvr - ok
00:22:39.0947 3488 [ 92D2FA1870F4EB4A9BA767DB6E0DEF6F ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
00:22:39.0947 3488 ScDeviceEnum - ok
00:22:40.0432 3488 [ FA7ABD857DEB0FE3C94CC39A4C845E66 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:22:40.0447 3488 scfilter - ok
00:22:40.0729 3488 [ 3151A020E03DDE31AAC49F35C5EFB4DB ] Schedule C:\Windows\system32\schedsvc.dll
00:22:40.0729 3488 Schedule - ok
00:22:40.0854 3488 [ ACFDC4EE40EC6E4A0AB91D923B8288C8 ] SCPolicySvc C:\Windows\System32\certprop.dll
00:22:40.0854 3488 SCPolicySvc - ok
00:22:40.0980 3488 [ C54B6B2170BF628FD42F799A66956D75 ] sdbus C:\Windows\System32\drivers\sdbus.sys
00:22:40.0980 3488 sdbus - ok
00:22:41.0074 3488 [ 0B1E929D11A8E358106955603FAC65E8 ] sdstor C:\Windows\System32\drivers\sdstor.sys
00:22:41.0088 3488 sdstor - ok
00:22:41.0182 3488 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:22:41.0182 3488 secdrv - ok
00:22:41.0260 3488 [ 6627154693B6C2B8A59727F5B38728E8 ] seclogon C:\Windows\system32\seclogon.dll
00:22:41.0260 3488 seclogon - ok
00:22:41.0338 3488 [ 81FE9A81EDF8016816C9E91FBFBF7D35 ] SENS C:\Windows\System32\sens.dll
00:22:41.0338 3488 SENS - ok
00:22:41.0447 3488 [ 6E4012AE67F09F867EF620C8D5524C0B ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:22:41.0463 3488 SensrSvc - ok
00:22:41.0525 3488 [ DB2FF24CE0BDD15FE75870AFE312BA89 ] SerCx C:\Windows\system32\drivers\SerCx.sys
00:22:41.0541 3488 SerCx - ok
00:22:41.0588 3488 [ 0044B31F93946D5D41982314381FE431 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys
00:22:41.0588 3488 SerCx2 - ok
00:22:41.0666 3488 [ 1F0135949A6AD6025F363F80FE268251 ] Serenum C:\Windows\System32\drivers\serenum.sys
00:22:41.0666 3488 Serenum - ok
00:22:41.0729 3488 [ 81633C87B42B63BA484A6177179AC750 ] Serial C:\Windows\System32\drivers\serial.sys
00:22:41.0729 3488 Serial - ok
00:22:41.0808 3488 [ 148195AE95D9BC7375A08846439FDAC1 ] sermouse C:\Windows\System32\drivers\sermouse.sys
00:22:41.0822 3488 sermouse - ok
00:22:41.0949 3488 [ 624BB76941938B9F5776DEA56004D33E ] SessionEnv C:\Windows\system32\sessenv.dll
00:22:41.0965 3488 SessionEnv - ok
00:22:42.0012 3488 [ 472B7A5AC181C050888DB454663DD764 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
00:22:42.0027 3488 sfloppy - ok
00:22:42.0184 3488 [ 8081FF3DAE8159FE8956B09BC29CE983 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:22:42.0215 3488 SharedAccess - ok
00:22:42.0387 3488 [ 7FD9A61A3523A61FC135D61D6E160314 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:22:42.0387 3488 ShellHWDetection - ok
00:22:42.0480 3488 [ 693C0C1A4F89BED4CEA1FA291638C02B ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys
00:22:43.0168 3488 silabenm - ok
00:22:43.0200 3488 [ CD54DDA4898439ADB7A2E26EB9133028 ] silabser C:\Windows\system32\DRIVERS\silabser.sys
00:22:43.0215 3488 silabser - ok
00:22:43.0246 3488 [ 2F518D13DD6F3053837FE606F1A2EA1F ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
00:22:43.0246 3488 SiSRaid2 - ok
00:22:43.0293 3488 [ 1AC9A200A9C49C4508F04AAFFCA34A3F ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:22:43.0310 3488 SiSRaid4 - ok
00:22:43.0451 3488 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3 ] smphost C:\Windows\System32\smphost.dll
00:22:43.0465 3488 smphost - ok
00:22:43.0543 3488 [ 961507DB02D7AC0B7A7828D457143B8E ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:22:43.0543 3488 SNMPTRAP - ok
00:22:43.0683 3488 [ F6AF6499C3788105EA7AF1DA27769A77 ] spaceport C:\Windows\system32\drivers\spaceport.sys
00:22:43.0683 3488 spaceport - ok
00:22:43.0730 3488 [ F337BE11071818FC3F5DC2940B6BDE34 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
00:22:43.0730 3488 SpbCx - ok
00:22:43.0918 3488 [ FCB156A6745631A67DEA61827061D483 ] Spooler C:\Windows\System32\spoolsv.exe
00:22:43.0918 3488 Spooler - ok
00:22:44.0543 3488 [ F264662C057A54AA2DE41B3C7551712F ] sppsvc C:\Windows\system32\sppsvc.exe
00:22:44.0668 3488 sppsvc - ok
00:22:44.0746 3488 [ 3D0CA97EA01210E0BC032EB6FDCCF03D ] srv C:\Windows\system32\DRIVERS\srv.sys
00:22:44.0793 3488 srv - ok
00:22:44.0919 3488 [ FD4A645C5BA587257A97D7AC46212F4A ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:22:45.0435 3488 srv2 - ok
00:22:46.0027 3488 [ D3EAE998706531157CBEA3F5218435BC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:22:46.0344 3488 srvnet - ok
00:22:46.0387 3488 [ CF6C3037839CF78421A94F9060C2886F ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:22:46.0390 3488 SSDPSRV - ok
00:22:46.0406 3488 [ 198A737DBA666F4808D62E9A8277A6B7 ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:22:46.0406 3488 SstpSvc - ok
00:22:46.0515 3488 [ 857693A4DA826BCD422C48114AA72B10 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
00:22:46.0937 3488 STacSV - ok
00:22:46.0952 3488 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B ] stexstor C:\Windows\system32\drivers\stexstor.sys
00:22:46.0968 3488 stexstor - ok
00:22:46.0984 3488 [ A73F13903345464F04D463B84890A271 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
00:22:46.0999 3488 STHDA - ok
00:22:47.0016 3488 [ 63E9CE568CF1192771A5F0460DE7D2B9 ] stisvc C:\Windows\System32\wiaservc.dll
00:22:47.0031 3488 stisvc - ok
00:22:47.0046 3488 [ 0ED2E318ABB68C1A35A8B8038BDB4C90 ] storahci C:\Windows\system32\drivers\storahci.sys
00:22:47.0046 3488 storahci - ok
00:22:47.0077 3488 [ 8B9486B64E5FC17FB9CC04CA10B77A34 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
00:22:47.0077 3488 storflt - ok
00:22:47.0093 3488 [ 1D5A045F59D216448FCDE3A8D69970E2 ] stornvme C:\Windows\system32\drivers\stornvme.sys
00:22:47.0093 3488 stornvme - ok
00:22:47.0109 3488 [ A45F5AC9D8069D0EC66E3CA73103073B ] StorSvc C:\Windows\system32\storsvc.dll
00:22:47.0124 3488 StorSvc - ok
00:22:47.0124 3488 [ 548759755BC73DAD663250239D7E0B9F ] storvsc C:\Windows\system32\drivers\storvsc.sys
00:22:47.0124 3488 storvsc - ok
00:22:47.0140 3488 [ E395BE02F80A79A6CF973BA38DBB8135 ] svsvc C:\Windows\system32\svsvc.dll
00:22:47.0265 3488 svsvc - ok
00:22:47.0281 3488 [ 65454187E0F8B6C0DCECB0287D06EC43 ] swenum C:\Windows\System32\drivers\swenum.sys
00:22:47.0281 3488 swenum - ok
00:22:47.0296 3488 [ 1C71D72D4997A284128FBEE770726330 ] swprv C:\Windows\System32\swprv.dll
00:22:47.0312 3488 swprv - ok
00:22:47.0343 3488 [ 7E85DB0463AD2403AE84AD162B162279 ] SysMain C:\Windows\system32\sysmain.dll
00:22:47.0343 3488 SysMain - ok
