Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system hijacked


  • This topic is locked This topic is locked
31 replies to this topic

#1 DjChumpchange

DjChumpchange

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 26 December 2013 - 01:11 PM

Hello, i have been badly infected possibly from my brother updating his phone os months ago. i have formatted twice to no avail, locked out of making many changes, my hd has a partition with my system folders in it that launches along side my bootups, apps/programs timing themselves out including chiputil.exe which has blocked me from using my keyboard so im using onscreen, users giving themselves access, stuck on a host client and unable to install windows 7 updates for x64 and much more. such a nightmare, not very hopefull but in need of any and all help and thanks in advance.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Cosito at 11:53:19 on 2013-12-26
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8105.5741 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\mqsvc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\mqtgsvc.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ITknowledge24\Windows Defender Status Manager\wdsmgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\File Association Helper\FAHWindow.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\mmc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\osk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [ASRockXTU] <no file>
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{58B6F302-1C62-4D9B-B6F5-BC793A3C7782} : DHCPNameServer = 97.64.168.12 97.64.183.165
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [wdsmgr] C:\Program Files\ITknowledge24\Windows Defender Status Manager\wdsmgr.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cosito\AppData\Roaming\Mozilla\Firefox\Profiles\59inxxvd.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-11-24 00:41; no-clickjacking@daohoangson.com; C:\Users\Cosito\AppData\Roaming\Mozilla\Firefox\Profiles\59inxxvd.default\extensions\no-clickjacking@daohoangson.com.xpi
FF - ExtSQL: 2013-12-13 20:56; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2013-10-6 302120]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-30 239616]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-12-20 114448]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-12-20 385808]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-10-7 9216]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 27136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-25 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-25 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-10-6 2656280]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-7 39936]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-7 64512]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-25 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-10-6 32344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2013-10-6 65632]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-12-20 402192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S2 SecureUpdateSvc;SecureUpdate;C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2013-10-7 2470736]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-6 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-6 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-6 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-6 1255736]
.
=============== Created Last 30 ================
.
2013-12-26 16:51:56    --------    d-----w-    C:\Users\Cosito\AppData\Roaming\GlarySoft
2013-12-26 16:51:17    --------    d-----w-    C:\Program Files (x86)\Glarysoft
2013-12-26 16:40:00    --------    d-----w-    C:\Program Files (x86)\Advanced Fix 2013
2013-12-26 16:39:28    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE2E396A-AEEC-4F17-988D-B07D1DBB59AC}\mpengine.dll
2013-12-26 09:59:56    10315576    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-26 09:41:42    --------    d-----w-    C:\Program Files (x86)\Etron Technology
2013-12-26 04:41:09    --------    d-----w-    C:\Program Files (x86)\Steam
2013-12-26 04:40:54    --------    d-----w-    C:\Users\Cosito\048298C9A4D3490B9FF9AB023A9238F3.TMP
2013-12-26 03:33:04    --------    d-----w-    C:\Users\Cosito\AppData\Local\Microsoft_Corporation
2013-12-26 03:22:28    --------    d-----w-    C:\Windows\System32\wbem\repository
2013-12-26 03:21:53    --------    d-----w-    C:\Windows\SysWow64\wbem\Performance
2013-12-26 03:17:19    --------    d-----w-    C:\RegBackup
2013-12-26 03:15:27    --------    d-----w-    C:\Program Files (x86)\Tweaking.com
2013-12-26 00:02:49    --------    d-----w-    C:\Users\Cosito\AppData\Roaming\SUPERAntiSpyware.com
2013-12-26 00:02:09    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-12-26 00:02:09    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-12-25 23:46:32    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-25 23:46:30    117464    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2013-12-25 23:45:39    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-25 22:26:35    55296    ----a-w-    C:\Windows\System32\admwprox.dll
2013-12-25 22:26:35    192000    ----a-w-    C:\Windows\System32\iisRtl.dll
2013-12-25 22:26:35    154624    ----a-w-    C:\Windows\SysWow64\iisRtl.dll
2013-12-25 22:26:34    8192    ----a-w-    C:\Windows\SysWow64\iisrstap.dll
2013-12-25 22:26:34    60928    ----a-w-    C:\Windows\System32\ahadmin.dll
2013-12-25 22:26:34    50688    ----a-w-    C:\Windows\SysWow64\admwprox.dll
2013-12-25 22:26:34    26624    ----a-w-    C:\Windows\SysWow64\ahadmin.dll
2013-12-25 22:26:34    16896    ----a-w-    C:\Windows\System32\iisreset.exe
2013-12-25 22:26:34    15360    ----a-w-    C:\Windows\SysWow64\iisreset.exe
2013-12-25 22:26:34    14848    ----a-w-    C:\Windows\System32\wamregps.dll
2013-12-25 22:26:34    11264    ----a-w-    C:\Windows\System32\iisrstap.dll
2013-12-25 22:26:34    10752    ----a-w-    C:\Windows\SysWow64\wamregps.dll
2013-12-25 21:42:23    --------    d-----w-    C:\Windows\pss
2013-12-25 19:46:34    --------    d-----w-    C:\Users\Cosito\AppData\Local\Apps
2013-12-25 19:13:26    --------    d-----w-    C:\Windows\PCHEALTH
2013-12-25 19:12:29    --------    d-----w-    C:\Users\Cosito\AppData\Local\Windows Live
2013-12-25 19:12:26    --------    d-----w-    C:\Program Files (x86)\Common Files\Windows Live
2013-12-25 18:23:25    --------    d-----w-    C:\Windows\System32\msmq
2013-12-25 16:36:16    --------    d-----w-    C:\Windows\SysWow64\BestPractices
2013-12-25 16:36:15    --------    d-----w-    C:\Windows\System32\BestPractices
2013-12-25 16:36:15    --------    d-----w-    C:\inetpub
2013-12-25 16:06:25    --------    d-----w-    C:\Users\Cosito\AppData\Roaming\Malwarebytes
2013-12-25 16:06:17    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-12-25 16:06:16    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-12-25 16:06:16    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 10:40:42    --------    d-----w-    C:\Program Files (x86)\WinPcap
2013-12-25 07:38:04    --------    d-----w-    C:\Program Files (x86)\BlueStacks
2013-12-25 07:37:34    --------    d-----w-    C:\ProgramData\BlueStacksSetup
2013-12-25 07:37:31    --------    d-----w-    C:\ProgramData\BlueStacks
2013-12-14 04:24:17    2876528    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-12-14 04:24:07    42168    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-12-14 03:04:41    --------    d-----w-    C:\Users\Cosito\Emulation
2013-12-14 03:01:53    --------    d-----w-    C:\Users\Cosito\AppData\Roaming\ananke
2013-12-14 02:59:45    --------    d-----w-    C:\Users\Cosito\AppData\Roaming\higan
2013-12-14 02:57:45    --------    d-----w-    C:\Users\Cosito\AppData\Local\WinZip
2013-12-14 02:57:29    --------    d-----w-    C:\Program Files\File Association Helper
2013-12-12 06:15:59    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-12-12 06:15:59    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-12-07 08:53:41    --------    d-----w-    C:\Users\Cosito\AppData\Local\Microsoft Games
2013-12-07 02:40:04    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9A832E98-F278-43FA-8B2D-B8721AC5918F}\gapaengine.dll
2013-12-07 02:38:50    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-12-07 02:38:48    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-12-07 00:03:04    8199504    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-12-07 00:03:01    10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ADCCA668-76E1-4129-ADB0-BB0F08082BD0}\mpengine.dll
2013-11-30 01:19:12    --------    d-----w-    C:\Windows\Migration
2013-11-28 13:26:55    --------    d-----w-    C:\Users\Cosito\AppData\Local\Aimersoft
2013-11-28 13:26:55    --------    d-----w-    C:\Program Files (x86)\Common Files\Aimersoft
2013-11-28 13:26:50    --------    d-----w-    C:\Program Files (x86)\Aimersoft
2013-11-28 11:11:23    --------    d-----w-    C:\Program Files (x86)\Combined Community Codec Pack
.
==================== Find3M  ====================
.
2013-12-11 19:09:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 19:09:20    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-10-12 01:33:26    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-10-12 01:15:48    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-10-07 16:16:08    991816    ----a-w-    C:\Windows\System32\RtkApi64.dll
2013-10-07 04:52:45    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-07 03:26:29    0    ----a-w-    C:\Windows\ativpsrm.bin
2013-10-05 20:25:35    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 02:16:30    116736    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-30 14:16:10    268968    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 11:53:49.36 ===============



BC AdBot (Login to Remove)

 


#2 DjChumpchange

DjChumpchange
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 31 December 2013 - 11:37 AM

I know I'm not supposed to bump but my problems are still just as bad.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:02 PM

Posted 31 December 2013 - 01:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/518667 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 DjChumpchange

DjChumpchange
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 03 January 2014 - 10:07 PM

I have the reinstallation disc for windows 7. still having all the same problems and still cannot update Win 7 64x. Furthermore, I have reformatted twice in the past 5 months and each time I haven't needed to input my serial number for Windows.....this is not a good thing I think if someone has made a virtual copy of my PC...idk
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by Cosito at 21:03:45 on 2014-01-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8104.6290 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\system32\mqsvc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\System32\tcpsvcs.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\mqtgsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ITknowledge24\Windows Defender Status Manager\wdsmgr.exe
C:\Program Files\File Association Helper\FAHWindow.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uRun: [ASRockXTU] <no file>
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{58B6F302-1C62-4D9B-B6F5-BC793A3C7782} : DHCPNameServer = 97.64.168.12 97.64.183.165
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [FAHConsole] C:\Program Files\File Association Helper\FAHConsole.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [wdsmgr] C:\Program Files\ITknowledge24\Windows Defender Status Manager\wdsmgr.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cosito\AppData\Roaming\Mozilla\Firefox\Profiles\59inxxvd.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-11-24 00:41; no-clickjacking@daohoangson.com; C:\Users\Cosito\AppData\Roaming\Mozilla\Firefox\Profiles\59inxxvd.default\extensions\no-clickjacking@daohoangson.com.xpi
FF - ExtSQL: 2013-12-13 20:56; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2013-10-6 302120]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-8-30 239616]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-12-20 114448]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-12-20 385808]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 27136]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-10-6 2656280]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-7 39936]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-7 64512]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-10-6 32344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 VirtuWDDM;VirtuWDDM;C:\Windows\System32\drivers\VirtuWDDM.sys [2013-10-6 65632]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-12-20 402192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-25 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-25 701512]
S2 SecureUpdateSvc;SecureUpdate;C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2013-10-7 2470736]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-25 25928]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-6 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-6 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-6 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-6 1255736]
.
=============== Created Last 30 ================
.
2014-01-02 22:36:08    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4CAA132B-7544-48CE-AB5A-24E0B00F80C5}\mpengine.dll
2014-01-02 18:59:51    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-28 21:16:36    --------    d-----w-    C:\Program Files\CCleaner
2013-12-26 16:51:56    --------    d-----w-    C:\Users\Cosito\AppData\Roaming\GlarySoft
2013-12-26 16:51:17    --------    d-----w-    C:\Program Files (x86)\Glarysoft
2013-12-26 16:40:00    --------    d-----w-    C:\Program Files (x86)\Advanced Fix 2013
2013-12-26 09:41:42    --------    d-----w-    C:\Program Files (x86)\Etron Technology
2013-12-26 04:40:54    --------    d-----w-    C:\Users\Cosito\048298C9A4D3490B9FF9AB023A9238F3.TMP
2013-12-26 03:33:04    --------    d-----w-    C:\Users\Cosito\AppData\Local\Microsoft_Corporation
2013-12-26 03:22:28    --------    d-----w-    C:\Windows\System32\wbem\repository
2013-12-26 03:21:53    --------    d-----w-    C:\Windows\SysWow64\wbem\Performance
2013-12-26 03:17:19    --------    d-----w-    C:\RegBackup
2013-12-26 03:15:27    --------    d-----w-    C:\Program Files (x86)\Tweaking.com
2013-12-26 00:02:49    --------    d-----w-    C:\Users\Cosito\AppData\Roaming\SUPERAntiSpyware.com
2013-12-26 00:02:09    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-12-26 00:02:09    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-12-25 23:46:32    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-25 23:45:39    89304    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2013-12-25 22:26:35    55296    ----a-w-    C:\Windows\System32\admwprox.dll
2013-12-25 22:26:35    192000    ----a-w-    C:\Windows\System32\iisRtl.dll
2013-12-25 22:26:35    154624    ----a-w-    C:\Windows\SysWow64\iisRtl.dll
2013-12-25 22:26:34    8192    ----a-w-    C:\Windows\SysWow64\iisrstap.dll
2013-12-25 22:26:34    60928    ----a-w-    C:\Windows\System32\ahadmin.dll
2013-12-25 22:26:34    50688    ----a-w-    C:\Windows\SysWow64\admwprox.dll
2013-12-25 22:26:34    26624    ----a-w-    C:\Windows\SysWow64\ahadmin.dll
2013-12-25 22:26:34    16896    ----a-w-    C:\Windows\System32\iisreset.exe
2013-12-25 22:26:34    15360    ----a-w-    C:\Windows\SysWow64\iisreset.exe
2013-12-25 22:26:34    14848    ----a-w-    C:\Windows\System32\wamregps.dll
2013-12-25 22:26:34    11264    ----a-w-    C:\Windows\System32\iisrstap.dll
2013-12-25 22:26:34    10752    ----a-w-    C:\Windows\SysWow64\wamregps.dll
2013-12-25 21:42:23    --------    d-----w-    C:\Windows\pss
2013-12-25 19:46:34    --------    d-----w-    C:\Users\Cosito\AppData\Local\Apps
2013-12-25 19:13:26    --------    d-----w-    C:\Windows\PCHEALTH
2013-12-25 19:12:29    --------    d-----w-    C:\Users\Cosito\AppData\Local\Windows Live
2013-12-25 19:12:26    --------    d-----w-    C:\Program Files (x86)\Common Files\Windows Live
2013-12-25 18:23:25    --------    d-----w-    C:\Windows\System32\msmq
2013-12-25 16:36:16    --------    d-----w-    C:\Windows\SysWow64\BestPractices
2013-12-25 16:36:15    --------    d-----w-    C:\Windows\System32\BestPractices
2013-12-25 16:36:15    --------    d-----w-    C:\inetpub
2013-12-25 16:06:25    --------    d-----w-    C:\Users\Cosito\AppData\Roaming\Malwarebytes
2013-12-25 16:06:17    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-12-25 16:06:16    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-12-25 16:06:16    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 10:40:42    --------    d-----w-    C:\Program Files (x86)\WinPcap
2013-12-25 07:38:04    --------    d-----w-    C:\Program Files (x86)\BlueStacks
2013-12-25 07:37:34    --------    d-----w-    C:\ProgramData\BlueStacksSetup
2013-12-25 07:37:31    --------    d-----w-    C:\ProgramData\BlueStacks
2013-12-14 04:24:17    2876528    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-12-14 04:24:07    42168    ----a-w-    C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-12-14 03:04:41    --------    d-----w-    C:\Users\Cosito\Emulation
2013-12-14 03:01:53    --------    d-----w-    C:\Users\Cosito\AppData\Roaming\ananke
2013-12-14 02:59:45    --------    d-----w-    C:\Users\Cosito\AppData\Roaming\higan
2013-12-14 02:57:45    --------    d-----w-    C:\Users\Cosito\AppData\Local\WinZip
2013-12-14 02:57:29    --------    d-----w-    C:\Program Files\File Association Helper
2013-12-12 06:15:59    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-12-12 06:15:59    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-12-07 08:53:41    --------    d-----w-    C:\Users\Cosito\AppData\Local\Microsoft Games
2013-12-07 02:40:04    965000    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9A832E98-F278-43FA-8B2D-B8721AC5918F}\gapaengine.dll
2013-12-07 02:38:50    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-12-07 02:38:48    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-12-07 00:03:04    8199504    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-12-07 00:03:01    10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ADCCA668-76E1-4129-ADB0-BB0F08082BD0}\mpengine.dll
.
==================== Find3M  ====================
.
2013-12-11 19:09:20    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 19:09:20    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04    150016    ----a-w-    C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04    202752    ----a-w-    C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36    121856    ----a-w-    C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31    163840    ----a-w-    C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39    156160    ----a-w-    C:\Windows\System32\cscript.exe
2013-10-12 01:33:26    168960    ----a-w-    C:\Windows\System32\wscript.exe
2013-10-12 01:15:48    141824    ----a-w-    C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48    126976    ----a-w-    C:\Windows\SysWow64\cscript.exe
2013-10-07 16:16:08    991816    ----a-w-    C:\Windows\System32\RtkApi64.dll
2013-10-07 04:52:45    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-07 03:26:29    0    ----a-w-    C:\Windows\ativpsrm.bin
.
============= FINISH: 21:04:28.77 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2013 9:29:07 PM
System Uptime: 1/2/2014 5:05:08 AM (40 hours ago)
.
Motherboard: ASRock | | Z68 Extreme4 Gen3
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | CPUSocket | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 726.741 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP75: 12/25/2013 4:12:22 PM - Removed Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
RP76: 12/25/2013 4:12:51 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
RP77: 12/25/2013 4:13:36 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP78: 12/25/2013 4:14:17 PM - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
RP79: 12/25/2013 4:15:09 PM - Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
RP80: 12/25/2013 4:16:04 PM - Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
RP81: 12/25/2013 4:24:04 PM - Windows Update
RP82: 12/25/2013 4:26:37 PM - Windows Update
RP83: 12/25/2013 9:17:03 PM - Tweaking.com - Windows Repair
RP84: 12/25/2013 10:32:14 PM - Removed Etron USB3.0 Host Controller
RP85: 12/25/2013 10:40:46 PM - Removed Steam
RP86: 12/26/2013 3:41:29 AM - Installed Etron USB3.0 Host Controller
RP87: 12/26/2013 3:56:35 AM - Windows Update
RP88: 12/26/2013 10:31:41 AM - Windows Update
RP89: 12/28/2013 3:18:06 PM - Removed Steam
RP90: 12/28/2013 3:20:19 PM - Removed Hi-Rez Studios Games
RP91: 12/29/2013 7:00:04 PM - Windows Backup
RP92: 12/29/2013 10:54:37 PM - Windows Update
RP93: 1/2/2014 12:59:10 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Advanced Fix 2013 version 2.1.3.80
Aimersoft DVD Creator(Build 2.6.5)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD AVIVO64 Codecs
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
ArgusMonitor
ASRock eXtreme Tuner v0.1.98
Battle.net
BlueStacks App Player
BlueStacks Notification Center
Broadcom Gigabit NetLink Controller
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Combined Community Codec Pack 2013-11-27
Core Temp 1.0 RC5
CPUID CPU-Z 1.67
D3DX10
Etron USB3.0 Host Controller
File Association Helper
Hearthstone
HydraVision
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
League of Legends
Malwarebytes Anti-Malware version 1.75.0.1300
marvell 91xx driver
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Pando Media Booster
PlanetSide 2
Realtek High Definition Audio Driver
Registry Repair 4.1.0.388
Skype™ 6.11
SUPERAntiSpyware
Tweaking.com - Windows Repair (All in One)
VIRTU 1.2.103
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.3
WinZip 18.0
.
==== Event Viewer Messages From Past Week ========
.
12/31/2013 8:09:44 PM, Error: Service Control Manager [7034] - The SecureUpdate service terminated unexpectedly. It has done this 1 time(s).
12/31/2013 8:06:37 PM, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.
12/31/2013 8:06:31 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
12/27/2013 8:04:19 PM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 05 January 2014 - 09:33 PM.
Posted Attach log


