Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probable Virus/malaware/trojans Need help!!!


  • This topic is locked This topic is locked
20 replies to this topic

#1 Birdfeather

Birdfeather

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 11 January 2014 - 01:50 AM

Hi all. I've recently have ran into a problem with my computer. My internet is running significantly slower than other members of my house hold. I'm an online game and have been getting constant ping strikes from 100-400 while my brother whole I also play with, has a constant 50-60 ping. He is also further from the router than me which also worries me, I  use to always have slightly better ping than him, but as of lately my internet has been running very slowly on my computer, while his remains constant. I suspect some malware of some sort, and I've tried some things myself such as kaspersky with no luck. Any help would be appreciated, here is my logs.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Ryan at 23:40:28 on 2014-01-10
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8153.6491 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
R:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: YoutubeAdblocker: {E0DCF27A-ED8B-B910-5778-2A8ADC15F410} -
BHO: surf aand keep: {E96EC74F-2ABB-B6AE-1DDE-7574F85E58D5} -
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [AdobeBridge] <no file>
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{E15F0490-E8F8-409B-80AF-32CAF63248D6} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.google.com
x64-BHO: SearchNewTab: {C69F808E-AB80-A26F-ABA9-D30B8C0DE9DD} -
x64-BHO: YoutubeAdblocker: {E0DCF27A-ED8B-B910-5778-2A8ADC15F410} -
x64-BHO: surf aand keep: {E96EC74F-2ABB-B6AE-1DDE-7574F85E58D5} -
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\g7oxst88.default-1385696217819\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL -
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: R:\Program Files (x86)\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - ExtSQL: 2013-11-28 21:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\g7oxst88.default-1385696217819\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-9-23 283200]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-7-1 161560]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-5 1370912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-7-30 15128352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-1 363800]
R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2008-7-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2008-7-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-5 39200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-11-28 32512]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 vm3dmp;vm3dmp;C:\Windows\System32\drivers\vm3dmp.sys [2012-1-17 138352]
S3 vmmouse;VMware Pointing Device;C:\Windows\System32\drivers\vmmouse.sys [2012-1-17 13872]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-15 1255736]
.
=============== Created Last 30 ================
.
2014-01-10 04:41:30    10315576    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E48F5A96-40E6-4986-BB71-B190A2BCCB6C}\mpengine.dll
2014-01-07 21:52:16    10315576    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-29 02:09:27    --------    d-----w-    C:\ProgramData\DAEMON Tools Pro
2013-12-20 21:49:47    --------    d-----w-    C:\Users\Ryan\AppData\Local\SKIDROW
2013-12-20 21:43:08    84    ----a-w-    C:\Program Files (x86)\update-bioshock_Inf.bat
2013-12-20 21:43:08    --------    d-----w-    C:\Program Files (x86)\BioShock Infinite
.
==================== Find3M  ====================
.
2013-12-11 07:34:14    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-11 07:34:13    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-29 16:56:58    1096480    ----a-w-    C:\Windows\System32\nvspcap64.dll
2013-11-29 16:56:57    979744    ----a-w-    C:\Windows\SysWow64\nvspcap.dll
2013-11-29 04:28:53    32512    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-19 10:21:41    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 17:03:12    39200    ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
2013-10-30 17:02:58    35104    ----a-w-    C:\Windows\System32\nvaudcap64v.dll
2013-10-30 17:02:56    32544    ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31    3155968    ----a-w-    C:\Windows\System32\win32k.sys
2013-10-23 10:02:36    589600    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2013-10-23 08:20:08    6669600    ----a-w-    C:\Windows\System32\nvcpl.dll
2013-10-23 08:20:07    3489568    ----a-w-    C:\Windows\System32\nvsvc64.dll
2013-10-23 08:20:05    922912    ----a-w-    C:\Windows\System32\nvvsvc.exe
2013-10-23 08:20:05    63776    ----a-w-    C:\Windows\System32\nvshext.dll
2013-10-23 08:20:05    219424    ----a-w-    C:\Windows\System32\nvmctray.dll
2013-10-23 08:20:03    3426956    ----a-w-    C:\Windows\System32\nvcoproc.bin
2013-10-19 02:18:57    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH: 23:40:35.67 ===============
 

 



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:18 PM

Posted 14 January 2014 - 03:11 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------

 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 Birdfeather

Birdfeather
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 15 January 2014 - 03:15 AM

Hello Jeff, thank you for all the help you're providing me it is much appreciated! Here are the logs you've asked me to provide.