00:22:47.0421 3488 [ D73DBBB96CEE90C2856164AAD8543425 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
00:22:47.0437 3488 SystemEventsBroker - ok
00:22:47.0468 3488 [ 54A1F83B166F1062000A0D816CB3B43A ] TabletInputService C:\Windows\System32\TabSvc.dll
00:22:47.0468 3488 TabletInputService - ok
00:22:47.0515 3488 [ 5A5BAB1CA9621E73E25EE4744B67CDA6 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:22:47.0531 3488 TapiSrv - ok
00:22:47.0578 3488 [ 4C58B60C1E6A2946D6E3D67A36E5E03E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:22:47.0609 3488 Tcpip - ok
00:22:47.0703 3488 [ 4C58B60C1E6A2946D6E3D67A36E5E03E ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:22:47.0703 3488 TCPIP6 - ok
00:22:47.0734 3488 [ 41CF802064F72E55F50CA0A221FD36D4 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:22:47.0734 3488 tcpipreg - ok
00:22:47.0765 3488 [ 576FA545FAB846B06E79B324160DE25C ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:22:47.0812 3488 tdx - ok
00:22:47.0843 3488 [ 232D185D2337F141311D0CF1983E1431 ] terminpt C:\Windows\System32\drivers\terminpt.sys
00:22:47.0843 3488 terminpt - ok
00:22:47.0890 3488 [ 76938862B2674EFED79E814CD36E6A08 ] TermService C:\Windows\System32\termsrv.dll
00:22:47.0906 3488 TermService - ok
00:22:47.0952 3488 [ 2180DBCE75B914E5E5BBFFFAAE97AA21 ] Themes C:\Windows\system32\themeservice.dll
00:22:47.0952 3488 Themes - ok
00:22:48.0048 3488 [ 4C5179DB61B9E14BEC15CDC4B152B2E9 ] THREADORDER C:\Windows\system32\mmcss.dll
00:22:48.0048 3488 THREADORDER - ok
00:22:48.0095 3488 [ B5ED9CC61798C7D44BD535D40B89EFB5 ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
00:22:48.0095 3488 TimeBroker - ok
00:22:48.0172 3488 [ 80A2FC1A089A71F2DBE5D8394FFB009F ] TPM C:\Windows\system32\drivers\tpm.sys
00:22:48.0187 3488 TPM - ok
00:22:48.0204 3488 [ 884113C2BB703FE806C8608B75F34831 ] TrkWks C:\Windows\System32\trkwks.dll
00:22:48.0204 3488 TrkWks - ok
00:22:48.0281 3488 [ 44A94FB4C76528D2382FFE04B05827C3 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:22:48.0281 3488 TrustedInstaller - ok
00:22:48.0296 3488 [ BF8F54CA37E9C9D6582C31C5761F8C93 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:22:48.0296 3488 TsUsbFlt - ok
00:22:48.0312 3488 [ 20185BEB7512EDE4EFECDFA148AC9F99 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
00:22:48.0328 3488 TsUsbGD - ok
00:22:48.0343 3488 [ E85916632CD3B9E9B546968DB950BF42 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:22:48.0343 3488 tunnel - ok
00:22:48.0374 3488 [ F6EEAD052943B5A3104C1405BB856C54 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:22:48.0374 3488 uagp35 - ok
00:22:48.0421 3488 [ FE6067B1FD4E63650C667B33D080565B ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
00:22:48.0421 3488 UASPStor - ok
00:22:48.0437 3488 [ 807F8CF3E973305FC435C61CBBEE2A49 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
00:22:48.0437 3488 UCX01000 - ok
00:22:48.0484 3488 [ C61EAF8E1E4B2F62BA4FDF457440B2C6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:22:48.0484 3488 udfs - ok
00:22:48.0499 3488 [ 9578691F297E1B1F519970FE6D47CB21 ] UEFI C:\Windows\System32\drivers\UEFI.sys
00:22:48.0499 3488 UEFI - ok
00:22:48.0531 3488 [ A867F0F978EE64C87FADC3B100869EE4 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:22:48.0531 3488 UI0Detect - ok
00:22:48.0578 3488 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:22:48.0578 3488 uliagpkx - ok
00:22:48.0594 3488 [ DA34C39A18E60E7C3FA0630566408034 ] umbus C:\Windows\System32\drivers\umbus.sys
00:22:48.0594 3488 umbus - ok
00:22:48.0609 3488 [ AE8294875E5446E359B1E8035D40C05E ] UmPass C:\Windows\System32\drivers\umpass.sys
00:22:48.0609 3488 UmPass - ok
00:22:48.0749 3488 [ 87743CF5FF2FB3F2B424F0D8DFF8FD8C ] UmRdpService C:\Windows\System32\umrdp.dll
00:22:48.0765 3488 UmRdpService - ok
00:22:48.0876 3488 [ C98493DD8E6A50154FAC75C15E1C36BB ] upnphost C:\Windows\System32\upnphost.dll
00:22:48.0908 3488 upnphost - ok
00:22:48.0939 3488 [ F957092C63CD71D85903CA0D8370F473 ] USBAAPL64 C:\Windows\System32\Drivers\usbaapl64.sys
00:22:48.0939 3488 USBAAPL64 - ok
00:22:49.0001 3488 [ 621317D14B93CBFBD5694767EFB6B40A ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
00:22:49.0017 3488 usbccgp - ok
00:22:49.0033 3488 [ 0139248F6B95CF0D837B5B46A2722D40 ] usbcir C:\Windows\System32\drivers\usbcir.sys
00:22:49.0048 3488 usbcir - ok
00:22:49.0065 3488 [ C996CBEF922B5653A01E3F50DDCE2F86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
00:22:49.0065 3488 usbehci - ok
00:22:49.0079 3488 [ E30B159760053C5A1297D2CD08046CD7 ] usbhub C:\Windows\System32\drivers\usbhub.sys
00:22:49.0173 3488 usbhub - ok
00:22:49.0329 3488 [ 5C90D5379B53590FBB24BBAD4FA682EE ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
00:22:49.0345 3488 USBHUB3 - ok
00:22:49.0408 3488 [ A0F0484C97D6441ED6A75D7426ECCC9E ] usbohci C:\Windows\System32\drivers\usbohci.sys
00:22:49.0423 3488 usbohci - ok
00:22:49.0454 3488 [ 4D655E3B684BE9B0F7FFD8A2935C348C ] usbprint C:\Windows\System32\drivers\usbprint.sys
00:22:49.0454 3488 usbprint - ok
00:22:49.0487 3488 [ 0F030491BA4A27BD46F8B8ACEEE83F1A ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:22:49.0501 3488 usbscan - ok
00:22:49.0533 3488 [ 9D168BFA334D47BE404367EB58D4E130 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
00:22:49.0548 3488 USBSTOR - ok
00:22:49.0566 3488 [ FC974B03C8B87455F44F734C8F31A3C8 ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
00:22:49.0742 3488 usbuhci - ok
00:22:49.0853 3488 [ 44603DA5A87FB491EF59C889EBBB4DDB ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
00:22:49.0853 3488 USBXHCI - ok
00:22:49.0934 3488 [ 382100E75B6F4668AEAEF228C6CEFFAD ] VaultSvc C:\Windows\system32\lsass.exe
00:22:49.0934 3488 VaultSvc - ok
00:22:49.0986 3488 [ FEB26E3B8345A7E8D62F945C4AE86562 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:22:49.0986 3488 vdrvroot - ok
00:22:50.0143 3488 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A ] vds C:\Windows\System32\vds.exe
00:22:50.0205 3488 vds - ok
00:22:50.0236 3488 [ A026EDEAA5EECAE0B08E2748B616D4BD ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
00:22:50.0236 3488 VerifierExt - ok
00:22:50.0299 3488 [ 8ABB4BABF59F092DF0B43778D8FD1884 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
00:22:50.0346 3488 vhdmp - ok
00:22:50.0377 3488 [ 06D38968028E9AB19DE9B618C7B6D199 ] viaide C:\Windows\system32\drivers\viaide.sys
00:22:50.0392 3488 viaide - ok