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:02 PM

Posted 05 January 2014 - 09:26 PM

Greetings DjChumpchange and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review your situation please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:02 PM

Posted 09 January 2014 - 09:12 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 DjChumpchange

DjChumpchange
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 09 January 2014 - 04:11 PM

Hello, sorry for the delay. I am following your instructions now and will rerply with the results. Thank you for the response.

 

 

Edit: Here are the results.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-01-2014 01
Ran by Cosito (administrator) on MYPC on 09-01-2014 15:13:17
Running from C:\Users\Cosito\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ITknowledge24.com) C:\Program Files\ITknowledge24\Windows Defender Status Manager\wdsmgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FAHConsole] - C:\Program Files\File Association Helper\FAHConsole.exe [216248 2013-09-26] (WinZip Computing International, LLC)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [wdsmgr] - C:\Program Files\ITknowledge24\Windows Defender Status Manager\wdsmgr.exe [164352 2013-10-08] (ITknowledge24.com)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-10-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [807696 2013-12-20] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1666560 2012-02-20] (AimerSoft)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [ASRockXTU] - [x]
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563096 2013-12-19] (SUPERAntiSpyware)
HKCU\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-02-09] (AMD)
MountPoints2: {90621986-2f06-11e3-a5ee-806e6f6e6963} - D:\setup.exe
HKU\Guest\...\Run: [HydraVisionDesktopManager] - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-02-09] (AMD)
HKU\Guest\...\RunOnce: [osk.exe] - C:\Windows\System32\osk.exe [692736 2009-07-13] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC8E4A8300AC3CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=21&locale=en_US&gct=sb&qsrc=2869
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 97.64.168.12 97.64.183.165