 

Hello Jeff, your help is much appreciated. Here are the logs you asked for. Thank you again for the help.

00:54:12.0114 0x12f8  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
00:54:21.0371 0x12f8  ============================================================
00:54:21.0371 0x12f8  Current date / time: 2014/01/15 00:54:21.0371
00:54:21.0371 0x12f8  SystemInfo:
00:54:21.0371 0x12f8  
00:54:21.0371 0x12f8  OS Version: 6.1.7601 ServicePack: 1.0
00:54:21.0371 0x12f8  Product type: Workstation
00:54:21.0371 0x12f8  ComputerName: RYAN-PC
00:54:21.0371 0x12f8  UserName: Ryan
00:54:21.0371 0x12f8  Windows directory: C:\Windows
00:54:21.0371 0x12f8  System windows directory: C:\Windows
00:54:21.0371 0x12f8  Running under WOW64
00:54:21.0371 0x12f8  Processor architecture: Intel x64
00:54:21.0371 0x12f8  Number of processors: 4
00:54:21.0371 0x12f8  Page size: 0x1000
00:54:21.0371 0x12f8  Boot type: Normal boot
00:54:21.0371 0x12f8  ============================================================
00:54:21.0518 0x12f8  KLMD registered as C:\Windows\system32\drivers\24984801.sys
00:54:21.0584 0x12f8  System UUID: {508DCC42-21C1-4CA6-BB2E-FB47F1398AF2}
00:54:21.0859 0x12f8  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:54:21.0859 0x12f8  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:54:21.0885 0x12f8  Drive \Device\Harddisk2\DR2 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:54:21.0886 0x12f8  ============================================================
00:54:21.0886 0x12f8  \Device\Harddisk1\DR1:
00:54:21.0886 0x12f8  GPT partitions:
00:54:21.0887 0x12f8  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {5CD2E469-C886-4409-851D-F158E516760D}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
00:54:21.0887 0x12f8  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {3CBE2A15-1F46-4AC7-B922-8615342396D2}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
00:54:21.0887 0x12f8  MBR partitions:
00:54:21.0887 0x12f8  \Device\Harddisk0\DR0:
00:54:21.0887 0x12f8  MBR partitions:
00:54:21.0887 0x12f8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:54:21.0887 0x12f8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
00:54:21.0887 0x12f8  \Device\Harddisk2\DR2:
00:54:21.0887 0x12f8  MBR partitions:
00:54:21.0887 0x12f8  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
00:54:21.0887 0x12f8  ============================================================
00:54:21.0889 0x12f8  C: <-> \Device\Harddisk0\DR0\Partition2
00:54:21.0916 0x12f8  R: <-> \Device\Harddisk1\DR1\Partition2
00:54:21.0916 0x12f8  ============================================================
00:54:21.0916 0x12f8  Initialize success
00:54:21.0916 0x12f8  ============================================================
00:54:27.0009 0x10c0  ============================================================
00:54:27.0009 0x10c0  Scan started
00:54:27.0009 0x10c0  Mode: Manual;
00:54:27.0009 0x10c0  ============================================================
00:54:27.0009 0x10c0  KSN ping started
00:54:29.0435 0x10c0  KSN ping finished: true
00:54:29.0538 0x10c0  ================ Scan system memory ========================
00:54:29.0538 0x10c0  System memory - ok
00:54:29.0538 0x10c0  ================ Scan services =============================
00:54:29.0567 0x10c0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
00:54:29.0571 0x10c0  1394ohci - ok
00:54:29.0583 0x10c0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:54:29.0588 0x10c0  ACPI - ok
00:54:29.0590 0x10c0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:54:29.0591 0x10c0  AcpiPmi - ok
00:54:29.0595 0x10c0  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:54:29.0597 0x10c0  AdobeARMservice - ok
00:54:29.0618 0x10c0  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:54:29.0621 0x10c0  AdobeFlashPlayerUpdateSvc - ok
00:54:29.0631 0x10c0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:54:29.0638 0x10c0  adp94xx - ok
00:54:29.0645 0x10c0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:54:29.0650 0x10c0  adpahci - ok
00:54:29.0655 0x10c0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:54:29.0658 0x10c0  adpu320 - ok
00:54:29.0662 0x10c0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:54:29.0663 0x10c0  AeLookupSvc - ok
00:54:29.0672 0x10c0  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
00:54:29.0678 0x10c0  AFD - ok