00:22:50.0408 3488 [ 511AD3FF957A0127E6BD336FF6F89C38 ] vmbus C:\Windows\system32\drivers\vmbus.sys
00:22:50.0425 3488 vmbus - ok
00:22:50.0425 3488 [ DA40BEA0A863CE768C940CA9723BF81F ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
00:22:50.0425 3488 VMBusHID - ok
00:22:50.0456 3488 [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
00:22:50.0471 3488 vmicguestinterface - ok
00:22:50.0471 3488 [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
00:22:50.0486 3488 vmicheartbeat - ok
00:22:50.0486 3488 [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
00:22:50.0503 3488 vmickvpexchange - ok
00:22:50.0517 3488 [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmicrdv C:\Windows\System32\ICSvc.dll
00:22:50.0517 3488 vmicrdv - ok
00:22:50.0565 3488 [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmicshutdown C:\Windows\System32\ICSvc.dll
00:22:50.0565 3488 vmicshutdown - ok
00:22:50.0596 3488 [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmictimesync C:\Windows\System32\ICSvc.dll
00:22:50.0596 3488 vmictimesync - ok
00:22:50.0658 3488 [ C42C38E15C0DC39D4B0BDF34F733E468 ] vmicvss C:\Windows\System32\ICSvc.dll
00:22:50.0658 3488 vmicvss - ok
00:22:50.0830 3488 [ 0E068DF0796A33D2922EC69652A2C043 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
00:22:50.0830 3488 VMUSBArbService - ok
00:22:50.0949 3488 [ 6DBA40D936A02CDE219D43FD47C845F8 ] vmware-view-usbd C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
00:22:50.0958 3488 vmware-view-usbd - ok
00:22:50.0981 3488 [ 771D3F512B2738338E321556D9D4690F ] vmwsprrdpwks C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
00:22:50.0982 3488 vmwsprrdpwks - ok
00:22:51.0028 3488 [ 436E1A724E7E683F6B612D3D58F04241 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:22:51.0030 3488 volmgr - ok
00:22:51.0062 3488 [ 7DD4EAE2E680948D9AFF3E1B5234C1D3 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:22:51.0065 3488 volmgrx - ok
00:22:51.0108 3488 [ 17F7B0F2298D97F4B6C7A69511033D3D ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:22:51.0112 3488 volsnap - ok
00:22:51.0133 3488 [ DAC438FB5FF85A9E72806E2341D5D732 ] vpci C:\Windows\System32\drivers\vpci.sys
00:22:51.0139 3488 vpci - ok
00:22:51.0169 3488 [ 4539F45F9F4C9757A86A56C949421E07 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:22:51.0175 3488 vsmraid - ok
00:22:51.0203 3488 [ D0CBA7B3531CCF2ADB985856D5F92434 ] VSS C:\Windows\system32\vssvc.exe
00:22:51.0216 3488 VSS - ok
00:22:51.0235 3488 [ 0849B7260F26FE05EA56DED0672E2F4B ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
00:22:51.0241 3488 VSTXRAID - ok
00:22:51.0266 3488 [ 71066FF95C487327E44C8AF1B72EBE8B ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
00:22:51.0268 3488 vwifibus - ok
00:22:51.0282 3488 [ 29AB43937FFDA0B0FB56984226E698C6 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:22:51.0284 3488 vwififlt - ok
00:22:51.0299 3488 [ 8B8624A93E3F88CB923AEB05B6313227 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
00:22:51.0303 3488 vwifimp - ok
00:22:51.0327 3488 [ DC821E811EFBB65CDD77FBB8B6ECA385 ] W32Time C:\Windows\system32\w32time.dll
00:22:51.0332 3488 W32Time - ok
00:22:51.0349 3488 [ 0910AB9ED404C1434E2D0376C2AD5D8B ] WacomPen C:\Windows\System32\drivers\wacompen.sys
00:22:51.0353 3488 WacomPen - ok
00:22:51.0383 3488 [ 841345442390953CBC8801B95D3D0540 ] wbengine C:\Windows\system32\wbengine.exe
00:22:51.0398 3488 wbengine - ok
00:22:51.0419 3488 [ 0F1DFA2FED73FA78B8C3CDE332A870F6 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:22:51.0424 3488 WbioSrvc - ok
00:22:51.0433 3488 [ 0EAEC313B24837613621B4A2536ED382 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
00:22:51.0441 3488 Wcmsvc - ok
00:22:51.0487 3488 [ F6B4C2280FF7C7156AC8A4687B9DA35E ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:22:51.0502 3488 wcncsvc - ok
00:22:51.0515 3488 [ B7BF1D783F5B2484E8CE1C0C78257F16 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:22:51.0528 3488 WcsPlugInService - ok
00:22:51.0556 3488 [ F2E08D1C067FEFC3A42D21FD4810F1D3 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
00:22:51.0557 3488 WdBoot - ok
00:22:51.0575 3488 [ CB6C63FF8342B467E2EF76E98D5B934D ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:22:51.0582 3488 Wdf01000 - ok
00:22:51.0596 3488 [ E234820E6B84ABA5E84E00227F505AE8 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
00:22:51.0599 3488 WdFilter - ok
00:22:51.0611 3488 [ F581F9C9D6953FABFA24E67105F0B614 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:22:51.0613 3488 WdiServiceHost - ok
00:22:51.0616 3488 [ F581F9C9D6953FABFA24E67105F0B614 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:22:51.0623 3488 WdiSystemHost - ok
00:22:51.0636 3488 [ A74AD6D80AC26E1B5DD276FC927F2BAC ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
00:22:51.0638 3488 WdNisDrv - ok
00:22:51.0653 3488 WdNisSvc - ok
00:22:51.0696 3488 [ A70CAF5EA36CBA5FCA24244306D4D5C6 ] WebClient C:\Windows\System32\webclnt.dll
00:22:51.0700 3488 WebClient - ok
00:22:51.0721 3488 [ 384E1D04FE20845B2559D292F17A9FA1 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:22:51.0725 3488 Wecsvc - ok
00:22:51.0730 3488 [ 455014F4E48B67EBE0F032E2B0E06BF2 ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
00:22:51.0733 3488 WEPHOSTSVC - ok
00:22:51.0753 3488 [ F13DBA57CEA9B7074B95EDCA6AD2635E ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:22:51.0760 3488 wercplsupport - ok
00:22:51.0765 3488 [ FD7E58B6AA3EABF2D12B9762A20E11E4 ] WerSvc C:\Windows\System32\WerSvc.dll
00:22:51.0772 3488 WerSvc - ok
00:22:51.0799 3488 [ 715ABA3DD164D06457A2A3C92F6EA9D5 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
00:22:51.0802 3488 WFPLWFS - ok
00:22:51.0817 3488 [ 8C840E1FD7584E74BD0CC1EA581EC187 ] WiaRpc C:\Windows\System32\wiarpc.dll
00:22:51.0824 3488 WiaRpc - ok
00:22:51.0850 3488 [ 5F66B7BB330AA80067FC66149A692620 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:22:51.0853 3488 WIMMount - ok
00:22:51.0858 3488 WinDefend - ok
00:22:51.0892 3488 [ 0E70990EC2E5D2331AA5E88DB0CFB826 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
00:22:51.0898 3488 WinHttpAutoProxySvc - ok
00:22:52.0029 3488 [ FC8BD690321216C32BB58B035B6D5674 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:22:52.0033 3488 Winmgmt - ok
00:22:52.0082 3488 [ B56BFFFB740D76E634DB7B4802E36E4E ] WinRM C:\Windows\system32\WsmSvc.dll
00:22:52.0113 3488 WinRM - ok