FireFox:
========
FF ProfilePath: C:\Users\Cosito\AppData\Roaming\Mozilla\Firefox\Profiles\59inxxvd.default
FF user.js: detected! => C:\Users\Cosito\AppData\Roaming\Mozilla\Firefox\Profiles\59inxxvd.default\user.js
FF Homepage: https://www.google.com/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Cosito\AppData\Roaming\Mozilla\Firefox\Profiles\59inxxvd.default\searchplugins\safeguard-secure-search.xml
FF Extension: Empty Cache Button - C:\Users\Cosito\AppData\Roaming\Mozilla\Firefox\Profiles\59inxxvd.default\Extensions\{4cc4a13b-94a6-7568-370d-5f9de54a9c7f}
FF Extension: Clickjacking Reveal - C:\Users\Cosito\AppData\Roaming\Mozilla\Firefox\Profiles\59inxxvd.default\Extensions\no-clickjacking@daohoangson.com.xpi
FF Extension: NoScript - C:\Users\Cosito\AppData\Roaming\Mozilla\Firefox\Profiles\59inxxvd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\Cosito\AppData\Roaming\Mozilla\Firefox\Profiles\59inxxvd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (AccelerateTab) - C:\Users\Cosito\AppData\Local\Google\Chrome\User Data\Default\Extensions\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2013-12-20] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-12-20] (BlueStack Systems, Inc.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S2 SecureUpdateSvc; C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe [2470736 2013-09-29] ()
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWow64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 ArgusMonitor; C:\Windows\SysWow64\drivers\ArgusMonitor.sys [73152 2013-08-30] (Argotronic UG (haftungsbeschraenkt))
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [114448 2013-12-20] (BlueStack Systems)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 ALSysIO; \??\C:\Users\Cosito\AppData\Local\Temp\ALSysIO64.sys [x]
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-09 15:13 - 2014-01-09 15:13 - 00011702 _____ C:\Users\Cosito\Downloads\FRST.txt
2014-01-09 15:12 - 2014-01-09 15:12 - 01931770 _____ (Farbar) C:\Users\Cosito\Downloads\FRST64.exe
2014-01-09 15:12 - 2014-01-09 15:12 - 00000000 ____D C:\FRST
2014-01-08 20:18 - 2014-01-08 20:18 - 00000042 _____ C:\Users\Cosito\Desktop\Minecraft Seed.txt
2014-01-06 10:55 - 2014-01-06 10:55 - 00543087 _____ C:\Users\Cosito\Desktop\Ifyoueverfeeldumbatleastyourenotthesepeople-73145.jpeg
2014-01-05 04:33 - 2014-01-05 04:33 - 00001530 _____ C:\Windows\PFRO.log
2014-01-04 20:16 - 2014-01-04 20:16 - 00001055 _____ C:\Users\Public\Desktop\Argus Monitor.lnk
2014-01-04 20:16 - 2014-01-04 20:16 - 00000000 ____D C:\Program Files (x86)\ArgusMonitor
2014-01-04 20:15 - 2014-01-04 20:15 - 10173944 _____ (Argotronic UG (haftungsbeschraenkt)) C:\Users\Cosito\Downloads\ArgusMonitor_Setup(1).exe
2014-01-04 14:32 - 2014-01-09 11:20 - 00000934 _____ C:\Windows\setupact.log
2014-01-04 14:32 - 2014-01-04 14:32 - 00000000 _____ C:\Windows\setuperr.log
2013-12-30 17:47 - 2013-12-30 17:47 - 00001908 _____ C:\Windows\diagwrn.xml
2013-12-30 17:47 - 2013-12-30 17:47 - 00001908 _____ C:\Windows\diagerr.xml
2013-12-28 15:25 - 2013-12-28 15:25 - 00000000 ____D C:\Users\Cosito\Documents\Ccleaner
2013-12-28 15:16 - 2013-12-28 15:16 - 03571656 _____ (Piriform Ltd) C:\Users\Cosito\Downloads\ccsetup409_slim.exe
2013-12-28 15:16 - 2013-12-28 15:16 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-28 15:16 - 2013-12-28 15:16 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-28 15:16 - 2013-12-28 15:16 - 00000000 ____D C:\Program Files\CCleaner
2013-12-27 20:04 - 2013-12-27 20:04 - 00000010 _____ C:\Users\Cosito\Documents\ps.txt
2013-12-26 11:53 - 2013-12-26 11:53 - 00020276 _____ C:\Users\Cosito\Documents\dds.txt
2013-12-26 11:53 - 2013-12-26 11:53 - 00011051 _____ C:\Users\Cosito\Documents\attach.txt
2013-12-26 11:52 - 2013-12-26 11:52 - 00688992 ____R (Swearware) C:\Users\Cosito\Downloads\dds.com
2013-12-26 10:51 - 2013-12-26 10:51 - 00001224 _____ C:\Users\Cosito\Desktop\Registry Repair.lnk
2013-12-26 10:51 - 2013-12-26 10:51 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
2013-12-26 10:51 - 2013-12-26 10:51 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\GlarySoft
2013-12-26 10:51 - 2013-12-26 10:51 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2013-12-26 10:50 - 2013-12-26 10:51 - 02173792 _____ C:\Users\Cosito\Downloads\rrsetup.exe
2013-12-26 10:40 - 2013-12-26 10:47 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 2013
2013-12-26 10:40 - 2013-12-26 10:40 - 00001085 _____ C:\Users\Public\Desktop\Advanced Fix 2013.lnk
2013-12-26 10:37 - 2013-12-26 10:38 - 06657112 _____ (Advanced Fix, Inc.                                          ) C:\Users\Cosito\Downloads\PCMAX_AF_ErrorsFix_Setup.exe
2013-12-26 03:59 - 2013-12-26 11:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-26 03:59 - 2013-12-26 11:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-26 03:41 - 2013-12-26 03:41 - 00000000 ____D C:\Program Files (x86)\Etron Technology
2013-12-26 03:11 - 2013-12-26 03:11 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe
2013-12-26 03:08 - 2013-12-26 03:09 - 00000000 ____D C:\Users\Guest\lucidlogix
2013-12-26 02:35 - 2013-12-26 03:38 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2013-12-26 02:35 - 2013-12-26 03:11 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2013-12-26 02:35 - 2013-12-26 02:39 - 00000000 ____D C:\Users\Guest\AppData\Local\CrashDumps
2013-12-26 02:35 - 2013-12-26 02:35 - 00058400 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-26 02:35 - 2013-12-26 02:35 - 00001413 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-26 02:35 - 2013-12-26 02:35 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-26 02:35 - 2013-12-26 02:35 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-26 02:35 - 2013-12-26 02:35 - 00000000 ____D C:\Users\Guest\AppData\Roaming\ATI
2013-12-26 02:35 - 2013-12-26 02:35 - 00000000 ____D C:\Users\Guest\AppData\Local\ATI
2013-12-26 02:35 - 2013-12-26 02:35 - 00000000 ____D C:\Users\Guest\AppData\Local\Aimersoft
2013-12-26 02:34 - 2013-12-26 03:08 - 00000000 ____D C:\Users\Guest
2013-12-26 02:34 - 2013-12-26 02:34 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2013-12-26 02:34 - 2013-10-08 20:53 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2013-12-26 02:34 - 2009-07-13 22:54 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-26 02:34 - 2009-07-13 22:49 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-25 22:40 - 2013-12-25 22:40 - 00000000 ____D C:\Users\Cosito\048298C9A4D3490B9FF9AB023A9238F3.TMP
2013-12-25 21:33 - 2013-12-25 21:33 - 00000000 ____D C:\Users\Cosito\AppData\Local\Microsoft_Corporation
2013-12-25 21:20 - 2013-12-25 21:24 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-12-25 21:17 - 2013-12-25 21:17 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MYPC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2013-12-25 21:17 - 2013-12-25 21:17 - 00000000 ____D C:\RegBackup
2013-12-25 21:15 - 2013-12-25 21:15 - 05045639 _____ C:\Users\Cosito\Downloads\tweaking.com_windows_repair_aio_setup.exe
2013-12-25 21:15 - 2013-12-25 21:15 - 00002159 _____ C:\Users\Cosito\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-12-25 21:15 - 2013-12-25 21:15 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2013-12-25 21:15 - 2013-12-25 21:15 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-12-25 18:02 - 2013-12-25 18:02 - 00001808 _____ C:\Users\Cosito\Desktop\SUPERAntiSpyware Professional.lnk
2013-12-25 18:02 - 2013-12-25 18:02 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\SUPERAntiSpyware.com
2013-12-25 18:02 - 2013-12-25 18:02 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2013-12-25 18:02 - 2013-12-25 18:02 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-25 18:02 - 2013-12-25 18:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-25 17:58 - 2013-12-25 17:58 - 29185104 _____ (SUPERAntiSpyware) C:\Users\Cosito\Downloads\SUPERAntiSpywarePro.exe
2013-12-25 17:46 - 2013-12-25 17:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-25 17:45 - 2013-12-25 17:57 - 00000000 ____D C:\Users\Cosito\Documents\mbar
2013-12-25 17:45 - 2013-12-25 17:45 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-25 17:44 - 2013-12-25 17:45 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Cosito\Downloads\mbar-1.07.0.1008.exe
2013-12-25 16:26 - 2012-05-31 23:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2013-12-25 16:26 - 2012-05-31 23:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2013-12-25 16:26 - 2012-05-31 23:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2013-12-25 16:26 - 2012-05-31 23:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2013-12-25 16:26 - 2012-05-31 23:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2013-12-25 16:26 - 2012-05-31 23:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2013-12-25 16:26 - 2012-05-31 22:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2013-12-25 16:26 - 2012-05-31 22:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2013-12-25 16:26 - 2012-05-31 22:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2013-12-25 16:26 - 2012-05-31 22:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2013-12-25 16:26 - 2012-05-31 22:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2013-12-25 16:26 - 2012-05-31 22:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2013-12-25 16:01 - 2013-12-25 15:34 - 03106744 _____ C:\Users\Cosito\Documents\report.html
2013-12-25 15:42 - 2013-12-27 20:11 - 00000000 ____D C:\Windows\pss
2013-12-25 14:15 - 2013-12-25 14:15 - 00000017 _____ C:\Users\Cosito\AppData\Local\resmon.resmoncfg
2013-12-25 13:46 - 2013-12-25 13:46 - 00000000 ____D C:\Users\Cosito\AppData\Local\Apps\2.0
2013-12-25 13:13 - 2013-12-25 13:13 - 00000000 ____D C:\Windows\PCHEALTH
2013-12-25 13:13 - 2013-12-25 13:13 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-12-25 13:12 - 2013-12-25 13:19 - 00000000 ____D C:\Users\Cosito\AppData\Local\Windows Live
2013-12-25 13:12 - 2013-12-25 13:12 - 31037288 _____ (Microsoft Corporation) C:\Users\Cosito\Downloads\wlsetup-idcrl.exe
2013-12-25 13:02 - 2013-12-25 13:02 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-25 12:24 - 2013-12-25 12:24 - 00000020 ___SH C:\Users\Classic .NET AppPool\ntuser.ini
2013-12-25 12:24 - 2013-12-25 12:24 - 00000000 ____D C:\Users\Classic .NET AppPool
2013-12-25 12:24 - 2013-10-08 20:53 - 00000000 ____D C:\Users\Classic .NET AppPool\AppData\Roaming\Macromedia
2013-12-25 12:24 - 2009-07-13 22:54 - 00000000 ___RD C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-25 12:24 - 2009-07-13 22:49 - 00000000 ___RD C:\Users\Classic .NET AppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-25 12:23 - 2013-12-25 12:23 - 00000000 ____D C:\Windows\system32\msmq
2013-12-25 10:36 - 2013-12-25 10:36 - 00000000 ____D C:\Windows\SysWOW64\BestPractices
2013-12-25 10:36 - 2013-12-25 10:36 - 00000000 ____D C:\Windows\system32\BestPractices
2013-12-25 10:36 - 2013-12-25 10:36 - 00000000 ____D C:\inetpub
2013-12-25 10:06 - 2013-12-25 10:06 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-25 10:06 - 2013-12-25 10:06 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\Malwarebytes
2013-12-25 10:06 - 2013-12-25 10:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-25 10:06 - 2013-12-25 10:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 10:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-25 10:05 - 2013-12-25 10:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Cosito\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-25 07:50 - 2013-12-25 07:50 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Cosito\Downloads\tdsskiller.exe
2013-12-25 07:02 - 2013-12-25 07:02 - 01528184 _____ (Microsoft Corporation) C:\Users\Cosito\Downloads\GenuineCheck.exe
2013-12-25 07:02 - 2013-12-25 07:02 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage
2013-12-25 06:40 - 2013-12-25 06:40 - 00000000 ____D C:\Users\Cosito\Documents\CheckSURLog
2013-12-25 06:30 - 2013-12-25 06:30 - 00257024 _____ (Intel® Corporation) C:\Users\Cosito\Downloads\ChipUtil.exe
2013-12-25 04:57 - 2013-12-25 04:57 - 03187624 _____ C:\Users\Cosito\Downloads\Snort_2_9_5_6_Installer.exe
2013-12-25 04:50 - 2013-12-25 04:50 - 00003591 _____ C:\Users\Cosito\Downloads\release_notes_2.9.5.6.txt
2013-12-25 04:40 - 2013-12-25 04:40 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\Cosito\Downloads\WinPcap_4_1_3.exe
2013-12-25 04:40 - 2013-12-25 04:40 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-12-25 01:38 - 2013-12-25 01:38 - 00001807 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2013-12-25 01:38 - 2013-12-25 01:38 - 00001780 _____ C:\Users\Public\Desktop\Apps.lnk
2013-12-25 01:38 - 2013-12-25 01:38 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2013-12-25 01:37 - 2013-12-25 01:39 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-12-25 01:37 - 2013-12-25 01:38 - 00000000 ____D C:\ProgramData\BlueStacks
2013-12-25 01:37 - 2013-12-25 01:37 - 10245808 _____ (BlueStack Systems Inc.) C:\Users\Cosito\Downloads\BlueStacks-SplitInstaller_native.exe
2013-12-13 21:12 - 2013-12-13 21:12 - 00004305 _____ C:\Users\Cosito\Desktop\higan - Shortcut.lnk
2013-12-13 21:04 - 2013-12-13 21:04 - 00000000 ____D C:\Users\Cosito\Emulation
2013-12-13 21:01 - 2013-12-13 21:03 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\ananke
2013-12-13 21:01 - 2013-12-13 21:01 - 00000000 ____D C:\Users\Cosito\Documents\Ogre Battle - The March of the Black Queen
2013-12-13 20:59 - 2013-12-13 20:59 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\higan
2013-12-13 20:58 - 2013-12-13 20:58 - 00000000 ____D C:\Users\Cosito\Documents\higan_v093r09
2013-12-13 20:57 - 2013-12-13 20:57 - 00000000 ____D C:\Users\Cosito\AppData\Local\WinZip
2013-12-13 20:57 - 2013-12-13 20:57 - 00000000 ____D C:\ProgramData\WinZip
2013-12-13 20:57 - 2013-12-13 20:57 - 00000000 ____D C:\Program Files\WinZip
2013-12-13 20:57 - 2013-12-13 20:57 - 00000000 ____D C:\Program Files\File Association Helper
2013-12-13 20:55 - 2013-12-13 20:55 - 01632199 _____ C:\Users\Cosito\Downloads\higan_v093r09.7z
2013-12-13 20:55 - 2013-12-13 20:55 - 00420776 _____ (WinZip Computing) C:\Users\Cosito\Downloads\WinZip180.exe
2013-12-12 00:16 - 2013-11-26 05:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 00:16 - 2013-11-26 04:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 00:16 - 2013-11-26 04:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 00:16 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 00:16 - 2013-11-26 03:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 00:16 - 2013-11-26 03:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 00:16 - 2013-11-26 03:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 00:16 - 2013-11-26 03:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 00:16 - 2013-11-26 03:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 00:16 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 00:16 - 2013-11-26 03:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 00:16 - 2013-11-26 03:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 00:16 - 2013-11-26 03:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 00:16 - 2013-11-26 03:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 00:16 - 2013-11-26 02:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 00:16 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 00:16 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 00:16 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 00:16 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 00:16 - 2013-11-26 02:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 00:16 - 2013-11-26 01:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 00:16 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 00:16 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 00:16 - 2013-11-26 01:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 00:16 - 2013-11-26 00:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 00:16 - 2013-11-26 00:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 00:16 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 00:16 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 00:16 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 00:16 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 00:16 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 00:16 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 00:16 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 00:15 - 2013-11-26 02:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 00:15 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 10:04 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-11 10:04 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-11 10:04 - 2013-11-11 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 10:04 - 2013-11-11 20:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 10:04 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-11 10:04 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-11 10:04 - 2013-10-29 19:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 10:04 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 10:04 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 10:04 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 10:04 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 10:04 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 10:04 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 10:04 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 10:04 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 10:04 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 10:04 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 10:04 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 10:04 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