00:54:29.0681 0x10c0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
00:54:29.0683 0x10c0  agp440 - ok
00:54:29.0685 0x10c0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
00:54:29.0687 0x10c0  ALG - ok
00:54:29.0689 0x10c0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:54:29.0690 0x10c0  aliide - ok
00:54:29.0692 0x10c0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
00:54:29.0693 0x10c0  amdide - ok
00:54:29.0695 0x10c0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
00:54:29.0697 0x10c0  AmdK8 - ok
00:54:29.0699 0x10c0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
00:54:29.0701 0x10c0  AmdPPM - ok
00:54:29.0704 0x10c0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:54:29.0706 0x10c0  amdsata - ok
00:54:29.0710 0x10c0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
00:54:29.0713 0x10c0  amdsbs - ok
00:54:29.0716 0x10c0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:54:29.0716 0x10c0  amdxata - ok
00:54:29.0719 0x10c0  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
00:54:29.0720 0x10c0  AppID - ok
00:54:29.0722 0x10c0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:54:29.0723 0x10c0  AppIDSvc - ok
00:54:29.0726 0x10c0  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
00:54:29.0728 0x10c0  Appinfo - ok
00:54:29.0732 0x10c0  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:54:29.0733 0x10c0  Apple Mobile Device - ok
00:54:29.0739 0x10c0  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
00:54:29.0742 0x10c0  AppMgmt - ok
00:54:29.0745 0x10c0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
00:54:29.0747 0x10c0  arc - ok
00:54:29.0750 0x10c0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:54:29.0752 0x10c0  arcsas - ok
00:54:29.0762 0x10c0  [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:54:29.0763 0x10c0  aspnet_state - ok
00:54:29.0765 0x10c0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:54:29.0766 0x10c0  AsyncMac - ok
00:54:29.0768 0x10c0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
00:54:29.0769 0x10c0  atapi - ok
00:54:29.0796 0x10c0  [ EA0AF9B866DF07E8FE6C2342585788B0, BE8E799C1ED36B9DC6BEAB40E8B460464C01014DEC021760FB19626C77550792 ] athur           C:\Windows\system32\DRIVERS\athurx.sys
00:54:29.0817 0x10c0  athur - ok
00:54:29.0829 0x10c0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:54:29.0839 0x10c0  AudioEndpointBuilder - ok
00:54:29.0850 0x10c0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:54:29.0857 0x10c0  AudioSrv - ok
00:54:29.0861 0x10c0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:54:29.0863 0x10c0  AxInstSV - ok
00:54:29.0871 0x10c0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
00:54:29.0878 0x10c0  b06bdrv - ok
00:54:29.0884 0x10c0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:54:29.0888 0x10c0  b57nd60a - ok
00:54:29.0893 0x10c0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:54:29.0895 0x10c0  BDESVC - ok
00:54:29.0898 0x10c0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:54:29.0899 0x10c0  Beep - ok
00:54:29.0910 0x10c0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
00:54:29.0920 0x10c0  BFE - ok
00:54:29.0934 0x10c0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
00:54:29.0946 0x10c0  BITS - ok
00:54:29.0949 0x10c0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:54:29.0950 0x10c0  blbdrive - ok
00:54:29.0953 0x10c0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:54:29.0955 0x10c0  bowser - ok
00:54:29.0957 0x10c0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
00:54:29.0958 0x10c0  BrFiltLo - ok
00:54:29.0959 0x10c0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
00:54:29.0960 0x10c0  BrFiltUp - ok
00:54:29.0964 0x10c0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
00:54:29.0966 0x10c0  Browser - ok
00:54:29.0972 0x10c0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:54:29.0977 0x10c0  Brserid - ok
00:54:29.0980 0x10c0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:54:29.0981 0x10c0  BrSerWdm - ok
00:54:29.0983 0x10c0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:54:29.0983 0x10c0  BrUsbMdm - ok
00:54:29.0985 0x10c0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:54:29.0986 0x10c0  BrUsbSer - ok
00:54:29.0989 0x10c0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
00:54:29.0990 0x10c0  BTHMODEM - ok
00:54:29.0995 0x10c0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
00:54:29.0996 0x10c0  bthserv - ok