00:22:52.0173 3488 [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:22:52.0179 3488 WinUsb - ok
00:22:52.0288 3488 [ F6F13FB009D43CE75FDBC35A5A46F9BB ] WlanSvc C:\Windows\System32\wlansvc.dll
00:22:52.0297 3488 WlanSvc - ok
00:22:52.0488 3488 [ 06BF5897949A8F24893F792E876B71F5 ] wlidsvc C:\Windows\system32\wlidsvc.dll
00:22:52.0497 3488 wlidsvc - ok
00:22:52.0509 3488 [ 2834D9D3B4F554A39C72F00EA3F0E128 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
00:22:52.0510 3488 WmiAcpi - ok
00:22:52.0531 3488 [ B96F7A1236C3F21212DE2C40A3DDB005 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:22:52.0534 3488 wmiApSrv - ok
00:22:52.0562 3488 WMPNetworkSvc - ok
00:22:52.0574 3488 [ 7FC5667DF73D4B04AA457CC3A4180E09 ] Wof C:\Windows\system32\drivers\Wof.sys
00:22:52.0576 3488 Wof - ok
00:22:52.0614 3488 [ EDFA5CEDBE174FAAA4A09A6B297AEA42 ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
00:22:52.0628 3488 workfolderssvc - ok
00:22:52.0656 3488 [ A2468CC3509394A33C4C32F99563D845 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
00:22:52.0658 3488 wpcfltr - ok
00:22:52.0683 3488 [ 19F4DF69876DA7E9C4965351560FE6B7 ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:22:52.0690 3488 WPCSvc - ok
00:22:52.0720 3488 [ 25BE82B325AC22FE563A58A1AC29F4C1 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:22:52.0724 3488 WPDBusEnum - ok
00:22:52.0729 3488 [ 9F2904B55F6CECCD1A8D986B5CE2609A ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
00:22:52.0730 3488 WpdUpFltr - ok
00:22:52.0752 3488 [ AE072B0339D0A18E455DC21666CAD572 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:22:52.0755 3488 ws2ifsl - ok
00:22:52.0790 3488 [ 501D5EFAB9711039479AE48401386D2B ] wscsvc C:\Windows\System32\wscsvc.dll
00:22:52.0793 3488 wscsvc - ok
00:22:52.0797 3488 WSearch - ok
00:22:52.0831 3488 [ 552BD369EF502489AF40899BDBFF35C6 ] wsnm C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
00:22:52.0834 3488 wsnm - ok
00:22:53.0027 3488 [ 6B2D71124C1EA86B74412F414C42431D ] WSService C:\Windows\System32\WSService.dll
00:22:53.0105 3488 WSService - ok
00:22:53.0260 3488 [ F8AAE8C41092D195C470EE7EF2D0BB01 ] wuauserv C:\Windows\system32\wuaueng.dll
00:22:53.0304 3488 wuauserv - ok
00:22:53.0366 3488 [ 481286719402E4BAEFEA0604AB1B5113 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:22:53.0368 3488 WudfPf - ok
00:22:53.0400 3488 [ D7B4859227B02BCC1055B279A63C937F ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
00:22:53.0404 3488 WUDFRd - ok
00:22:53.0413 3488 [ D7B4859227B02BCC1055B279A63C937F ] WUDFSensorLP C:\Windows\system32\DRIVERS\WUDFRd.sys
00:22:53.0416 3488 WUDFSensorLP - ok
00:22:53.0437 3488 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:22:53.0441 3488 wudfsvc - ok
00:22:53.0462 3488 [ D7B4859227B02BCC1055B279A63C937F ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
00:22:53.0463 3488 WUDFWpdFs - ok
00:22:53.0472 3488 [ D7B4859227B02BCC1055B279A63C937F ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
00:22:53.0473 3488 WUDFWpdMtp - ok
00:22:53.0597 3488 [ A0900F8F628B5AF6841414EB3CF11E50 ] WwanSvc C:\Windows\System32\wwansvc.dll
00:22:53.0625 3488 WwanSvc - ok
00:22:53.0640 3488 ================ Scan global ===============================
00:22:53.0680 3488 [ 3500AF0BA2EF095BF313EEB75D2366C6 ] C:\Windows\system32\basesrv.dll
00:22:53.0772 3488 [ EAB311B0A7A8EA0346F14F08D4BC8F46 ] C:\Windows\system32\winsrv.dll
00:22:53.0817 3488 [ 3600ED7EA8AED849E20700551C0BD63B ] C:\Windows\system32\sxssrv.dll
00:22:53.0894 3488 [ E0C7813A97CA7947FF5C18A8F3B61A45 ] C:\Windows\system32\services.exe
00:22:53.0898 3488 [Global] - ok
00:22:53.0898 3488 ================ Scan MBR ==================================
00:22:53.0922 3488 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
00:22:53.0945 3488 \Device\Harddisk0\DR0 - ok
00:22:53.0952 3488 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
00:22:53.0980 3488 \Device\Harddisk1\DR1 - ok
00:22:53.0981 3488 ================ Scan VBR ==================================
00:22:53.0984 3488 [ 7B6E0BBDB7BB60CBDAC4EA9DBBCFB1D1 ] \Device\Harddisk0\DR0\Partition1
00:22:53.0999 3488 \Device\Harddisk0\DR0\Partition1 - ok
00:22:54.0019 3488 [ 725FF3117B2345BE9DDD1B451FCC0501 ] \Device\Harddisk0\DR0\Partition2
00:22:54.0027 3488 \Device\Harddisk0\DR0\Partition2 - ok
00:22:54.0035 3488 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
00:22:54.0037 3488 \Device\Harddisk0\DR0\Partition3 - ok
00:22:54.0057 3488 [ 9A46419798180A728FEAE1618C879082 ] \Device\Harddisk0\DR0\Partition4
00:22:54.0076 3488 \Device\Harddisk0\DR0\Partition4 - ok
00:22:54.0080 3488 [ 036BD3EDA2CC2C990B6635202BF19C9B ] \Device\Harddisk1\DR1\Partition1
00:22:54.0081 3488 \Device\Harddisk1\DR1\Partition1 - ok
00:22:54.0081 3488 ============================================================
00:22:54.0081 3488 Scan finished
00:22:54.0081 3488 ============================================================
00:22:54.0093 3472 Detected object count: 1
00:22:54.0093 3472 Actual detected object count: 1
00:30:31.0759 3472 HKLM\SYSTEM\ControlSet001\services\99224798 - will be deleted on reboot
00:30:31.0886 3472 C:\Windows\system32\drivers\48963131.sys - will be deleted on reboot
00:30:31.0886 3472 99224798 ( HiddenService.Multi.Generic ) - User select action: Delete
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2017-12-01 14:44:13
-----------------------------
14:44:13.681 OS Version: Windows x64 6.2.9200
14:44:13.681 Number of processors: 4 586 0x3001
14:44:13.681 ComputerName: HP-DESKTOP UserName: Owner
14:44:15.087 Initialize success
14:44:15.087 VM: initialized successfully
14:44:15.087 VM: Amd CPU BiosDisabled
14:46:22.359 AVAST engine defs: 17030301
14:49:33.023 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000028
14:49:33.023 Disk 0 Vendor: ST2000DM001-1ER164 HP51 Size: 1907729MB BusType: 11
14:49:33.151 Disk 0 MBR read successfully
14:49:33.163 Disk 0 MBR scan
14:49:33.163 Disk 0 unknown MBR code
14:49:33.163 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
14:49:33.241 Disk 0 scanning C:\Windows\system32\drivers
14:49:50.530 Service scanning
14:50:20.265 Modules scanning
14:50:20.265 Disk 0 trace - called modules:
14:50:20.280 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys
14:50:20.280 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe000f36b5770]
14:50:20.296 3 CLASSPNP.SYS[fffff801e1a81170] -> nt!IofCallDriver -> \Device\00000028[0xffffe000f34fc060]