==================== One Month Modified Files and Folders =======

2014-01-09 15:13 - 2014-01-09 15:13 - 00011702 _____ C:\Users\Cosito\Downloads\FRST.txt
2014-01-09 15:12 - 2014-01-09 15:12 - 01931770 _____ (Farbar) C:\Users\Cosito\Downloads\FRST64.exe
2014-01-09 15:12 - 2014-01-09 15:12 - 00000000 ____D C:\FRST
2014-01-09 15:09 - 2013-10-06 23:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-09 15:09 - 2013-10-06 22:14 - 01583386 _____ C:\Windows\WindowsUpdate.log
2014-01-09 11:27 - 2009-07-13 22:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-09 11:27 - 2009-07-13 22:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-09 11:24 - 2009-07-13 23:13 - 00897516 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 11:23 - 2013-11-24 00:12 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{52AEDD3F-6D7F-402D-B34C-A8D37EDBA2C0}
2014-01-09 11:22 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\inetsrv
2014-01-09 11:22 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Registration
2014-01-09 11:20 - 2014-01-04 14:32 - 00000934 _____ C:\Windows\setupact.log
2014-01-09 11:20 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-09 00:06 - 2013-10-08 21:07 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\Skype
2014-01-08 20:18 - 2014-01-08 20:18 - 00000042 _____ C:\Users\Cosito\Desktop\Minecraft Seed.txt
2014-01-06 10:55 - 2014-01-06 10:55 - 00543087 _____ C:\Users\Cosito\Desktop\Ifyoueverfeeldumbatleastyourenotthesepeople-73145.jpeg
2014-01-05 04:33 - 2014-01-05 04:33 - 00001530 _____ C:\Windows\PFRO.log
2014-01-04 20:16 - 2014-01-04 20:16 - 00001055 _____ C:\Users\Public\Desktop\Argus Monitor.lnk
2014-01-04 20:16 - 2014-01-04 20:16 - 00000000 ____D C:\Program Files (x86)\ArgusMonitor
2014-01-04 20:16 - 2013-11-02 13:18 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2014-01-04 20:15 - 2014-01-04 20:15 - 10173944 _____ (Argotronic UG (haftungsbeschraenkt)) C:\Users\Cosito\Downloads\ArgusMonitor_Setup(1).exe
2014-01-04 14:32 - 2014-01-04 14:32 - 00000000 _____ C:\Windows\setuperr.log
2014-01-04 14:28 - 2013-10-29 14:24 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\uTorrent
2014-01-04 14:27 - 2013-10-09 08:40 - 00000000 ____D C:\Users\Cosito\AppData\Local\CrashDumps
2014-01-02 15:53 - 2013-10-08 13:39 - 00000000 ____D C:\Users\Cosito\AppData\Local\PMB Files
2014-01-02 15:53 - 2013-10-08 13:39 - 00000000 ____D C:\ProgramData\PMB Files
2014-01-01 14:43 - 2013-10-26 02:36 - 00000000 ____D C:\Users\Cosito\AppData\Local\Battle.net
2014-01-01 14:28 - 2013-10-26 02:36 - 00000000 ____D C:\Program Files (x86)\Battle.net
2013-12-31 19:36 - 2013-10-07 11:47 - 00000000 ____D C:\Users\Cosito\Documents\My Games
2013-12-30 17:47 - 2013-12-30 17:47 - 00001908 _____ C:\Windows\diagwrn.xml
2013-12-30 17:47 - 2013-12-30 17:47 - 00001908 _____ C:\Windows\diagerr.xml
2013-12-28 15:28 - 2013-10-06 23:10 - 00000000 ____D C:\Windows\panther
2013-12-28 15:25 - 2013-12-28 15:25 - 00000000 ____D C:\Users\Cosito\Documents\Ccleaner
2013-12-28 15:20 - 2013-10-07 10:10 - 00000000 ____D C:\ProgramData\Hi-Rez Studios
2013-12-28 15:20 - 2013-10-07 10:10 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2013-12-28 15:20 - 2013-10-06 20:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-12-28 15:16 - 2013-12-28 15:16 - 03571656 _____ (Piriform Ltd) C:\Users\Cosito\Downloads\ccsetup409_slim.exe
2013-12-28 15:16 - 2013-12-28 15:16 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-12-28 15:16 - 2013-12-28 15:16 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-28 15:16 - 2013-12-28 15:16 - 00000000 ____D C:\Program Files\CCleaner
2013-12-27 20:11 - 2013-12-25 15:42 - 00000000 ____D C:\Windows\pss
2013-12-27 20:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-27 20:04 - 2013-12-27 20:04 - 00000010 _____ C:\Users\Cosito\Documents\ps.txt
2013-12-27 20:04 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-12-26 11:53 - 2013-12-26 11:53 - 00020276 _____ C:\Users\Cosito\Documents\dds.txt
2013-12-26 11:53 - 2013-12-26 11:53 - 00011051 _____ C:\Users\Cosito\Documents\attach.txt
2013-12-26 11:52 - 2013-12-26 11:52 - 00688992 ____R (Swearware) C:\Users\Cosito\Downloads\dds.com
2013-12-26 11:00 - 2013-12-26 03:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-26 11:00 - 2013-12-26 03:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-26 10:51 - 2013-12-26 10:51 - 00001224 _____ C:\Users\Cosito\Desktop\Registry Repair.lnk
2013-12-26 10:51 - 2013-12-26 10:51 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Glarysoft
2013-12-26 10:51 - 2013-12-26 10:51 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\GlarySoft
2013-12-26 10:51 - 2013-12-26 10:51 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2013-12-26 10:51 - 2013-12-26 10:50 - 02173792 _____ C:\Users\Cosito\Downloads\rrsetup.exe
2013-12-26 10:47 - 2013-12-26 10:40 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 2013
2013-12-26 10:40 - 2013-12-26 10:40 - 00001085 _____ C:\Users\Public\Desktop\Advanced Fix 2013.lnk
2013-12-26 10:38 - 2013-12-26 10:37 - 06657112 _____ (Advanced Fix, Inc.                                          ) C:\Users\Cosito\Downloads\PCMAX_AF_ErrorsFix_Setup.exe
2013-12-26 06:00 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-12-26 04:02 - 2009-07-13 23:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-26 03:46 - 2013-10-06 20:47 - 00018366 _____ C:\Windows\system32\results.xml
2013-12-26 03:41 - 2013-12-26 03:41 - 00000000 ____D C:\Program Files (x86)\Etron Technology
2013-12-26 03:38 - 2013-12-26 02:35 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2013-12-26 03:11 - 2013-12-26 03:11 - 00000000 ____D C:\Users\Guest\AppData\Local\Adobe
2013-12-26 03:11 - 2013-12-26 02:35 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2013-12-26 03:09 - 2013-12-26 03:08 - 00000000 ____D C:\Users\Guest\lucidlogix
2013-12-26 03:08 - 2013-12-26 02:34 - 00000000 ____D C:\Users\Guest
2013-12-26 02:39 - 2013-12-26 02:35 - 00000000 ____D C:\Users\Guest\AppData\Local\CrashDumps
2013-12-26 02:35 - 2013-12-26 02:35 - 00058400 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-26 02:35 - 2013-12-26 02:35 - 00001413 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-26 02:35 - 2013-12-26 02:35 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-26 02:35 - 2013-12-26 02:35 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-26 02:35 - 2013-12-26 02:35 - 00000000 ____D C:\Users\Guest\AppData\Roaming\ATI
2013-12-26 02:35 - 2013-12-26 02:35 - 00000000 ____D C:\Users\Guest\AppData\Local\ATI
2013-12-26 02:35 - 2013-12-26 02:35 - 00000000 ____D C:\Users\Guest\AppData\Local\Aimersoft
2013-12-26 02:34 - 2013-12-26 02:34 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2013-12-25 22:40 - 2013-12-25 22:40 - 00000000 ____D C:\Users\Cosito\048298C9A4D3490B9FF9AB023A9238F3.TMP
2013-12-25 22:40 - 2013-10-06 20:29 - 00000000 ____D C:\Users\Cosito
2013-12-25 21:33 - 2013-12-25 21:33 - 00000000 ____D C:\Users\Cosito\AppData\Local\Microsoft_Corporation
2013-12-25 21:27 - 2013-10-06 20:55 - 00058400 _____ C:\Users\Cosito\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-25 21:26 - 2009-07-13 22:45 - 00268856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-25 21:24 - 2013-12-25 21:20 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-12-25 21:21 - 2013-10-06 21:52 - 00897324 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-25 21:17 - 2013-12-25 21:17 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MYPC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2013-12-25 21:17 - 2013-12-25 21:17 - 00000000 ____D C:\RegBackup
2013-12-25 21:15 - 2013-12-25 21:15 - 05045639 _____ C:\Users\Cosito\Downloads\tweaking.com_windows_repair_aio_setup.exe
2013-12-25 21:15 - 2013-12-25 21:15 - 00002159 _____ C:\Users\Cosito\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-12-25 21:15 - 2013-12-25 21:15 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2013-12-25 21:15 - 2013-12-25 21:15 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-12-25 18:02 - 2013-12-25 18:02 - 00001808 _____ C:\Users\Cosito\Desktop\SUPERAntiSpyware Professional.lnk
2013-12-25 18:02 - 2013-12-25 18:02 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\SUPERAntiSpyware.com
2013-12-25 18:02 - 2013-12-25 18:02 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2013-12-25 18:02 - 2013-12-25 18:02 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-12-25 18:02 - 2013-12-25 18:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-25 17:58 - 2013-12-25 17:58 - 29185104 _____ (SUPERAntiSpyware) C:\Users\Cosito\Downloads\SUPERAntiSpywarePro.exe
2013-12-25 17:57 - 2013-12-25 17:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-25 17:57 - 2013-12-25 17:45 - 00000000 ____D C:\Users\Cosito\Documents\mbar
2013-12-25 17:45 - 2013-12-25 17:45 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-25 17:45 - 2013-12-25 17:44 - 12582688 _____ (Malwarebytes Corp.) C:\Users\Cosito\Downloads\mbar-1.07.0.1008.exe
2013-12-25 16:28 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2013-12-25 16:16 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-25 15:34 - 2013-12-25 16:01 - 03106744 _____ C:\Users\Cosito\Documents\report.html
2013-12-25 14:15 - 2013-12-25 14:15 - 00000017 _____ C:\Users\Cosito\AppData\Local\resmon.resmoncfg
2013-12-25 13:46 - 2013-12-25 13:46 - 00000000 ____D C:\Users\Cosito\AppData\Local\Apps\2.0
2013-12-25 13:19 - 2013-12-25 13:12 - 00000000 ____D C:\Users\Cosito\AppData\Local\Windows Live
2013-12-25 13:13 - 2013-12-25 13:13 - 00000000 ____D C:\Windows\PCHEALTH
2013-12-25 13:13 - 2013-12-25 13:13 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-12-25 13:12 - 2013-12-25 13:12 - 31037288 _____ (Microsoft Corporation) C:\Users\Cosito\Downloads\wlsetup-idcrl.exe
2013-12-25 13:02 - 2013-12-25 13:02 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-12-25 13:02 - 2013-10-06 20:52 - 00000000 ____D C:\ProgramData\Adobe
2013-12-25 13:02 - 2013-10-06 20:52 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-12-25 13:01 - 2013-10-06 20:56 - 00000000 ____D C:\Users\Cosito\AppData\Local\Adobe
2013-12-25 12:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\Msdtc
2013-12-25 12:24 - 2013-12-25 12:24 - 00000020 ___SH C:\Users\Classic .NET AppPool\ntuser.ini
2013-12-25 12:24 - 2013-12-25 12:24 - 00000000 ____D C:\Users\Classic .NET AppPool
2013-12-25 12:23 - 2013-12-25 12:23 - 00000000 ____D C:\Windows\system32\msmq
2013-12-25 12:23 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-25 10:36 - 2013-12-25 10:36 - 00000000 ____D C:\Windows\SysWOW64\BestPractices
2013-12-25 10:36 - 2013-12-25 10:36 - 00000000 ____D C:\Windows\system32\BestPractices
2013-12-25 10:36 - 2013-12-25 10:36 - 00000000 ____D C:\inetpub
2013-12-25 10:36 - 2010-11-21 01:06 - 00000000 ____D C:\Windows\system32\0409
2013-12-25 10:17 - 2013-10-06 20:50 - 00000000 ____D C:\Program Files (x86)\ASRock Utility
2013-12-25 10:06 - 2013-12-25 10:06 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-25 10:06 - 2013-12-25 10:06 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\Malwarebytes
2013-12-25 10:06 - 2013-12-25 10:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-25 10:06 - 2013-12-25 10:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-25 10:05 - 2013-12-25 10:05 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Cosito\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-25 07:50 - 2013-12-25 07:50 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Cosito\Downloads\tdsskiller.exe
2013-12-25 07:02 - 2013-12-25 07:02 - 01528184 _____ (Microsoft Corporation) C:\Users\Cosito\Downloads\GenuineCheck.exe
2013-12-25 07:02 - 2013-12-25 07:02 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage
2013-12-25 06:40 - 2013-12-25 06:40 - 00000000 ____D C:\Users\Cosito\Documents\CheckSURLog
2013-12-25 06:30 - 2013-12-25 06:30 - 00257024 _____ (Intel® Corporation) C:\Users\Cosito\Downloads\ChipUtil.exe
2013-12-25 05:00 - 2013-10-06 20:52 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\Adobe
2013-12-25 04:57 - 2013-12-25 04:57 - 03187624 _____ C:\Users\Cosito\Downloads\Snort_2_9_5_6_Installer.exe
2013-12-25 04:50 - 2013-12-25 04:50 - 00003591 _____ C:\Users\Cosito\Downloads\release_notes_2.9.5.6.txt
2013-12-25 04:40 - 2013-12-25 04:40 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\Cosito\Downloads\WinPcap_4_1_3.exe
2013-12-25 04:40 - 2013-12-25 04:40 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-12-25 01:39 - 2013-12-25 01:37 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2013-12-25 01:38 - 2013-12-25 01:38 - 00001807 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2013-12-25 01:38 - 2013-12-25 01:38 - 00001780 _____ C:\Users\Public\Desktop\Apps.lnk
2013-12-25 01:38 - 2013-12-25 01:38 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2013-12-25 01:38 - 2013-12-25 01:37 - 00000000 ____D C:\ProgramData\BlueStacks
2013-12-25 01:37 - 2013-12-25 01:37 - 10245808 _____ (BlueStack Systems Inc.) C:\Users\Cosito\Downloads\BlueStacks-SplitInstaller_native.exe
2013-12-24 08:35 - 2013-10-06 21:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 11:59 - 2013-11-15 14:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 13:07 - 2013-10-26 02:37 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2013-12-16 20:20 - 2013-10-28 16:48 - 00000003 _____ C:\Windows\system32\HRUPPROG.TXT
2013-12-15 21:58 - 2013-10-08 21:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-15 21:58 - 2013-10-08 21:07 - 00000000 ____D C:\ProgramData\Skype
2013-12-14 01:43 - 2013-10-06 23:05 - 00000000 ____D C:\Windows\system32\MRT
2013-12-14 01:42 - 2013-10-06 23:05 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-13 21:12 - 2013-12-13 21:12 - 00004305 _____ C:\Users\Cosito\Desktop\higan - Shortcut.lnk
2013-12-13 21:04 - 2013-12-13 21:04 - 00000000 ____D C:\Users\Cosito\Emulation
2013-12-13 21:03 - 2013-12-13 21:01 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\ananke
2013-12-13 21:01 - 2013-12-13 21:01 - 00000000 ____D C:\Users\Cosito\Documents\Ogre Battle - The March of the Black Queen
2013-12-13 20:59 - 2013-12-13 20:59 - 00000000 ____D C:\Users\Cosito\AppData\Roaming\higan
2013-12-13 20:58 - 2013-12-13 20:58 - 00000000 ____D C:\Users\Cosito\Documents\higan_v093r09
2013-12-13 20:57 - 2013-12-13 20:57 - 00000000 ____D C:\Users\Cosito\AppData\Local\WinZip
2013-12-13 20:57 - 2013-12-13 20:57 - 00000000 ____D C:\ProgramData\WinZip
2013-12-13 20:57 - 2013-12-13 20:57 - 00000000 ____D C:\Program Files\WinZip
2013-12-13 20:57 - 2013-12-13 20:57 - 00000000 ____D C:\Program Files\File Association Helper
2013-12-13 20:55 - 2013-12-13 20:55 - 01632199 _____ C:\Users\Cosito\Downloads\higan_v093r09.7z
2013-12-13 20:55 - 2013-12-13 20:55 - 00420776 _____ (WinZip Computing) C:\Users\Cosito\Downloads\WinZip180.exe
2013-12-13 12:14 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 21:27 - 2013-11-28 07:26 - 00000000 ____D C:\Users\Cosito\Documents\Aimersoft DVD Creator
2013-12-11 13:09 - 2013-10-06 23:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 13:09 - 2013-10-06 23:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 13:09 - 2013-10-06 23:04 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-09 14:21

==================== End Of Log ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2014 01
Ran by Cosito at 2014-01-09 15:13:51
Running from C:\Users\Cosito\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)
Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (x32 Version: 2.0.0.0 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Advanced Fix 2013 version 2.1.3.80 (x32 Version: 2.1.3.80 - Advanced Fix, Inc.)
Aimersoft DVD Creator(Build 2.6.5) (x32 Version:  - Wondershare)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 12.3.103.20209 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80830.1925 - Advanced Micro Devices, Inc.) Hidden
ArgusMonitor (x32 Version:  - )
ASRock eXtreme Tuner v0.1.98 (x32 Version:  - )
Battle.net (x32 Version:  - Blizzard Entertainment)
BlueStacks App Player (x32 Version: 0.8.4.3036 - BlueStack Systems, Inc.)
BlueStacks Notification Center (x32 Version: 0.8.4.3036 - BlueStack Systems, Inc.)
Broadcom Gigabit NetLink Controller (Version: 14.6.1.3 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.09 - Piriform)
Combined Community Codec Pack 2013-11-27 (x32 Version: 2013.11.27.0 - CCCP Project)
Core Temp 1.0 RC5 (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.67 (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
File Association Helper (Version: 1.1.6.53763 - WinZip Computing International, LLC)
Hearthstone (x32 Version:  - Blizzard Entertainment)
HydraVision (x32 Version: 4.2.230.0 - Advanced Micro Devices, Inc.) Hidden
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 9.17.10.3347 - Intel Corporation)
League of Legends (x32 Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
marvell 91xx driver (x32 Version: 1.2.0.1003 - Marvell)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft Corporation (x32 Version: 9.1.0.0 - Microsoft Corporation) Hidden
Microsoft LifeCam (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Pando Media Booster (x32 Version: 2.6.0.7 - Pando Networks Inc.)
PlanetSide 2 (HKCU Version: 1.0.3.183 - Sony Online Entertainment)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
Registry Repair 4.1.0.388 (x32 Version: 4.1.0.388 - Glarysoft Ltd)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SUPERAntiSpyware (Version: 5.7.1016 - SUPERAntiSpyware.com)
Tweaking.com - Windows Repair (All in One) (x32 Version: 2.1.0 - Tweaking.com)
VIRTU 1.2.103 (Version: 1.2.103 - Lucidlogix Technologies LTD)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (x32 Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinZip 18.0 (Version: 18.0.10661 - WinZip Computing, S.L. )

==================== Restore Points  =========================

28-12-2013 21:18:06 Removed Steam
28-12-2013 21:20:19 Removed Hi-Rez Studios Games
30-12-2013 01:00:04 Windows Backup
30-12-2013 04:54:37 Windows Update
02-01-2014 18:59:10 Windows Update
05-01-2014 23:21:13 Windows Update
06-01-2014 01:00:09 Windows Backup