00:54:29.0999 0x10c0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:54:30.0001 0x10c0  cdfs - ok
00:54:30.0005 0x10c0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:54:30.0007 0x10c0  cdrom - ok
00:54:30.0014 0x10c0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
00:54:30.0015 0x10c0  CertPropSvc - ok
00:54:30.0018 0x10c0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
00:54:30.0019 0x10c0  circlass - ok
00:54:30.0026 0x10c0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
00:54:30.0031 0x10c0  CLFS - ok
00:54:30.0036 0x10c0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:54:30.0038 0x10c0  clr_optimization_v2.0.50727_32 - ok
00:54:30.0043 0x10c0  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:54:30.0045 0x10c0  clr_optimization_v2.0.50727_64 - ok
00:54:30.0054 0x10c0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:54:30.0056 0x10c0  clr_optimization_v4.0.30319_32 - ok
00:54:30.0060 0x10c0  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:54:30.0063 0x10c0  clr_optimization_v4.0.30319_64 - ok
00:54:30.0065 0x10c0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
00:54:30.0066 0x10c0  CmBatt - ok
00:54:30.0068 0x10c0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:54:30.0068 0x10c0  cmdide - ok
00:54:30.0077 0x10c0  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
00:54:30.0084 0x10c0  CNG - ok
00:54:30.0086 0x10c0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
00:54:30.0087 0x10c0  Compbatt - ok
00:54:30.0089 0x10c0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
00:54:30.0090 0x10c0  CompositeBus - ok
00:54:30.0091 0x10c0  COMSysApp - ok
00:54:30.0094 0x10c0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
00:54:30.0095 0x10c0  crcdisk - ok
00:54:30.0100 0x10c0  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:54:30.0103 0x10c0  CryptSvc - ok
00:54:30.0112 0x10c0  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
00:54:30.0120 0x10c0  CSC - ok
00:54:30.0131 0x10c0  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
00:54:30.0141 0x10c0  CscService - ok
00:54:30.0151 0x10c0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:54:30.0158 0x10c0  DcomLaunch - ok
00:54:30.0165 0x10c0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
00:54:30.0169 0x10c0  defragsvc - ok
00:54:30.0173 0x10c0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:54:30.0174 0x10c0  DfsC - ok
00:54:30.0181 0x10c0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:54:30.0186 0x10c0  Dhcp - ok
00:54:30.0188 0x10c0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
00:54:30.0189 0x10c0  discache - ok
00:54:30.0191 0x10c0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
00:54:30.0193 0x10c0  Disk - ok
00:54:30.0195 0x10c0  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
00:54:30.0197 0x10c0  dmvsc - ok
00:54:30.0201 0x10c0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:54:30.0204 0x10c0  Dnscache - ok
00:54:30.0210 0x10c0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:54:30.0214 0x10c0  dot3svc - ok
00:54:30.0218 0x10c0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
00:54:30.0221 0x10c0  DPS - ok
00:54:30.0223 0x10c0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:54:30.0224 0x10c0  drmkaud - ok
00:54:30.0230 0x10c0  [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:54:30.0233 0x10c0  dtsoftbus01 - ok
00:54:30.0249 0x10c0  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:54:30.0259 0x10c0  DXGKrnl - ok
00:54:30.0264 0x10c0  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD, 967829CE37158020F6026C588260FCFC6F9852DDDACD622FAF7AB75121DF5B3D ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
00:54:30.0267 0x10c0  E1G60 - ok
00:54:30.0270 0x10c0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
00:54:30.0272 0x10c0  EapHost - ok
00:54:30.0318 0x10c0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
00:54:30.0362 0x10c0  ebdrv - ok
00:54:30.0367 0x10c0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
00:54:30.0368 0x10c0  EFS - ok
00:54:30.0381 0x10c0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:54:30.0391 0x10c0  ehRecvr - ok
00:54:30.0395 0x10c0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
00:54:30.0397 0x10c0  ehSched - ok
00:54:30.0407 0x10c0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
00:54:30.0414 0x10c0  elxstor - ok