14:50:21.939 AVAST engine scan C:\
17:13:22.180 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
17:13:22.259 The log file has been saved successfully to "F:\aswMBR.txt"
18:28:47.000 Disk 0 statistics 19550655/0/0 @ 0.97 MB/s
18:28:47.016 Scan finished successfully
19:15:56.494 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
19:15:56.634 The log file has been saved successfully to "F:\log.txt"
Haven't done the fixlist yet because I mentioned that Teamviewer worked for me despite what you saw. I wonder if the virus allows it to function just not function properly?
#10
Posted 01 December 2017 - 07:21 PM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
Go ahead and run the fixlist,
#11
Posted 01 December 2017 - 07:58 PM
Himynameiskyle
- Topic Starter
-
- Member
-
- 22 posts
Member
New FRST:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Owner (01-12-2017 19:42:41)
Running from C:\Users\Owner\Documents\My Documentss
Windows 8.1 (Update) (X64) (2016-08-17 03:13:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3592585487-3101742847-3297218791-500 - Administrator - Disabled)
Guest (S-1-5-21-3592585487-3101742847-3297218791-501 - Limited - Disabled)
Owner (S-1-5-21-3592585487-3101742847-3297218791-1001 - Administrator - Enabled) => C:\Users\Owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Canon MX330 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series) (Version: - )
DisplayKEY USB Cradle (HKLM\...\{BBA09DF4-4519-4BD0-B203-A58CACB92DFA}) (Version: 2.0.0.329 - Supra)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
Pulse Secure Setup Client (HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\...\Juniper_Setup_Client) (Version: 8.1.6.61491 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Skype version 8.11 (HKLM-x32\...\Skype_is1) (Version: 8.11 - Skype Technologies S.A.)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.5058 - TeamViewer)
VMware Horizon Client (HKLM\...\{C7F8E8FA-0832-427E-B2B1-ABF6F8495C35}) (Version: 3.5.2.30397 - VMware, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {37E3E53A-7645-4BC9-A9E5-6AD32F4E1D7F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B42061CE-B050-4D93-9898-FDC821CAFA75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-25] (Google Inc.)
Task: {E26968CF-C91C-4ECD-8592-53C9462086F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-06-25] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-09-01 17:12 - 2016-09-01 17:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-16 11:10 - 2015-06-16 11:10 - 000226240 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2015-07-31 15:42 - 2015-07-31 15:42 - 006363792 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
2011-11-11 14:27 - 2011-11-11 14:27 - 000073216 _____ () C:\dKEYUSBCradle\stunnel-4.10.exe
2016-08-17 21:28 - 2016-08-17 21:28 - 000183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-06-16 11:04 - 2015-06-16 11:04 - 000239552 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
2005-03-29 00:58 - 2005-03-29 00:58 - 000847872 _____ () C:\dKEYUSBCradle\libeay32.dll
2010-03-16 09:52 - 2010-03-16 09:52 - 000159744 _____ () C:\dKEYUSBCradle\libssl32.dll
2017-11-13 20:26 - 2017-11-16 16:11 - 001551816 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2017-11-13 20:26 - 2017-11-16 16:08 - 000088064 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2017-11-13 20:26 - 2017-11-16 16:08 - 002559608 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2017-11-13 20:26 - 2017-11-16 16:08 - 000031864 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2017-11-13 20:26 - 2017-11-16 16:08 - 000400896 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2017-11-13 20:26 - 2017-11-16 16:08 - 000129536 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2017-11-13 20:26 - 2017-11-16 16:08 - 002130944 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:25 - 2017-12-01 19:31 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img10.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B0F18B4F-919F-43AF-A627-9C194E0F3EA7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AA45BFFA-AF50-4204-936E-8298D71F48C6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6F5DD6F7-273C-4120-88F4-21075693C53D}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{653C3824-617F-428D-B923-667101E57C88}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{2F0DA2BF-4BC6-48F6-B1FE-526BEFBE03F2}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{06BE2CF4-D1FA-44D2-8E4A-7180A21CA29B}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{F3CECC4E-413A-4150-913D-3CFB88A0F371}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{8E917DD7-9FA7-48D9-BC8C-DE3C3F9818B5}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{72F5AA83-97BB-4815-AA2F-93BDB81022FF}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{AD42FE2C-FA6B-42E3-AC07-AA4D90ED436B}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{7349F58B-B9D1-4E0A-A317-53A03F2FF9AC}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{380A0B4C-5C08-493A-A13E-E90B145DF4C7}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{805B19D2-A89C-4037-BB86-AE3C567E2F5D}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{4B4FA0B1-B9A5-4F67-8736-C9DD5C9F37C1}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{7819CFC0-2C8D-4DBF-9C0C-536FE8552347}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{21B12A09-1673-4F5A-8A79-A7F0AFA5487A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{6876DCAD-50FE-48DF-8E7C-585DB61594AC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{09E7FC8C-9F5A-41FE-988F-3F6484F09F07}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EF7D00EF-4397-492D-98BF-800DEC16BB01}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{EF5B2034-9891-437F-83CE-FFF59CF4DBD4}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{E30262F1-8502-4A36-93FE-77034462D423}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4F4CE04A-BE79-4321-8C9E-017A8A0D488B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{79D3C402-663D-45A4-A041-A49611746F3F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D292530A-95EA-4DE5-863D-07E6EAFD20C8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Restore Points =========================
13-07-2017 19:01:45 Windows Update
23-07-2017 00:38:49 Windows Update
09-08-2017 07:06:25 Windows Modules Installer
12-08-2017 15:05:36 Windows Update