==================== Hosts content: ==========================

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {10D03EB5-F3F7-42E8-850A-72FEBABB4849} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3569513141-209722709-4170732153-1000
Task: {3E917C2C-1BD9-4697-9D10-45B792AA9AED} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9E729B8A-17CC-44EB-98D3-E85528966F6E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {AC89E187-449C-474F-8AD3-C276DB29FACE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {DA2F4E75-3BC2-4035-BC78-E235A5551DE3} - System32\Tasks\{CA31B79D-5568-49ED-ACC1-8938354A3028} => Firefox.exe http://ui.skype.com/ui/0/6.9.0.106/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {EC4993EF-CA7D-4DE3-BA5C-5E20051BF156} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-06 20:43 - 2011-04-14 20:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-15 14:02 - 2013-12-20 11:59 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2014 11:20:33 AM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/05/2014 04:34:15 AM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/04/2014 02:27:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_9_900_170.exe, version: 11.9.900.170, time stamp: 0x529b79bf
Faulting module name: FlashPlayerPlugin_11_9_900_170.exe, version: 11.9.900.170, time stamp: 0x529b79bf
Exception code: 0x40000015
Fault offset: 0x00017b60
Faulting process id: 0x25f8
Faulting application start time: 0xFlashPlayerPlugin_11_9_900_170.exe0
Faulting application path: FlashPlayerPlugin_11_9_900_170.exe1
Faulting module path: FlashPlayerPlugin_11_9_900_170.exe2
Report Id: FlashPlayerPlugin_11_9_900_170.exe3

Error: (12/31/2013 08:06:37 PM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/30/2013 05:56:30 PM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/27/2013 08:14:00 PM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/26/2013 11:00:42 AM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/26/2013 04:07:01 AM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/26/2013 04:03:12 AM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/26/2013 03:45:29 AM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (01/09/2014 11:23:37 AM) (Source: Service Control Manager) (User: )
Description: The SecureUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/09/2014 11:20:33 AM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Android Service service terminated with the following error:
%%1064

Error: (01/09/2014 11:20:32 AM) (Source: SNMP) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (01/09/2014 00:09:18 AM) (Source: DCOM) (User: MyPC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}MyPCCositoS-1-5-21-3569513141-209722709-4170732153-1000LocalHost (Using LRPC)

Error: (01/08/2014 06:38:48 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (01/08/2014 06:38:48 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (01/08/2014 06:17:06 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (01/08/2014 06:17:05 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (01/08/2014 02:09:55 PM) (Source: DCOM) (User: MyPC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}MyPCCositoS-1-5-21-3569513141-209722709-4170732153-1000LocalHost (Using LRPC)

Error: (01/07/2014 11:50:53 PM) (Source: DCOM) (User: MyPC)
Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}MyPCCositoS-1-5-21-3569513141-209722709-4170732153-1000LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================
Error: (01/09/2014 11:20:33 AM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/05/2014 04:34:15 AM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/04/2014 02:27:50 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_9_900_170.exe11.9.900.170529b79bfFlashPlayerPlugin_11_9_900_170.exe11.9.900.170529b79bf4000001500017b6025f801cf098b437403abC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exeadc4e24a-757e-11e3-898f-bc5ff420aa6d

Error: (12/31/2013 08:06:37 PM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/30/2013 05:56:30 PM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/27/2013 08:14:00 PM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/26/2013 11:00:42 AM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/26/2013 04:07:01 AM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/26/2013 04:03:12 AM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (12/26/2013 03:45:29 AM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


CodeIntegrity Errors:
===================================
  Date: 2013-12-25 06:30:46.364
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Cosito\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-25 06:30:46.334
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Cosito\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-25 06:30:21.414
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Cosito\Downloads\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-25 06:30:21.394
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Cosito\Downloads\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-25 06:30:21.064
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Cosito\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-12-25 06:30:21.044
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Cosito\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 8104.58 MB
Available physical RAM: 6596.75 MB
Total Pagefile: 16207.34 MB
Available Pagefile: 13710.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:719.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2BAB359D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 


Edited by DjChumpchange, 09 January 2014 - 04:15 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:02 PM

Posted 09 January 2014 - 06:05 PM

Welcome,

Can you tell me what you mean by this?
 

i have formatted twice to no avail,

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 DjChumpchange

DjChumpchange
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 10 January 2014 - 01:07 PM

I reinstalled windows twice after the problems kept persisting but formatting did not remove the virus. Furthermore on both occasions of formatting, upon reinstallation of windows I was not prompted to enter the serial number of my windows 7.


Edited by DjChumpchange, 10 January 2014 - 01:08 PM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:02 PM

Posted 10 January 2014 - 01:14 PM

Did you actually reformat the hard drive or simply reinstall Windows over the existing Windows?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 DjChumpchange

DjChumpchange
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 10 January 2014 - 01:35 PM

Pretty sure I reformatted the second time, first time I'm not so sure. I know I was surprised that I wasn't prompted to use the serial number the second time/


Edited by DjChumpchange, 10 January 2014 - 01:36 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:02 PM

Posted 10 January 2014 - 02:05 PM

Greetings,

Thanks for the information. Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

BlueStacks App Player
BlueStacks Notification Center

  • Reboot your computer
===================================================

Run TDSSKiller by Kaspersky on Vista/7

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".


===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 DjChumpchange

DjChumpchange
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 10 January 2014 - 02:34 PM