00:54:30.0417 0x10c0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:54:30.0417 0x10c0  ErrDev - ok
00:54:30.0420 0x10c0  esgiguard - ok
00:54:30.0429 0x10c0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
00:54:30.0434 0x10c0  EventSystem - ok
00:54:30.0439 0x10c0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
00:54:30.0443 0x10c0  exfat - ok
00:54:30.0447 0x10c0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:54:30.0451 0x10c0  fastfat - ok
00:54:30.0462 0x10c0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
00:54:30.0472 0x10c0  Fax - ok
00:54:30.0474 0x10c0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
00:54:30.0475 0x10c0  fdc - ok
00:54:30.0477 0x10c0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
00:54:30.0478 0x10c0  fdPHost - ok
00:54:30.0481 0x10c0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:54:30.0482 0x10c0  FDResPub - ok
00:54:30.0485 0x10c0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:54:30.0486 0x10c0  FileInfo - ok
00:54:30.0488 0x10c0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:54:30.0489 0x10c0  Filetrace - ok
00:54:30.0491 0x10c0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
00:54:30.0492 0x10c0  flpydisk - ok
00:54:30.0497 0x10c0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:54:30.0502 0x10c0  FltMgr - ok
00:54:30.0519 0x10c0  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
00:54:30.0536 0x10c0  FontCache - ok
00:54:30.0539 0x10c0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:54:30.0541 0x10c0  FontCache3.0.0.0 - ok
00:54:30.0543 0x10c0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:54:30.0544 0x10c0  FsDepends - ok
00:54:30.0547 0x10c0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:54:30.0547 0x10c0  Fs_Rec - ok
00:54:30.0552 0x10c0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:54:30.0555 0x10c0  fvevol - ok
00:54:30.0558 0x10c0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
00:54:30.0560 0x10c0  gagp30kx - ok
00:54:30.0561 0x10c0  gdrv - ok
00:54:30.0564 0x10c0  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:54:30.0565 0x10c0  GEARAspiWDM - ok
00:54:30.0576 0x10c0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
00:54:30.0587 0x10c0  gpsvc - ok
00:54:30.0590 0x10c0  [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
00:54:30.0591 0x10c0  grmnusb - ok
00:54:30.0593 0x10c0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:54:30.0594 0x10c0  hcw85cir - ok
00:54:30.0601 0x10c0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:54:30.0606 0x10c0  HdAudAddService - ok
00:54:30.0609 0x10c0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
00:54:30.0611 0x10c0  HDAudBus - ok
00:54:30.0614 0x10c0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
00:54:30.0615 0x10c0  HidBatt - ok
00:54:30.0618 0x10c0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
00:54:30.0620 0x10c0  HidBth - ok
00:54:30.0622 0x10c0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
00:54:30.0623 0x10c0  HidIr - ok
00:54:30.0626 0x10c0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
00:54:30.0627 0x10c0  hidserv - ok
00:54:30.0629 0x10c0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:54:30.0630 0x10c0  HidUsb - ok
00:54:30.0633 0x10c0  [ FCE2251FE4464DCAA2F4684F19A8EE9B, 8062CD636DEFA8E160427BC2C61BC5C0DAA5396E16ABE9353B27C217FDE70B04 ] hitmanpro37     C:\Windows\system32\drivers\hitmanpro37.sys
00:54:30.0634 0x10c0  hitmanpro37 - ok
00:54:30.0637 0x10c0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:54:30.0639 0x10c0  hkmsvc - ok
00:54:30.0644 0x10c0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:54:30.0648 0x10c0  HomeGroupListener - ok
00:54:30.0653 0x10c0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:54:30.0656 0x10c0  HomeGroupProvider - ok
00:54:30.0659 0x10c0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:54:30.0661 0x10c0  HpSAMD - ok
00:54:30.0673 0x10c0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:54:30.0683 0x10c0  HTTP - ok
00:54:30.0686 0x10c0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:54:30.0686 0x10c0  hwpolicy - ok
00:54:30.0689 0x10c0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
00:54:30.0691 0x10c0  i8042prt - ok
00:54:30.0699 0x10c0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:54:30.0705 0x10c0  iaStorV - ok
00:54:30.0719 0x10c0  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:54:30.0731 0x10c0  idsvc - ok