15-09-2017 04:39:34 Windows Update
15-10-2017 09:31:32 Windows Update
19-10-2017 04:49:09 Windows Update
17-11-2017 08:53:05 Windows Update
24-11-2017 09:48:48 Windows Update
28-11-2017 13:59:11 Installed Adblock Plus for IE (32-bit and 64-bit)
01-12-2017 17:54:13 Removed Bonjour
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (12/01/2017 07:35:28 PM) (Source: DCOM) (EventID: 10010) (User: HP-DESKTOP)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (12/01/2017 07:35:28 PM) (Source: DCOM) (EventID: 10010) (User: HP-DESKTOP)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (12/01/2017 07:35:28 PM) (Source: DCOM) (EventID: 10010) (User: HP-DESKTOP)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
==================== Memory info ===========================
Processor: AMD A8-7600 Radeon R7, 10 Compute Cores 4C+6G
Percentage of memory in use: 26%
Total physical RAM: 7092.85 MB
Available physical RAM: 5237.44 MB
Total Virtual: 14260.85 MB
Available Virtual: 12299.02 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:1862.5 GB) (Free:1818.5 GB) NTFS
Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:3.81 GB) (Free:1.24 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: D9D82C40)
Partition: GPT.
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: E44A23EB)
Partition 1: (Not Active) - (Size=3.8 GB) - (Type=0B)
==================== End of Addition.txt ============================
Fix Log:
Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Owner (01-12-2017 19:31:02) Run:1
Running from C:\Users\Owner\Documents\My Documentss
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================
fixlist content:
*****************
FF Extension: (Converter) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\Extensions\@Converter.xpi [2017-11-19]
FF Extension: (Search Encrypt) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\Extensions\@searchencrypt.xpi [2017-11-17]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\features\{fdceb2ea-817f-4945-8dff-be20c3e18c8a}\[email protected] [2017-11-22] [Lagacy]
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\searchplugins\yahoo! powered.xml [2017-11-18]
CHR DefaultSearchURL: Default -> hxxp://srchbar.com/?q={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
Task: {E1A5D9C1-B602-4879-92C3-A63534EF021E} - System32\Tasks\{EE0246C1-3455-44FF-8A58-3CAADCD84D78} => C:\Windows\system32\pcalua.exe -a C:\Users\Owner\AppData\Local\{8E00B85C-AAA8-D4E4-C730-F10CE3580D94}\uninst.exe -c -P=/Uninstall /s /noun /DelSelfDir
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42925105.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67090335.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72642326.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\99224798.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42925105.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67090335.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72642326.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\99224798.sys => ""="Driver"
Hosts:
EmptyTemp:
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
*****************
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\Extensions\@Converter.xpi => moved successfully
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\Extensions\@searchencrypt.xpi => moved successfully
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\features\{fdceb2ea-817f-4945-8dff-be20c3e18c8a}\[email protected] => moved successfully
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\searchplugins\yahoo! powered.xml => moved successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\SOFTWARE\Google\Chrome\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce => key removed successfully
HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1A5D9C1-B602-4879-92C3-A63534EF021E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1A5D9C1-B602-4879-92C3-A63534EF021E} => key removed successfully
C:\Windows\System32\Tasks\{EE0246C1-3455-44FF-8A58-3CAADCD84D78} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EE0246C1-3455-44FF-8A58-3CAADCD84D78} => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\42925105.sys => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\67090335.sys => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\72642326.sys => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\99224798.sys => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\42925105.sys => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\67090335.sys => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\72642326.sys => key removed successfully
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\99224798.sys => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16620499 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 22108 B
Edge => 0 B
Chrome => 9311781 B
Firefox => 93322219 B
Opera => 2171674 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Owner => 452351346 B
RecycleBin => 0 B
EmptyTemp: => 555.2 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 19:31:59 ====
Virustotal ratio was 0/56
About to start the elevated command prompt
#12
Posted 01 December 2017 - 09:19 PM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
Sorry for the delay in getting back to you but the Internet went down. Our cable is acting up. The Internet is back up but the TV is still down.
You posted the Addition.txt twice can you post the FRST log?
#13
Posted 01 December 2017 - 09:46 PM
Himynameiskyle
- Topic Starter
-
- Member
-
- 22 posts
Member
Sorry about that. I was in a hurry and thought I copied the right thing.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Owner (administrator) on HP-DESKTOP (01-12-2017 19:41:10)
Running from C:\Users\Owner\Documents\My Documentss
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Supra) C:\dKEYUSBCradle\SyncService.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Supra) C:\dKEYUSBCradle\ProxyDaemon.exe
() C:\dKEYUSBCradle\stunnel-4.10.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Supra) C:\dKEYUSBCradle\SyncInfoApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-05] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-05] (Hewlett-Packard )
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70080 2015-06-16] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [57446344 2017-11-16] (Skype Technologies S.A.)
HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\...\MountPoints2: E - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\...\MountPoints2: {fa696a82-d4c7-11e7-82d0-3010b326e15f} - "E:\LaunchU3.exe" -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DisplayKEY eSYNC Info.lnk [2016-11-16]
ShortcutTarget: DisplayKEY eSYNC Info.lnk -> C:\dKEYUSBCradle\SyncInfoApp.exe (Supra)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{86AD8D79-0E93-4DF3-B074-8F9C824C0DAE}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D65109DD-A864-4F63-834E-35604F19EAF5}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3592585487-3101742847-3297218791-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2017-01-03] (Eyeo GmbH)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2017-01-03] (Eyeo GmbH)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://home.mynmg.com/dana-cached/sc/JuniperSetupClient.cab
FireFox:
========
FF DefaultProfile: p85zmb8q.default
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default [2017-12-01]
FF Homepage: Mozilla\Firefox\Profiles\p85zmb8q.default -> hxxps://www.msn.com/
hxxps://www.msn.com/
FF NewTab: Mozilla\Firefox\Profiles\p85zmb8q.default -> hxxp://search.searchinfast.com?uid=7f6cf28c-82ce-4522-9e81-0073053f3f3f&uc=20160830&ap=appfocus5&source=googledisplay-bb8&page=newtab&implementation_id=dm_0.2.1
FF NewTabOverride: Mozilla\Firefox\Profiles\p85zmb8q.default -> Disabled: @Converter
FF NewTabOverride: Mozilla\Firefox\Profiles\p85zmb8q.default -> Disabled: @DownloadManager
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\Extensions\[email protected] [2016-08-17] [Lagacy]
FF Extension: (Adguard AdBlocker) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\p85zmb8q.default\Extensions\[email protected] [2017-11-28]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-12-01]
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-10]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-10]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-25]
CHR Extension: (Adguard AdBlocker) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2017-11-28]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-25]
CHR Extension: (Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-10]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-06-25]
CHR Extension: (Search Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nahhmpbckpgdidfnmfkfgiflpjijilce [2017-11-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-01]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-25]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-28]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 dKeySync; C:\dKEYUSBCradle\SyncService.exe [42496 2011-11-11] (Supra) [File not signed]
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [226240 2015-06-16] ()
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [6363792 2015-07-31] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-05] (IDT, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945264 2017-11-24] (TeamViewer GmbH)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1156824 2015-10-13] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (VMware)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [533208 2015-10-14] (VMware, Inc.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 RTLU3E8023-W8-64; C:\Windows\system32\DRIVERS\rtu30x64w8.sys [92376 2013-10-11] (Realtek )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S1 MpKslc5795e0e; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A4C5EC7D-7B65-4CAD-9630-D1D3FE65AF28}\MpKslc5795e0e.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-01 19:17 - 2017-12-01 19:17 - 000140782 _____ C:\TDSSKiller.2.8.16.0_01.12.2017_19.17.26_log.txt
2017-12-01 17:58 - 2017-12-01 19:31 - 000000000 ____D C:\Users\Owner\Documents\My Documentss
2017-12-01 17:26 - 2017-12-01 17:26 - 000000000 ____D C:\Users\Owner\AppData\Local\TeamViewer
2017-12-01 14:47 - 2017-12-01 17:28 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-12-01 14:47 - 2017-12-01 14:47 - 000001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2017-12-01 14:47 - 2017-12-01 14:47 - 000001047 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2017-12-01 14:47 - 2017-12-01 14:47 - 000000000 ____D C:\Users\Owner\AppData\Roaming\TeamViewer
2017-12-01 14:35 - 2017-12-01 19:41 - 000000000 ____D C:\FRST
2017-11-29 11:26 - 2017-11-29 11:27 - 000005308 _____ C:\TDSSKiller.2.8.16.0_29.11.2017_11.26.51_log.txt
2017-11-29 00:22 - 2017-11-29 00:39 - 000141342 _____ C:\TDSSKiller.2.8.16.0_29.11.2017_00.22.12_log.txt
2017-11-29 00:18 - 2017-11-29 00:20 - 000141342 _____ C:\TDSSKiller.2.8.16.0_29.11.2017_00.18.20_log.txt
2017-11-29 00:15 - 2017-11-29 00:15 - 000012450 _____ C:\Users\Owner\Desktop\MBRCheck_11.29.17_00.15.25.txt
2017-11-29 00:11 - 2017-11-29 00:16 - 000141232 _____ C:\TDSSKiller.2.8.16.0_29.11.2017_00.11.51_log.txt
2017-11-29 00:09 - 2017-11-29 00:30 - 000000000 ____D C:\TDSSKiller_Quarantine
2017-11-29 00:09 - 2017-11-29 00:10 - 000277994 _____ C:\TDSSKiller.2.8.16.0_29.11.2017_00.09.13_log.txt
2017-11-29 00:08 - 2017-12-01 19:39 - 000000000 ____D C:\Program Files\HitmanPro
2017-11-29 00:07 - 2017-11-29 00:15 - 000000000 ____D C:\ProgramData\HitmanPro
2017-11-29 00:06 - 2017-11-29 00:07 - 000011126 _____ C:\Users\Owner\Desktop\MBRCheck_11.29.17_00.06.36.txt
2017-11-28 23:41 - 2017-11-29 00:09 - 000090582 _____ C:\Windows\ntbtlog.txt
2017-11-28 13:59 - 2017-11-28 13:59 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Adblock Plus for IE
2017-11-28 13:59 - 2017-11-28 13:59 - 000000000 ____D C:\Program Files\Adblock Plus for IE
2017-11-28 13:48 - 2017-11-28 14:13 - 000000000 ____D C:\Users\Owner\Documents\ConnectWiseControl
2017-11-28 12:46 - 2017-11-28 14:13 - 000000000 ____D C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0004_82786dc597925baa
2017-11-28 12:45 - 2017-11-28 12:45 - 000085272 _____ C:\Users\Owner\Downloads\ConnectWiseControl.Client.exe
2017-11-28 12:37 - 2017-11-28 12:37 - 000352151 _____ C:\Users\Owner\Desktop\Computer Bill.pdf
2017-11-28 11:16 - 2017-11-28 12:46 - 000000000 ____D C:\ProgramData\scre..tion_2c2536e5112611c9_0006.0004_93709a72a0cf73c5
2017-11-28 10:43 - 2017-11-28 10:56 - 001204720 _____ (Adobe Systems Incorporated) C:\Users\Owner\Downloads\flashplayer27_ka_install.exe
2017-11-27 02:00 - 2017-11-27 02:00 - 000189114 _____ C:\Users\Owner\Desktop\soft experts.pdf
2017-11-22 11:08 - 2017-11-28 13:52 - 000000000 ____D C:\Windows\Minidump
2017-11-18 10:22 - 2017-11-18 10:22 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Opera Software
2017-11-18 10:22 - 2017-11-18 10:22 - 000000000 ____D C:\Users\Owner\AppData\Local\Opera Software
2017-11-18 10:21 - 2017-11-18 10:21 - 000000065 _____ C:\Users\Owner\Downloads\Word_Setup [1].exe
2017-11-17 10:46 - 2017-11-17 10:47 - 140852175 _____ C:\Users\Owner\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US(1).exe
2017-11-17 10:46 - 2017-11-17 10:46 - 140852175 _____ C:\Users\Owner\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2017-11-17 10:44 - 2017-11-17 10:44 - 001668448 _____ ( ) C:\Users\Owner\Downloads\Word_Setup.exe
2017-11-15 09:08 - 2017-10-16 12:38 - 002013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 09:08 - 2017-10-14 02:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-15 09:08 - 2017-10-14 02:23 - 004168704 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-15 09:08 - 2017-10-14 02:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-15 09:08 - 2017-10-14 02:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-15 09:08 - 2017-10-14 01:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-15 09:08 - 2017-10-14 01:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-15 09:08 - 2017-10-14 01:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-15 09:08 - 2017-10-14 01:05 - 015431680 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 09:08 - 2017-10-14 00:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-15 09:08 - 2017-10-14 00:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-15 09:08 - 2017-10-14 00:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-15 09:08 - 2017-10-14 00:14 - 013317632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-15 09:08 - 2017-10-14 00:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-15 09:08 - 2017-10-10 09:38 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-15 09:08 - 2017-09-08 11:14 - 003084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2017-11-15 09:08 - 2017-09-08 10:50 - 002471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2017-11-15 09:08 - 2017-08-10 19:39 - 002779136 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-11-15 