13:16:13.0482 0x1500  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
13:16:17.0414 0x1500  ============================================================
13:16:17.0414 0x1500  Current date / time: 2014/01/10 13:16:17.0414
13:16:17.0414 0x1500  SystemInfo:
13:16:17.0414 0x1500  
13:16:17.0414 0x1500  OS Version: 6.1.7601 ServicePack: 1.0
13:16:17.0414 0x1500  Product type: Workstation
13:16:17.0414 0x1500  ComputerName: MYPC
13:16:17.0415 0x1500  UserName: Cosito
13:16:17.0415 0x1500  Windows directory: C:\Windows
13:16:17.0415 0x1500  System windows directory: C:\Windows
13:16:17.0415 0x1500  Running under WOW64
13:16:17.0415 0x1500  Processor architecture: Intel x64
13:16:17.0415 0x1500  Number of processors: 4
13:16:17.0415 0x1500  Page size: 0x1000
13:16:17.0415 0x1500  Boot type: Normal boot
13:16:17.0415 0x1500  ============================================================
13:16:19.0100 0x1500  KLMD registered as C:\Windows\system32\drivers\78516551.sys
13:16:19.0250 0x1500  System UUID: {CC6AAA48-A24C-F1E9-EA90-3F552586CECF}
13:16:19.0856 0x1500  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:16:19.0867 0x1500  ============================================================
13:16:19.0867 0x1500  \Device\Harddisk0\DR0:
13:16:19.0867 0x1500  MBR partitions:
13:16:19.0867 0x1500  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:16:19.0867 0x1500  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
13:16:19.0867 0x1500  ============================================================
13:16:19.0913 0x1500  C: <-> \Device\Harddisk0\DR0\Partition2
13:16:19.0913 0x1500  ============================================================
13:16:19.0913 0x1500  Initialize success
13:16:19.0913 0x1500  ============================================================
13:16:42.0207 0x06d8  ============================================================
13:16:42.0207 0x06d8  Scan started
13:16:42.0207 0x06d8  Mode: Manual;
13:16:42.0207 0x06d8  ============================================================
13:16:42.0207 0x06d8  KSN ping started
13:16:57.0074 0x06d8  KSN ping finished: true
13:16:57.0479 0x06d8  ================ Scan system memory ========================
13:16:57.0479 0x06d8  System memory - ok
13:16:57.0479 0x06d8  ================ Scan services =============================
13:16:57.0557 0x06d8  [ 620C92D6EEFA9853A3EAD41B5EB9B5FD, 72DD7297179AC6629B816DD9656D5EC3F02BE677EA01A05A5EB808180F0D775F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
13:16:57.0557 0x06d8  !SASCORE - ok
13:16:57.0651 0x06d8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
13:16:57.0651 0x06d8  1394ohci - ok
13:16:57.0667 0x06d8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:16:57.0667 0x06d8  ACPI - ok
13:16:57.0698 0x06d8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:16:57.0698 0x06d8  AcpiPmi - ok
13:16:57.0760 0x06d8  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:16:57.0760 0x06d8  AdobeARMservice - ok
13:16:57.0823 0x06d8  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:16:57.0823 0x06d8  AdobeFlashPlayerUpdateSvc - ok
13:16:57.0838 0x06d8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:16:57.0854 0x06d8  adp94xx - ok
13:16:57.0885 0x06d8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:16:57.0885 0x06d8  adpahci - ok
13:16:57.0901 0x06d8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:16:57.0901 0x06d8  adpu320 - ok
13:16:57.0932 0x06d8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:16:57.0932 0x06d8  AeLookupSvc - ok
13:16:57.0979 0x06d8  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
13:16:57.0994 0x06d8  AFD - ok
13:16:57.0994 0x06d8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:16:58.0010 0x06d8  agp440 - ok
13:16:58.0025 0x06d8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:16:58.0025 0x06d8  ALG - ok
13:16:58.0041 0x06d8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:16:58.0041 0x06d8  aliide - ok
13:16:58.0119 0x06d8  ALSysIO - ok
13:16:58.0135 0x06d8  [ 13AE8D986A8D61FBAFAF5CD3F8B3B89C, 2FE02A9E974EAC0D7E7E4E454A56EAA2CFE9B6E78CA97716F5BB725AAF5E5594 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:16:58.0135 0x06d8  AMD External Events Utility - ok
13:16:58.0150 0x06d8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:16:58.0150 0x06d8  amdide - ok
13:16:58.0166 0x06d8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:16:58.0166 0x06d8  AmdK8 - ok
13:16:58.0415 0x06d8  [ 1BF58E56CA271FEF678DC3A9996FAB0A, E4D93759E5D1022AF2A85DEDED79A1EAAE40403F671DE0307BB7F060813EE88D ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:16:58.0681 0x06d8  amdkmdag - ok
13:16:58.0743 0x06d8  [ 4DD3339D3818356145A4945C1B4CB4C5, 46DA51ACC72CEFAA7F5C8B9626FC6BA916D139BBC1D6B0C7B7E24822D5B4A02F ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:16:58.0759 0x06d8  amdkmdap - ok
13:16:58.0774 0x06d8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:16:58.0774 0x06d8  AmdPPM - ok
13:16:58.0790 0x06d8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:16:58.0790 0x06d8  amdsata - ok
13:16:58.0805 0x06d8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:16:58.0805 0x06d8  amdsbs - ok
13:16:58.0821 0x06d8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:16:58.0821 0x06d8  amdxata - ok
13:16:58.0883 0x06d8  [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
13:16:58.0899 0x06d8  AppHostSvc - ok
13:16:58.0915 0x06d8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
13:16:58.0915 0x06d8  AppID - ok
13:16:58.0930 0x06d8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:16:58.0930 0x06d8  AppIDSvc - ok
13:16:58.0961 0x06d8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
13:16:58.0977 0x06d8  Appinfo - ok
13:16:58.0977 0x06d8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
13:16:58.0977 0x06d8  arc - ok
13:16:58.0977 0x06d8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:16:58.0977 0x06d8  arcsas - ok
13:16:59.0024 0x06d8  [ E2A4F5A77601F3F67EAEC60867B44A26, 4048491B26C946037FE9178C9377E2F39BC3FA1BD41E6978DAB09562BFA5C40D ] ArgusMonitor    C:\Windows\syswow64\drivers\ArgusMonitor.sys
13:16:59.0039 0x06d8  ArgusMonitor - ok
13:16:59.0086 0x06d8  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:16:59.0102 0x06d8  aspnet_state - ok
13:16:59.0117 0x06d8  AsrCDDrv - ok
13:16:59.0149 0x06d8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:16:59.0149 0x06d8  AsyncMac - ok
13:16:59.0149 0x06d8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:16:59.0149 0x06d8  atapi - ok
13:16:59.0164 0x06d8  [ 37CB595C0AB20ECBFA5170D3185690DB, 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:16:59.0164 0x06d8  AtiHDAudioService - ok
13:16:59.0195 0x06d8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:16:59.0211 0x06d8  AudioEndpointBuilder - ok
13:16:59.0227 0x06d8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:16:59.0242 0x06d8  AudioSrv - ok
13:16:59.0305 0x06d8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:16:59.0305 0x06d8  AxInstSV - ok
13:16:59.0320 0x06d8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:16:59.0320 0x06d8  b06bdrv - ok
13:16:59.0351 0x06d8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:16:59.0367 0x06d8  b57nd60a - ok
13:16:59.0398 0x06d8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:16:59.0398 0x06d8  BDESVC - ok
13:16:59.0445 0x06d8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:16:59.0445 0x06d8  Beep - ok
13:16:59.0523 0x06d8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:16:59.0539 0x06d8  BFE - ok
13:16:59.0585 0x06d8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
13:16:59.0601 0x06d8  BITS - ok
13:16:59.0617 0x06d8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:16:59.0632 0x06d8  blbdrive - ok
13:16:59.0679 0x06d8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:16:59.0679 0x06d8  bowser - ok
13:16:59.0695 0x06d8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:16:59.0695 0x06d8  BrFiltLo - ok
13:16:59.0710 0x06d8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:16:59.0710 0x06d8  BrFiltUp - ok
13:16:59.0726 0x06d8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:16:59.0726 0x06d8  Browser - ok
13:16:59.0741 0x06d8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:16:59.0757 0x06d8  Brserid - ok
13:16:59.0773 0x06d8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:16:59.0773 0x06d8  BrSerWdm - ok
13:16:59.0773 0x06d8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:16:59.0773 0x06d8  BrUsbMdm - ok
13:16:59.0788 0x06d8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:16:59.0788 0x06d8  BrUsbSer - ok
13:16:59.0804 0x06d8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:16:59.0804 0x06d8  BTHMODEM - ok
13:16:59.0835 0x06d8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:16:59.0835 0x06d8  bthserv - ok
13:16:59.0851 0x06d8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:16:59.0866 0x06d8  cdfs - ok
13:16:59.0882 0x06d8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:16:59.0882 0x06d8  cdrom - ok
13:16:59.0913 0x06d8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:16:59.0913 0x06d8  CertPropSvc - ok
13:16:59.0929 0x06d8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:16:59.0929 0x06d8  circlass - ok
13:16:59.0944 0x06d8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
13:16:59.0960 0x06d8  CLFS - ok
13:17:00.0022 0x06d8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:17:00.0022 0x06d8  clr_optimization_v2.0.50727_32 - ok
13:17:00.0053 0x06d8  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:17:00.0053 0x06d8  clr_optimization_v2.0.50727_64 - ok
13:17:00.0116 0x06d8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:17:00.0147 0x06d8  clr_optimization_v4.0.30319_32 - ok
13:17:00.0163 0x06d8  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:17:00.0194 0x06d8  clr_optimization_v4.0.30319_64 - ok
13:17:00.0194 0x06d8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
13:17:00.0194 0x06d8  CmBatt - ok
13:17:00.0209 0x06d8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:17:00.0225 0x06d8  cmdide - ok
13:17:00.0272 0x06d8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
13:17:00.0287 0x06d8  CNG - ok
13:17:00.0303 0x06d8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:17:00.0303 0x06d8  Compbatt - ok
13:17:00.0319 0x06d8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
13:17:00.0319 0x06d8  CompositeBus - ok
13:17:00.0334 0x06d8  COMSysApp - ok
13:17:00.0365 0x06d8  [ 08F934092E0429BADF88E9F91DB0F61E, 6E9091C006FFFF261DC61C8E9A45219E47C351296E5355FC4B7242F30E1DDFE3 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:17:00.0365 0x06d8  cphs - ok
13:17:00.0381 0x06d8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:17:00.0381 0x06d8  crcdisk - ok
13:17:00.0412 0x06d8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:17:00.0428 0x06d8  CryptSvc - ok
13:17:00.0459 0x06d8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:17:00.0475 0x06d8  DcomLaunch - ok
13:17:00.0521 0x06d8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:17:00.0521 0x06d8  defragsvc - ok
13:17:00.0537 0x06d8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:17:00.0553 0x06d8  DfsC - ok
13:17:00.0568 0x06d8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:17:00.0584 0x06d8  Dhcp - ok
13:17:00.0584 0x06d8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:17:00.0584 0x06d8  discache - ok
13:17:00.0599 0x06d8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
13:17:00.0599 0x06d8  Disk - ok
13:17:00.0631 0x06d8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:17:00.0631 0x06d8  Dnscache - ok
13:17:00.0646 0x06d8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:17:00.0646 0x06d8  dot3svc - ok
13:17:00.0677 0x06d8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:17:00.0677 0x06d8  DPS - ok
13:17:00.0709 0x06d8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:17:00.0709 0x06d8  drmkaud - ok
13:17:00.0740 0x06d8  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:17:00.0755 0x06d8  DXGKrnl - ok
13:17:00.0787 0x06d8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:17:00.0787 0x06d8  EapHost - ok
13:17:00.0849 0x06d8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:17:00.0927 0x06d8  ebdrv - ok
13:17:00.0943 0x06d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
13:17:00.0958 0x06d8  EFS - ok
13:17:01.0052 0x06d8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:17:01.0067 0x06d8  ehRecvr - ok
13:17:01.0067 0x06d8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
13:17:01.0083 0x06d8  ehSched - ok
13:17:01.0114 0x06d8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:17:01.0130 0x06d8  elxstor - ok
13:17:01.0130 0x06d8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:17:01.0130 0x06d8  ErrDev - ok
13:17:01.0177 0x06d8  [ DF2F6C1E55F6E81CFC7F688380D85816, D9085466AA9D98AA01CD8ADEBD798CB326D4FD53A07BD199C3E6E500B4619355 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
13:17:01.0177 0x06d8  EtronHub3 - ok
13:17:01.0177 0x06d8  [ E093ABFB67A4B9D94F80611A7D0A8BB9, A23D58767F58CBDFAA4AD25779BBBC4FAD51CBD8FEB9C89284635631E4F084A6 ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
13:17:01.0192 0x06d8  EtronXHCI - ok
13:17:01.0208 0x06d8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:17:01.0208 0x06d8  EventSystem - ok
13:17:01.0239 0x06d8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:17:01.0239 0x06d8  exfat - ok
13:17:01.0270 0x06d8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:17:01.0270 0x06d8  fastfat - ok
13:17:01.0317 0x06d8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:17:01.0333 0x06d8  Fax - ok
13:17:01.0348 0x06d8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:17:01.0348 0x06d8  fdc - ok
13:17:01.0348 0x06d8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:17:01.0364 0x06d8  fdPHost - ok
13:17:01.0364 0x06d8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:17:01.0364 0x06d8  FDResPub - ok
13:17:01.0379 0x06d8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:17:01.0379 0x06d8  FileInfo - ok
13:17:01.0395 0x06d8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:17:01.0395 0x06d8  Filetrace - ok
13:17:01.0411 0x06d8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:17:01.0411 0x06d8  flpydisk - ok
13:17:01.0426 0x06d8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:17:01.0426 0x06d8  FltMgr - ok
13:17:01.0473 0x06d8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
13:17:01.0489 0x06d8  FontCache - ok
13:17:01.0535 0x06d8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:17:01.0535 0x06d8  FontCache3.0.0.0 - ok
13:17:01.0551 0x06d8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:17:01.0551 0x06d8  FsDepends - ok
13:17:01.0567 0x06d8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:17:01.0567 0x06d8  Fs_Rec - ok
13:17:01.0613 0x06d8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:17:01.0613 0x06d8  fvevol - ok
13:17:01.0629 0x06d8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:17:01.0629 0x06d8  gagp30kx - ok
13:17:01.0660 0x06d8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:17:01.0676 0x06d8  gpsvc - ok
13:17:01.0676 0x06d8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:17:01.0691 0x06d8  hcw85cir - ok
13:17:01.0723 0x06d8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:17:01.0723 0x06d8  HdAudAddService - ok
13:17:01.0738 0x06d8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:17:01.0754 0x06d8  HDAudBus - ok
13:17:01.0754 0x06d8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:17:01.0754 0x06d8  HidBatt - ok
13:17:01.0769 0x06d8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:17:01.0769 0x06d8  HidBth - ok
13:17:01.0801 0x06d8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:17:01.0801 0x06d8  HidIr - ok
13:17:01.0816 0x06d8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
13:17:01.0816 0x06d8  hidserv - ok
13:17:01.0847 0x06d8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:17:01.0863 0x06d8  HidUsb - ok
13:17:01.0894 0x06d8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:17:01.0894 0x06d8  hkmsvc - ok
13:17:01.0925 0x06d8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:17:01.0925 0x06d8  HomeGroupListener - ok
13:17:01.0957 0x06d8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:17:01.0957 0x06d8  HomeGroupProvider - ok
13:17:01.0972 0x06d8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:17:01.0972 0x06d8  HpSAMD - ok
13:17:02.0003 0x06d8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:17:02.0019 0x06d8  HTTP - ok
13:17:02.0035 0x06d8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:17:02.0035 0x06d8  hwpolicy - ok
13:17:02.0050 0x06d8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:17:02.0050 0x06d8  i8042prt - ok
13:17:02.0081 0x06d8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:17:02.0081 0x06d8  iaStorV - ok
13:17:02.0128 0x06d8  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:17:02.0144 0x06d8  idsvc - ok
13:17:02.0159 0x06d8  IEEtwCollectorService - ok
13:17:02.0269 0x06d8  [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:17:02.0409 0x06d8  igfx - ok
13:17:02.0425 0x06d8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:17:02.0425 0x06d8  iirsp - ok
13:17:02.0487 0x06d8  [ AB55B8A9B13130F638546881CE4425F8, 8427E67BE02ECABAA3F0C48BD4205BCBD4C978B48AE4E7336DA5821DFC49029E ] IISADMIN        C:\Windows\system32\inetsrv\inetinfo.exe
13:17:02.0487 0x06d8  IISADMIN - ok
13:17:02.0518 0x06d8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:17:02.0534 0x06d8  IKEEXT - ok
13:17:02.0627 0x06d8  [ CCEDD47ABD068C58C8513DEB785093BB, 2B5571688655265037ACB44D2F2E0CD646EC0567D823C32CA09F13A1814C241B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:17:02.0690 0x06d8  IntcAzAudAddService - ok
13:17:02.0705 0x06d8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:17:02.0705 0x06d8  intelide - ok
13:17:02.0721 0x06d8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:17:02.0721 0x06d8  intelppm - ok
13:17:02.0737 0x06d8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:17:02.0737 0x06d8  IPBusEnum - ok
13:17:02.0768 0x06d8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:17:02.0768 0x06d8  IpFilterDriver - ok
13:17:02.0846 0x06d8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:17:02.0861 0x06d8  iphlpsvc - ok
13:17:02.0877 0x06d8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:17:02.0877 0x06d8  IPMIDRV - ok
13:17:02.0893 0x06d8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:17:02.0893 0x06d8  IPNAT - ok
13:17:02.0939 0x06d8  [ 11FE7637A49B67D9B1F895B2AD4D982F, D448DA9083044E0B2627042D9FA5DC65C74A34AB09FF627777634B254260F4FB ] iprip           C:\Windows\System32\iprip.dll
13:17:02.0939 0x06d8  iprip - ok
13:17:02.0955 0x06d8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:17:02.0955 0x06d8  IRENUM - ok
13:17:02.0986 0x06d8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:17:02.0986 0x06d8  isapnp - ok
13:17:03.0002 0x06d8  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:17:03.0002 0x06d8  iScsiPrt - ok
13:17:03.0033 0x06d8  [ 1D7AAB58F4E21697AF8F46EAA81823DD, 551EA1B53224F99EDCFD8A9E754C5313CFF4BCBFFFB8DC54D3F3419527F8152C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
13:17:03.0049 0x06d8  k57nd60a - ok
13:17:03.0064 0x06d8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:17:03.0064 0x06d8  kbdclass - ok
13:17:03.0080 0x06d8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:17:03.0095 0x06d8  kbdhid - ok
13:17:03.0127 0x06d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
13:17:03.0127 0x06d8  KeyIso - ok
13:17:03.0142 0x06d8  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:17:03.0142 0x06d8  KSecDD - ok
13:17:03.0158 0x06d8  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:17:03.0158 0x06d8  KSecPkg - ok
13:17:03.0189 0x06d8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:17:03.0189 0x06d8  ksthunk - ok
13:17:03.0220 0x06d8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:17:03.0220 0x06d8  KtmRm - ok
13:17:03.0251 0x06d8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:17:03.0267 0x06d8  LanmanServer - ok
13:17:03.0298 0x06d8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:17:03.0298 0x06d8  LanmanWorkstation - ok
13:17:03.0314 0x06d8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:17:03.0314 0x06d8  lltdio - ok
13:17:03.0329 0x06d8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:17:03.0329 0x06d8  lltdsvc - ok
13:17:03.0345 0x06d8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:17:03.0361 0x06d8  lmhosts - ok
13:17:03.0439 0x06d8  [ 9AD4BEE2FE76D4CA39AC969B617E94FB, 1DE5FC59CDA5C7D63C9C60B9FC70A09F755196DFA25E8FAC0FBF262C44731CF0 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:17:03.0439 0x06d8  LMS - ok
13:17:03.0454 0x06d8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:17:03.0454 0x06d8  LSI_FC - ok
13:17:03.0470 0x06d8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:17:03.0470 0x06d8  LSI_SAS - ok
13:17:03.0485 0x06d8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:17:03.0485 0x06d8  LSI_SAS2 - ok
13:17:03.0485 0x06d8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:17:03.0485 0x06d8  LSI_SCSI - ok
13:17:03.0501 0x06d8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:17:03.0501 0x06d8  luafv - ok
13:17:03.0532 0x06d8  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:17:03.0548 0x06d8  MBAMProtector - ok
13:17:03.0579 0x06d8  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:17:03.0579 0x06d8  MBAMScheduler - ok
13:17:03.0610 0x06d8  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:17:03.0626 0x06d8  MBAMService - ok
13:17:03.0641 0x06d8  [ 8FF2D95CBA49B405C5DE27039FF0BF35, 03BF7FC7F1C2C76EDB583BA342EA1C325DB8058517744EF2A78529D3938F4DC1 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
13:17:03.0657 0x06d8  MBfilt - ok
13:17:03.0673 0x06d8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:17:03.0688 0x06d8  Mcx2Svc - ok
13:17:03.0688 0x06d8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:17:03.0704 0x06d8  megasas - ok
13:17:03.0719 0x06d8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:17:03.0719 0x06d8  MegaSR - ok
13:17:03.0735 0x06d8  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
13:17:03.0735 0x06d8  MEIx64 - ok
13:17:03.0751 0x06d8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:17:03.0751 0x06d8  MMCSS - ok
13:17:03.0766 0x06d8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:17:03.0766 0x06d8  Modem - ok
13:17:03.0782 0x06d8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:17:03.0782 0x06d8  monitor - ok
13:17:03.0782 0x06d8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:17:03.0782 0x06d8  mouclass - ok
13:17:03.0813 0x06d8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
13:17:03.0813 0x06d8  mouhid - ok
13:17:03.0844 0x06d8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:17:03.0844 0x06d8  mountmgr - ok
13:17:03.0875 0x06d8  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:17:03.0875 0x06d8  MozillaMaintenance - ok
13:17:03.0922 0x06d8  [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
13:17:03.0922 0x06d8  MpFilter - ok
13:17:03.0922 0x06d8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:17:03.0938 0x06d8  mpio - ok
13:17:03.0969 0x06d8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:17:03.0969 0x06d8  mpsdrv - ok
13:17:04.0000 0x06d8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:17:04.0016 0x06d8  MpsSvc - ok
13:17:04.0063 0x06d8  [ CD22D2563039DDA6793F7624719363A7, 82C91467EDCB61B1DD086A1D25925E4D89E43EF6EFAE3C59AFF3D73280119AF6 ] MQAC            C:\Windows\system32\drivers\mqac.sys
13:17:04.0078 0x06d8  MQAC - ok
13:17:04.0094 0x06d8  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:17:04.0094 0x06d8  MRxDAV - ok
13:17:04.0125 0x06d8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:17:04.0125 0x06d8  mrxsmb - ok
13:17:04.0141 0x06d8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:17:04.0141 0x06d8  mrxsmb10 - ok
13:17:04.0156 0x06d8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:17:04.0156 0x06d8  mrxsmb20 - ok
13:17:04.0172 0x06d8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:17:04.0172 0x06d8  msahci - ok
13:17:04.0219 0x06d8  [ A592A054D78750B4D73ABAA4C94DECDF, 40B135C9F9EE698EC78BD19BD18353AE2CF4D020DDB9CFC37CD2FDBF7602614A ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
13:17:04.0234 0x06d8  MSCamSvc - ok
13:17:04.0234 0x06d8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:17:04.0234 0x06d8  msdsm - ok
13:17:04.0250 0x06d8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:17:04.0250 0x06d8  MSDTC - ok
13:17:04.0265 0x06d8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:17:04.0281 0x06d8  Msfs - ok
13:17:04.0297 0x06d8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:17:04.0297 0x06d8  mshidkmdf - ok
13:17:04.0312 0x06d8  [ 55218F924E55FD2786ED40EDF4ED79C3, C6000DE3A1FB526ECB77438A03F7212517CCD5E0CC9DDA07826865F8B980BEA0 ] MSHUSBVideo     C:\Windows\system32\Drivers\nx6000.sys
13:17:04.0312 0x06d8  MSHUSBVideo - ok
13:17:04.0328 0x06d8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:17:04.0328 0x06d8  msisadrv - ok
13:17:04.0359 0x06d8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:17:04.0359 0x06d8  MSiSCSI - ok
13:17:04.0359 0x06d8  msiserver - ok
13:17:04.0390 0x06d8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:17:04.0390 0x06d8  MSKSSRV - ok
13:17:04.0406 0x06d8  [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:17:04.0406 0x06d8  MsMpSvc - ok
13:17:04.0406 0x06d8  [ FAAEAEF99E53561BEEE58F946CA56F0D, 78AC692C4B80616E4C44ED20954B8D2FCE2215056C2ED3522123E5B50A7CE67A ] MSMQ            C:\Windows\system32\mqsvc.exe
13:17:04.0406 0x06d8  MSMQ - ok
13:17:04.0421 0x06d8  [ 59ED174FD4314B0218DC91F9BFA6CD3D, 13B95FA9892D09341CE46FA7EEB01FF9C88AA9DCB8FBF0A73FFAE567AAA4E02A ] MSMQTriggers    C:\Windows\system32\mqtgsvc.exe
13:17:04.0421 0x06d8  MSMQTriggers - ok
13:17:04.0437 0x06d8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:17:04.0437 0x06d8  MSPCLOCK - ok
13:17:04.0437 0x06d8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:17:04.0437 0x06d8  MSPQM - ok
13:17:04.0468 0x06d8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:17:04.0468 0x06d8  MsRPC - ok
13:17:04.0484 0x06d8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:17:04.0484 0x06d8  mssmbios - ok
13:17:04.0484 0x06d8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:17:04.0484 0x06d8  MSTEE - ok
13:17:04.0499 0x06d8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:17:04.0499 0x06d8  MTConfig - ok
13:17:04.0499 0x06d8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:17:04.0515 0x06d8  Mup - ok
13:17:04.0531 0x06d8  [ 4FAD606C7AEB336E5AA4A005DE09CA80, 5BF117B7B369ED13ADEE262B19169FF63356B60C482BF24DC4A0B0741C77B996 ] mv91xx          C:\Windows\system32\drivers\mv91xx.sys
13:17:04.0531 0x06d8  mv91xx - ok
13:17:04.0562 0x06d8  [ 2E6A752E8BB8FF39B5DFCCADD31F6C00, 15E3AEA935AB3A335621DB10C7337BC0865FEF24729063EBCDEC3BFB4F3C25B8 ] mvs91xx         C:\Windows\system32\DRIVERS\mvs91xx.sys
13:17:04.0577 0x06d8  mvs91xx - ok
13:17:04.0609 0x06d8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:17:04.0609 0x06d8  napagent - ok
13:17:04.0640 0x06d8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:17:04.0640 0x06d8  NativeWifiP - ok
13:17:04.0702 0x06d8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:17:04.0718 0x06d8  NDIS - ok
13:17:04.0765 0x06d8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:17:04.0765 0x06d8  NdisCap - ok
13:17:04.0780 0x06d8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:17:04.0780 0x06d8  NdisTapi - ok
13:17:04.0796 0x06d8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:17:04.0796 0x06d8  Ndisuio - ok
13:17:04.0796 0x06d8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:17:04.0796 0x06d8  NdisWan - ok
13:17:04.0811 0x06d8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:17:04.0811 0x06d8  NDProxy - ok
13:17:04.0827 0x06d8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:17:04.0827 0x06d8  NetBIOS - ok
13:17:04.0843 0x06d8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:17:04.0843 0x06d8  NetBT - ok
13:17:04.0874 0x06d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
13:17:04.0874 0x06d8  Netlogon - ok
13:17:04.0874 0x06d8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:17:04.0889 0x06d8  Netman - ok
13:17:04.0936 0x06d8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:17:04.0952 0x06d8  NetMsmqActivator - ok
13:17:04.0967 0x06d8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:17:04.0967 0x06d8  NetPipeActivator - ok
13:17:04.0983 0x06d8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:17:04.0983 0x06d8  netprofm - ok
13:17:05.0014 0x06d8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:17:05.0014 0x06d8  NetTcpActivator - ok
13:17:05.0014 0x06d8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:17:05.0014 0x06d8  NetTcpPortSharing - ok
13:17:05.0030 0x06d8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:17:05.0030 0x06d8  nfrd960 - ok
13:17:05.0045 0x06d8  [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:17:05.0061 0x06d8  NisDrv - ok
13:17:05.0077 0x06d8  [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
13:17:05.0077 0x06d8  NisSrv - ok
13:17:05.0108 0x06d8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:17:05.0123 0x06d8  NlaSvc - ok
13:17:05.0139 0x06d8  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF             C:\Windows\system32\drivers\npf.sys
13:17:05.0139 0x06d8  NPF - ok
13:17:05.0155 0x06d8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:17:05.0155 0x06d8  Npfs - ok
13:17:05.0170 0x06d8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:17:05.0170 0x06d8  nsi - ok
13:17:05.0186 0x06d8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:17:05.0186 0x06d8  nsiproxy - ok
13:17:05.0233 0x06d8  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:17:05.0264 0x06d8  Ntfs - ok
13:17:05.0295 0x06d8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:17:05.0295 0x06d8  Null - ok
13:17:05.0311 0x06d8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:17:05.0311 0x06d8  nvraid - ok
13:17:05.0326 0x06d8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:17:05.0326 0x06d8  nvstor - ok
13:17:05.0342 0x06d8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:17:05.0342 0x06d8  nv_agp - ok
13:17:05.0357 0x06d8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:17:05.0357 0x06d8  ohci1394 - ok
13:17:05.0389 0x06d8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:17:05.0404 0x06d8  p2pimsvc - ok
13:17:05.0420 0x06d8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:17:05.0435 0x06d8  p2psvc - ok
13:17:05.0435 0x06d8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
13:17:05.0451 0x06d8  Parport - ok
13:17:05.0467 0x06d8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:17:05.0467 0x06d8  partmgr - ok
13:17:05.0482 0x06d8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:17:05.0482 0x06d8  PcaSvc - ok
13:17:05.0498 0x06d8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:17:05.0498 0x06d8  pci - ok
13:17:05.0498 0x06d8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:17:05.0498 0x06d8  pciide - ok
13:17:05.0529 0x06d8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:17:05.0529 0x06d8  pcmcia - ok
13:17:05.0545 0x06d8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:17:05.0545 0x06d8  pcw - ok
13:17:05.0560 0x06d8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:17:05.0576 0x06d8  PEAUTH - ok
13:17:05.0638 0x06d8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:17:05.0654 0x06d8  PerfHost - ok
13:17:05.0685 0x06d8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:17:05.0732 0x06d8  pla - ok
13:17:05.0763 0x06d8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:17:05.0779 0x06d8  PlugPlay - ok
13:17:05.0779 0x06d8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:17:05.0779 0x06d8  PNRPAutoReg - ok
13:17:05.0794 0x06d8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:17:05.0794 0x06d8  PNRPsvc - ok
13:17:05.0810 0x06d8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:17:05.0825 0x06d8  PolicyAgent - ok
13:17:05.0857 0x06d8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
13:17:05.0872 0x06d8  Power - ok
13:17:05.0872 0x06d8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:17:05.0872 0x06d8  PptpMiniport - ok
13:17:05.0888 0x06d8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
13:17:05.0888 0x06d8  Processor - ok
13:17:05.0919 0x06d8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:17:05.0919 0x06d8  ProfSvc - ok
13:17:05.0935 0x06d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:17:05.0935 0x06d8  ProtectedStorage - ok
13:17:05.0966 0x06d8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:17:05.0966 0x06d8  Psched - ok
13:17:06.0013 0x06d8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:17:06.0044 0x06d8  ql2300 - ok
13:17:06.0075 0x06d8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:17:06.0075 0x06d8  ql40xx - ok
13:17:06.0091 0x06d8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:17:06.0091 0x06d8  QWAVE - ok
13:17:06.0091 0x06d8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:17:06.0091 0x06d8  QWAVEdrv - ok
13:17:06.0106 0x06d8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:17:06.0106 0x06d8  RasAcd - ok
13:17:06.0153 0x06d8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:17:06.0153 0x06d8  RasAgileVpn - ok
13:17:06.0153 0x06d8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:17:06.0153 0x06d8  RasAuto - ok
13:17:06.0169 0x06d8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:17:06.0169 0x06d8  Rasl2tp - ok
13:17:06.0184 0x06d8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:17:06.0184 0x06d8  RasMan - ok
13:17:06.0215 0x06d8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:17:06.0215 0x06d8  RasPppoe - ok
13:17:06.0231 0x06d8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:17:06.0231 0x06d8  RasSstp - ok
13:17:06.0247 0x06d8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:17:06.0247 0x06d8  rdbss - ok
13:17:06.0262 0x06d8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
13:17:06.0262 0x06d8  rdpbus - ok
13:17:06.0309 0x06d8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:17:06.0309 0x06d8  RDPCDD - ok
13:17:06.0340 0x06d8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:17:06.0340 0x06d8  RDPENCDD - ok
13:17:06.0356 0x06d8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:17:06.0356 0x06d8  RDPREFMP - ok
13:17:06.0387 0x06d8  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:17:06.0387 0x06d8  RdpVideoMiniport - ok
13:17:06.0403 0x06d8  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:17:06.0403 0x06d8  RDPWD - ok
13:17:06.0418 0x06d8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:17:06.0418 0x06d8  rdyboost - ok
13:17:06.0418 0x06d8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:17:06.0434 0x06d8  RemoteAccess - ok
13:17:06.0434 0x06d8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:17:06.0449 0x06d8  RemoteRegistry - ok
13:17:06.0465 0x06d8  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
13:17:06.0465 0x06d8  rpcapd - ok
13:17:06.0481 0x06d8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:17:06.0481 0x06d8  RpcEptMapper - ok
13:17:06.0496 0x06d8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:17:06.0496 0x06d8  RpcLocator - ok
13:17:06.0512 0x06d8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
13:17:06.0512 0x06d8  RpcSs - ok
13:17:06.0543 0x06d8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:17:06.0543 0x06d8  rspndr - ok
13:17:06.0543 0x06d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
13:17:06.0543 0x06d8  SamSs - ok
13:17:06.0574 0x06d8  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:17:06.0574 0x06d8  SASDIFSV - ok
13:17:06.0590 0x06d8  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:17:06.0590 0x06d8  SASKUTIL - ok
13:17:06.0605 0x06d8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:17:06.0605 0x06d8  sbp2port - ok
13:17:06.0621 0x06d8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:17:06.0621 0x06d8  SCardSvr - ok
13:17:06.0637 0x06d8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:17:06.0637 0x06d8  scfilter - ok
13:17:06.0668 0x06d8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:17:06.0699 0x06d8  Schedule - ok
13:17:06.0730 0x06d8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:17:06.0730 0x06d8  SCPolicySvc - ok
13:17:06.0746 0x06d8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:17:06.0746 0x06d8  SDRSVC - ok
13:17:06.0746 0x06d8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:17:06.0761 0x06d8  secdrv - ok
13:17:06.0761 0x06d8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
13:17:06.0761 0x06d8  seclogon - ok
13:17:06.0839 0x06d8  [ DBFC4D4CF09507092B0370CEB33D8903, CD7D2E936A300F5322820EF55CF2C0FAACA5D4DE023D3B39FA13348D56368856 ] SecureUpdateSvc C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe
13:17:08.0072 0x06d8  SecureUpdateSvc - ok
13:17:08.0087 0x06d8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
13:17:08.0087 0x06d8  SENS - ok
13:17:08.0134 0x06d8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:17:08.0134 0x06d8  SensrSvc - ok
13:17:08.0150 0x06d8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:17:08.0165 0x06d8  Serenum - ok
13:17:08.0181 0x06d8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:17:08.0181 0x06d8  Serial - ok
13:17:08.0228 0x06d8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:17:08.0228 0x06d8  sermouse - ok
13:17:08.0243 0x06d8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:17:08.0243 0x06d8  SessionEnv - ok
13:17:08.0259 0x06d8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:17:08.0259 0x06d8  sffdisk - ok
13:17:08.0259 0x06d8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:17:08.0259 0x06d8  sffp_mmc - ok
13:17:08.0259 0x06d8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:17:08.0275 0x06d8  sffp_sd - ok
13:17:08.0275 0x06d8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:17:08.0290 0x06d8  sfloppy - ok
13:17:08.0290 0x06d8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:17:08.0306 0x06d8  SharedAccess - ok
13:17:08.0321 0x06d8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:17:08.0321 0x06d8  ShellHWDetection - ok
13:17:08.0368 0x06d8  [ E9E830D540EDEDED650F906628468548, 9800160C6807B28A2A1E57810151473C96F1484F2EF75D3E378E8C96440CD4CE ] simptcp         C:\Windows\System32\tcpsvcs.exe
13:17:08.0368 0x06d8  simptcp - ok
13:17:08.0384 0x06d8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:17:08.0384 0x06d8  SiSRaid2 - ok
13:17:08.0384 0x06d8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:17:08.0384 0x06d8  SiSRaid4 - ok
13:17:08.0415 0x06d8  [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:17:08.0415 0x06d8  SkypeUpdate - ok
13:17:08.0431 0x06d8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:17:08.0431 0x06d8  Smb - ok
13:17:08.0462 0x06d8  [ CA62AE004E98374BF7F082CD765EEA02, A53243F4B9D798802CD6673EA9D7DC245F26A2216172DAD53547B9BC4D5DBA77 ] SNMP            C:\Windows\System32\snmp.exe
13:17:08.0462 0x06d8  SNMP - ok
13:17:08.0493 0x06d8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:17:08.0493 0x06d8  SNMPTRAP - ok
13:17:08.0493 0x06d8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:17:08.0493 0x06d8  spldr - ok
13:17:08.0524 0x06d8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
13:17:08.0540 0x06d8  Spooler - ok
13:17:08.0633 0x06d8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:17:08.0696 0x06d8  sppsvc - ok
13:17:08.0727 0x06d8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:17:08.0727 0x06d8  sppuinotify - ok
13:17:08.0758 0x06d8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:17:08.0774 0x06d8  srv - ok
13:17:08.0789 0x06d8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:17:08.0805 0x06d8  srv2 - ok
13:17:08.0805 0x06d8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:17:08.0821 0x06d8  srvnet - ok
13:17:08.0852 0x06d8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:17:08.0852 0x06d8  SSDPSRV - ok
13:17:08.0867 0x06d8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:17:08.0867 0x06d8  SstpSvc - ok
13:17:08.0883 0x06d8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:17:08.0883 0x06d8  stexstor - ok
13:17:08.0930 0x06d8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:17:08.0930 0x06d8  stisvc - ok
13:17:08.0945 0x06d8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:17:08.0945 0x06d8  swenum - ok
13:17:08.0977 0x06d8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:17:08.0977 0x06d8  swprv - ok
13:17:09.0055 0x06d8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
13:17:09.0086 0x06d8  SysMain - ok
13:17:09.0117 0x06d8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:17:09.0117 0x06d8  TabletInputService - ok
13:17:09.0133 0x06d8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:17:09.0148 0x06d8  TapiSrv - ok
13:17:09.0148 0x06d8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:17:09.0148 0x06d8  TBS - ok
13:17:09.0211 0x06d8  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:17:09.0257 0x06d8  Tcpip - ok
13:17:09.0304 0x06d8  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:17:09.0335 0x06d8  TCPIP6 - ok
13:17:09.0382 0x06d8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:17:09.0382 0x06d8  tcpipreg - ok
13:17:09.0398 0x06d8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:17:09.0398 0x06d8  TDPIPE - ok
13:17:09.0413 0x06d8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:17:09.0413 0x06d8  TDTCP - ok
13:17:09.0445 0x06d8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:17:09.0445 0x06d8  tdx - ok
13:17:09.0445 0x06d8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:17:09.0445 0x06d8  TermDD - ok
13:17:09.0476 0x06d8  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
13:17:09.0491 0x06d8  TermService - ok
13:17:09.0491 0x06d8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:17:09.0507 0x06d8  Themes - ok
13:17:09.0523 0x06d8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:17:09.0523 0x06d8  THREADORDER - ok
13:17:09.0554 0x06d8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:17:09.0554 0x06d8  TrkWks - ok
13:17:09.0616 0x06d8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:17:09.0616 0x06d8  TrustedInstaller - ok
13:17:09.0632 0x06d8  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:17:09.0632 0x06d8  tssecsrv - ok
13:17:09.0663 0x06d8  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:17:09.0663 0x06d8  TsUsbFlt - ok
13:17:09.0679 0x06d8  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:17:09.0679 0x06d8  TsUsbGD - ok
13:17:09.0694 0x06d8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:17:09.0710 0x06d8  tunnel - ok
13:17:09.0725 0x06d8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:17:09.0725 0x06d8  uagp35 - ok
13:17:09.0741 0x06d8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:17:09.0741 0x06d8  udfs - ok
13:17:09.0741 0x06d8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:17:09.0757 0x06d8  UI0Detect - ok
13:17:09.0757 0x06d8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:17:09.0757 0x06d8  uliagpkx - ok
13:17:09.0788 0x06d8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:17:09.0788 0x06d8  umbus - ok
13:17:09.0803 0x06d8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:17:09.0803 0x06d8  UmPass - ok
13:17:09.0913 0x06d8  [ CD114CE02A10FA79C229770788106842, A02E0FE0865CE7E14D27F23CE748F5EFBE3F14CA350B0F26623E174227F30643 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:17:09.0959 0x06d8  UNS - ok
13:17:09.0991 0x06d8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:17:09.0991 0x06d8  upnphost - ok
13:17:10.0037 0x06d8  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:17:10.0037 0x06d8  usbaudio - ok
13:17:10.0069 0x06d8  [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:17:10.0069 0x06d8  usbccgp - ok
13:17:10.0084 0x06d8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:17:10.0084 0x06d8  usbcir - ok
13:17:10.0115 0x06d8  [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:17:10.0115 0x06d8  usbehci - ok
13:17:10.0131 0x06d8  [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:17:10.0147 0x06d8  usbhub - ok
13:17:10.0147 0x06d8  [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:17:10.0147 0x06d8  usbohci - ok
13:17:10.0162 0x06d8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
13:17:10.0162 0x06d8  usbprint - ok
13:17:10.0193 0x06d8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
13:17:10.0193 0x06d8  USBSTOR - ok
13:17:10.0209 0x06d8  [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:17:10.0225 0x06d8  usbuhci - ok
13:17:10.0256 0x06d8  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:17:10.0256 0x06d8  usbvideo - ok
13:17:10.0271 0x06d8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:17:10.0271 0x06d8  UxSms - ok
13:17:10.0303 0x06d8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
13:17:10.0303 0x06d8  VaultSvc - ok
13:17:10.0318 0x06d8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:17:10.0318 0x06d8  vdrvroot - ok
13:17:10.0334 0x06d8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:17:10.0349 0x06d8  vds - ok
13:17:10.0365 0x06d8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:17:10.0381 0x06d8  vga - ok
13:17:10.0381 0x06d8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:17:10.0381 0x06d8  VgaSave - ok
13:17:10.0396 0x06d8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:17:10.0396 0x06d8  vhdmp - ok
13:17:10.0412 0x06d8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:17:10.0412 0x06d8  viaide - ok
13:17:10.0427 0x06d8  [ 639AC4E25B001CC471872A77E20A4CAB, F1D2CF3C99A721A4FF839E77A55C09D49D4FF37130F8EF8A452AAD1DBF95FEB2 ] VirtuWDDM       C:\Windows\system32\DRIVERS\VirtuWDDM.sys
13:17:10.0427 0x06d8  VirtuWDDM - ok
13:17:10.0443 0x06d8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:17:10.0443 0x06d8  volmgr - ok
13:17:10.0459 0x06d8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:17:10.0459 0x06d8  volmgrx - ok
13:17:10.0474 0x06d8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:17:10.0490 0x06d8  volsnap - ok
13:17:10.0505 0x06d8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:17:10.0505 0x06d8  vsmraid - ok
13:17:10.0537 0x06d8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:17:10.0583 0x06d8  VSS - ok
13:17:10.0583 0x06d8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:17:10.0583 0x06d8  vwifibus - ok
13:17:10.0615 0x06d8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:17:10.0615 0x06d8  W32Time - ok
13:17:10.0693 0x06d8  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
13:17:10.0693 0x06d8  W3SVC - ok
13:17:10.0708 0x06d8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:17:10.0708 0x06d8  WacomPen - ok
13:17:10.0724 0x06d8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:17:10.0724 0x06d8  WANARP - ok
13:17:10.0739 0x06d8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:17:10.0739 0x06d8  Wanarpv6 - ok
13:17:10.0755 0x06d8  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
13:17:10.0771 0x06d8  WAS - ok
13:17:10.0817 0x06d8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:17:10.0833 0x06d8  WatAdminSvc - ok
13:17:10.0880 0x06d8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:17:10.0911 0x06d8  wbengine - ok
13:17:10.0927 0x06d8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:17:10.0927 0x06d8  WbioSrvc - ok
13:17:10.0942 0x06d8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:17:10.0958 0x06d8  wcncsvc - ok
13:17:10.0973 0x06d8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:17:10.0973 0x06d8  WcsPlugInService - ok
13:17:10.0973 0x06d8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
13:17:10.0989 0x06d8  Wd - ok
13:17:11.0020 0x06d8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:17:11.0036 0x06d8  Wdf01000 - ok
13:17:11.0051 0x06d8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:17:11.0051 0x06d8  WdiServiceHost - ok
13:17:11.0051 0x06d8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:17:11.0067 0x06d8  WdiSystemHost - ok
13:17:11.0083 0x06d8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
13:17:11.0083 0x06d8  WebClient - ok
13:17:11.0098 0x06d8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:17:11.0114 0x06d8  Wecsvc - ok
13:17:11.0129 0x06d8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:17:11.0129 0x06d8  wercplsupport - ok
13:17:11.0145 0x06d8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:17:11.0161 0x06d8  WerSvc - ok
13:17:11.0176 0x06d8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:17:11.0176 0x06d8  WfpLwf - ok
13:17:11.0192 0x06d8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:17:11.0192 0x06d8  WIMMount - ok
13:17:11.0207 0x06d8  WinDefend - ok
13:17:11.0207 0x06d8  WinHttpAutoProxySvc - ok
13:17:11.0270 0x06d8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:17:11.0270 0x06d8  Winmgmt - ok
13:17:11.0285 0x06d8  WinRing0_1_2_0 - ok
13:17:11.0348 0x06d8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:17:11.0395 0x06d8  WinRM - ok
13:17:11.0426 0x06d8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:17:11.0426 0x06d8  WinUsb - ok
13:17:11.0441 0x06d8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:17:11.0457 0x06d8  Wlansvc - ok
13:17:11.0551 0x06d8  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:17:11.0597 0x06d8  wlidsvc - ok
13:17:11.0613 0x06d8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:17:11.0613 0x06d8  WmiAcpi - ok
13:17:11.0629 0x06d8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:17:11.0644 0x06d8  wmiApSrv - ok
13:17:11.0644 0x06d8  WMPNetworkSvc - ok
13:17:11.0644 0x06d8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:17:11.0660 0x06d8  WPCSvc - ok
13:17:11.0660 0x06d8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:17:11.0675 0x06d8  WPDBusEnum - ok
13:17:11.0675 0x06d8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:17:11.0675 0x06d8  ws2ifsl - ok
13:17:11.0691 0x06d8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
13:17:11.0691 0x06d8  wscsvc - ok
13:17:11.0691 0x06d8  WSearch - ok
13:17:11.0753 0x06d8  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:17:11.0816 0x06d8  wuauserv - ok
13:17:11.0831 0x06d8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:17:11.0847 0x06d8  WudfPf - ok
13:17:11.0863 0x06d8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:17:11.0863 0x06d8  WUDFRd - ok
13:17:11.0878 0x06d8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:17:11.0878 0x06d8  wudfsvc - ok
13:17:11.0909 0x06d8  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:17:11.0925 0x06d8  WwanSvc - ok
13:17:11.0941 0x06d8  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
13:17:11.0941 0x06d8  xusb21 - ok
13:17:11.0956 0x06d8  ================ Scan global ===============================
13:17:11.0987 0x06d8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:17:12.0019 0x06d8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:17:12.0034 0x06d8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:17:12.0050 0x06d8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:17:12.0065 0x06d8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:17:12.0081 0x06d8  [ Global ] - ok
13:17:12.0081 0x06d8  ================ Scan MBR ==================================
13:17:12.0081 0x06d8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:17:12.0206 0x06d8  \Device\Harddisk0\DR0 - ok
13:17:12.0206 0x06d8  ================ Scan VBR ==================================
13:17:12.0221 0x06d8  [ 9529AEEFE3ECD248474C9B41BFB79B89 ] \Device\Harddisk0\DR0\Partition1
13:17:12.0221 0x06d8  \Device\Harddisk0\DR0\Partition1 - ok
13:17:12.0237 0x06d8  [ D50FF7FA511D443683140EA594077797 ] \Device\Harddisk0\DR0\Partition2
13:17:12.0237 0x06d8  \Device\Harddisk0\DR0\Partition2 - ok
13:17:12.0237 0x06d8  Waiting for KSN requests completion. In queue: 305
13:17:13.0251 0x06d8  Waiting for KSN requests completion. In queue: 305
13:17:14.0265 0x06d8  Waiting for KSN requests completion. In queue: 305
13:17:15.0279 0x06d8  Waiting for KSN requests completion. In queue: 305
13:17:16.0418 0x06d8  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
13:17:16.0433 0x06d8  Win FW state via NFP2: enabled
13:17:19.0288 0x06d8  ============================================================
13:17:19.0288 0x06d8  Scan finished
13:17:19.0288 0x06d8  ============================================================
13:17:19.0288 0x10b8  Detected object count: 0
13:17:19.0288 0x10b8  Actual detected object count: 0
13:17:28.0414 0x12c0  Deinitialize success