09:08 - 2017-08-10 19:30 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-11-15 09:07 - 2017-10-17 13:11 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-15 09:07 - 2017-10-14 07:04 - 001548624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-11-15 09:07 - 2017-10-14 02:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-15 09:07 - 2017-10-14 02:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-15 09:07 - 2017-10-14 01:36 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-11-15 09:07 - 2017-10-14 01:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-15 09:07 - 2017-10-14 01:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-15 09:07 - 2017-10-14 01:30 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-15 09:07 - 2017-10-14 01:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-15 09:07 - 2017-10-14 01:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-15 09:07 - 2017-10-14 01:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-15 09:07 - 2017-10-14 00:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-15 09:07 - 2017-10-14 00:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-15 09:07 - 2017-10-14 00:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-15 09:07 - 2017-10-14 00:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-11-15 09:07 - 2017-10-14 00:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-15 09:07 - 2017-10-14 00:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-15 09:07 - 2017-10-14 00:24 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-15 09:07 - 2017-10-14 00:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-15 09:07 - 2017-10-14 00:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-15 09:07 - 2017-10-14 00:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-15 09:07 - 2017-10-10 10:36 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 09:07 - 2017-10-10 09:38 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-11-15 09:07 - 2017-10-10 09:11 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-15 09:07 - 2017-10-10 09:08 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-11-15 09:07 - 2017-10-05 01:17 - 000380248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-11-15 09:07 - 2017-09-14 17:52 - 000986968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-11-15 09:07 - 2017-09-07 21:31 - 000685440 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-11-15 09:07 - 2017-09-07 21:28 - 000507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-11-15 09:07 - 2017-09-07 15:31 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\mgmtapi.dll
2017-11-15 09:07 - 2017-09-07 13:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mgmtapi.dll
2017-11-15 09:07 - 2017-09-07 11:20 - 000513456 _____ C:\Windows\SysWOW64\locale.nls
2017-11-15 09:07 - 2017-09-07 11:20 - 000513456 _____ C:\Windows\system32\locale.nls
2017-11-15 09:07 - 2017-09-07 07:40 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-15 09:07 - 2017-09-07 07:40 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-15 09:07 - 2017-09-06 17:07 - 000158552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-15 09:07 - 2017-09-06 15:17 - 000461144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-15 09:07 - 2017-09-06 15:17 - 000443224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-15 09:07 - 2017-09-06 08:14 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\regsvc.dll
2017-11-15 08:57 - 2017-10-11 01:35 - 000143016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-15 08:57 - 2017-10-10 09:21 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-15 08:57 - 2017-10-10 07:18 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 000402944 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-15 08:57 - 2017-10-10 07:18 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-14 15:47 - 2017-11-14 15:47 - 000092928 _____ C:\Users\Owner\Downloads\resume 2015 (Kyle McManaman).docx - Microsoft Word Online.htm
2017-11-14 15:47 - 2017-11-14 15:47 - 000000000 ____D C:\Users\Owner\Downloads\resume 2015 (Kyle McManaman).docx - Microsoft Word Online_files
2017-11-14 10:42 - 2017-11-14 10:42 - 053914496 _____ (Skype Technologies S.A. ) C:\Users\Owner\Downloads\Skype-8.10.0.9 (1).exe
2017-11-13 20:30 - 2017-11-13 20:30 - 053914496 _____ (Skype Technologies S.A. ) C:\Users\Owner\Downloads\Skype-8.10.0.9.exe
2017-11-13 20:26 - 2017-11-22 11:26 - 000001326 _____ C:\Users\Public\Desktop\Skype.lnk
2017-11-13 20:26 - 2017-11-22 11:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-11-13 20:26 - 2017-11-13 20:26 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2017-11-13 13:21 - 2017-11-13 13:21 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-11-13 10:15 - 2017-11-13 10:15 - 000123362 _____ C:\Users\Owner\Downloads\GACB_2015.pdf
2017-11-10 08:28 - 2017-11-10 08:28 - 000071441 _____ C:\Users\Owner\Downloads\patient-billing-flow.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-12-01 19:38 - 2016-11-30 00:16 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2017-12-01 19:38 - 2016-08-29 18:49 - 000000000 ___DO C:\Users\Owner\OneDrive
2017-12-01 19:36 - 2013-08-22 08:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-01 19:36 - 2013-08-22 08:44 - 000337840 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-01 19:35 - 2016-08-16 19:45 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-12-01 19:35 - 2013-08-22 07:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-12-01 19:31 - 2016-08-18 12:10 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Temp
2017-12-01 18:45 - 2014-11-21 02:44 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-01 18:45 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\Inf
2017-12-01 14:46 - 2013-08-22 09:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-01 14:46 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\AppReadiness
2017-12-01 14:45 - 2016-08-17 12:49 - 000003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{06EA9419-B131-4841-A5DD-11FDC460B3F6}
2017-12-01 14:38 - 2016-08-16 19:11 - 000003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3592585487-3101742847-3297218791-1001
2017-11-28 13:52 - 2016-08-16 18:39 - 000000000 ____D C:\Windows\Panther
2017-11-28 13:45 - 2016-08-16 21:13 - 000000000 ____D C:\Users\Owner
2017-11-28 12:46 - 2017-06-25 07:10 - 000000000 ____D C:\Users\Owner\AppData\Local\Deployment
2017-11-28 11:12 - 2017-01-19 19:46 - 000000000 ____D C:\Users\Owner\AppData\Roaming\VMware
2017-11-24 09:52 - 2016-08-16 22:56 - 000000000 ____D C:\Windows\system32\MRT
2017-11-24 09:49 - 2017-10-15 09:32 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-11-24 09:49 - 2016-08-16 22:56 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-11-22 11:08 - 2017-03-28 15:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-22 11:08 - 2016-08-17 12:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-21 14:45 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\NDF
2017-11-20 14:32 - 2016-08-21 10:08 - 000545440 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-11-19 10:36 - 2016-08-17 12:50 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-19 10:36 - 2016-08-17 12:50 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2017-11-18 10:32 - 2016-08-16 23:01 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-17 08:56 - 2013-08-22 09:20 - 000000000 ____D C:\Windows\CbsTemp
2017-11-14 13:49 - 2017-06-25 07:11 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-14 13:49 - 2017-06-25 07:11 - 000002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-13 15:43 - 2017-06-25 07:10 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-13 15:43 - 2017-06-25 07:10 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-03 18:41 - 2016-08-16 23:03 - 000835568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-03 18:41 - 2016-08-16 23:03 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
Some files in TEMP:
====================
2017-12-01 19:39 - 2017-11-28 13:12 - 011584088 _____ (SurfRight B.V.) C:\Users\Owner\AppData\Local\Temp\HitmanPro.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-27 11:31
==================== End of FRST.txt ============================
#14
Posted 01 December 2017 - 10:01 PM
Himynameiskyle
- Topic Starter
-
- Member
-
- 22 posts
Member
Is there a difference between Windows Powershell and an elevated command prompt?
#15
Posted 02 December 2017 - 04:40 AM
RKinner
-
- Expert
-
- 24,623 posts
Malware Expert
They are not the same and don't use the same commands so best to stay with command prompts. Usually you can search for cmd.exe and then right click on it and run as admin.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