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-10 13:18:06
-----------------------------
13:18:06.195    OS Version: Windows x64 6.1.7601 Service Pack 1
13:18:06.195    Number of processors: 4 586 0x2A07
13:18:06.195    ComputerName: MYPC  UserName:
13:18:07.337    Initialize success
13:19:13.783    AVAST engine defs: 14010701
13:19:28.572    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-4
13:19:28.572    Disk 0 Vendor: ST1000DM003-9YN162 CC47 Size: 953869MB BusType: 3
13:19:28.681    Disk 0 MBR read successfully
13:19:28.681    Disk 0 MBR scan
13:19:28.681    Disk 0 Windows 7 default MBR code
13:19:28.697    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:19:28.743    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
13:19:28.790    Disk 0 scanning C:\Windows\system32\drivers
13:19:38.946    Service scanning
13:20:00.443    Modules scanning
13:20:00.443    Disk 0 trace - called modules:
13:20:00.458    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:20:00.458    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009b35060]
13:20:00.458    3 CLASSPNP.SYS[fffff880015af43f] -> nt!IofCallDriver -> [0xfffffa800872c9b0]
13:20:00.458    5 ACPI.sys[fffff88000f487a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-4[0xfffffa8008729060]
13:20:01.691    AVAST engine scan C:\Windows
13:20:04.062    AVAST engine scan C:\Windows\system32
13:22:50.842    AVAST engine scan C:\Windows\system32\drivers
13:23:02.823    AVAST engine scan C:\Users\Cosito
13:24:44.457    AVAST engine scan C:\ProgramData
13:25:27.825    Scan finished successfully
13:30:51.355    Disk 0 MBR has been saved successfully to "C:\Users\Cosito\Desktop\MBR.dat"
13:30:51.386    The log file has been saved successfully to "C:\Users\Cosito\Desktop\aswMBR.txt"

 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:02 PM

Posted 10 January 2014 - 02:59 PM

Thanks, I didn't expect to find anything but we needed to check anyway.

Please run this for me.

===================================================

Running Chkdsk /r From Command Prompt

--------------------
  • Close any open programs
  • Click Start, Programs, Accessories
  • Right click on Command Prompt and select Run as Administrator
  • Copy and paste the following after the command prompt and press Enter

CMD /C ECHO Y|CHKDSK C: /R | SHUTDOWN /R /T 10

  • Please allow the system to reboot on its own and run the program. This may take a bit of time
  • When completed your system will automatically reboot
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did chkdsk run successfully?
  • Any change?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 DjChumpchange

DjChumpchange
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 10 January 2014 - 05:23 PM

This popped up upon restart. RegisterDLL: Error - Invalid root in registry key "HKCU\Software\Classes\CLSID\{c30987fe-5374-4f38-812b-82f9ceeaaaf7}\".






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users