00:54:30.0734 0x10c0  IEEtwCollectorService - ok
00:54:30.0737 0x10c0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
00:54:30.0738 0x10c0  iirsp - ok
00:54:30.0751 0x10c0  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
00:54:30.0763 0x10c0  IKEEXT - ok
00:54:30.0781 0x10c0  [ 2D66067C7A8A0112156BCD1C0BAA7042, 89F77EEE59FF3AD2E777DA15187F1447F6E112E8831417A0DE656ACB82E7B22E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
00:54:31.0353 0x10c0  Intel® Capability Licensing Service Interface - ok
00:54:31.0355 0x10c0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
00:54:31.0356 0x10c0  intelide - ok
00:54:31.0359 0x10c0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:54:31.0360 0x10c0  intelppm - ok
00:54:31.0363 0x10c0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:54:31.0365 0x10c0  IPBusEnum - ok
00:54:31.0368 0x10c0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:54:31.0370 0x10c0  IpFilterDriver - ok
00:54:31.0379 0x10c0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:54:31.0388 0x10c0  iphlpsvc - ok
00:54:31.0391 0x10c0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:54:31.0392 0x10c0  IPMIDRV - ok
00:54:31.0396 0x10c0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:54:31.0398 0x10c0  IPNAT - ok
00:54:31.0409 0x10c0  [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
00:54:31.0418 0x10c0  iPod Service - ok
00:54:31.0421 0x10c0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:54:31.0421 0x10c0  IRENUM - ok
00:54:31.0423 0x10c0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:54:31.0424 0x10c0  isapnp - ok
00:54:31.0430 0x10c0  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:54:31.0434 0x10c0  iScsiPrt - ok
00:54:31.0439 0x10c0  [ 166FC0B36842135BC2D3C32DF70ED0D6, 83319957ECEFFF372C683C56DC6ECD34CD4B16A98F3F602E48108B124D07D975 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
00:54:31.0441 0x10c0  jhi_service - ok
00:54:31.0444 0x10c0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:54:31.0445 0x10c0  kbdclass - ok
00:54:31.0447 0x10c0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:54:31.0448 0x10c0  kbdhid - ok
00:54:31.0450 0x10c0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
00:54:31.0451 0x10c0  KeyIso - ok
00:54:31.0454 0x10c0  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:54:31.0456 0x10c0  KSecDD - ok
00:54:31.0460 0x10c0  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:54:31.0462 0x10c0  KSecPkg - ok
00:54:31.0464 0x10c0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:54:31.0465 0x10c0  ksthunk - ok
00:54:31.0472 0x10c0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:54:31.0478 0x10c0  KtmRm - ok
00:54:31.0483 0x10c0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
00:54:31.0487 0x10c0  LanmanServer - ok
00:54:31.0491 0x10c0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:54:31.0494 0x10c0  LanmanWorkstation - ok
00:54:31.0497 0x10c0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:54:31.0498 0x10c0  lltdio - ok
00:54:31.0505 0x10c0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:54:31.0510 0x10c0  lltdsvc - ok
00:54:31.0512 0x10c0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:54:31.0513 0x10c0  lmhosts - ok
00:54:31.0518 0x10c0  [ C56E64BA70DC822B84D100A6F8D690D3, 1F511FBDDDD6E8CC83C8D0BD152BBE8C4C9E103D2DDED93564DC0FB9962DD040 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:54:31.0523 0x10c0  LMS - ok
00:54:31.0527 0x10c0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
00:54:31.0529 0x10c0  LSI_FC - ok
00:54:31.0532 0x10c0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
00:54:31.0534 0x10c0  LSI_SAS - ok
00:54:31.0537 0x10c0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
00:54:31.0538 0x10c0  LSI_SAS2 - ok
00:54:31.0542 0x10c0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
00:54:31.0544 0x10c0  LSI_SCSI - ok
00:54:31.0547 0x10c0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
00:54:31.0549 0x10c0  luafv - ok
00:54:31.0551 0x10c0  [ 07389F6925E490D2DB7882110E99921C, AD316EE8A47B6EDD1AB1E1E7DDE2BC69DC0E342144F5B74C96E9494F847B1B7E ] lvpepf64        C:\Windows\system32\DRIVERS\lv302a64.sys
00:54:31.0552 0x10c0  lvpepf64 - ok
00:54:31.0565 0x10c0  [ 7F0BA3A6E8996F15693C6B7D81DA049E, 96925ABA3A9C5FD2CF9ECBDC4ED8E94033EB1C53DD03F28102E83EEF327777E6 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
00:54:31.0573 0x10c0  LVRS64 - ok
00:54:31.0577 0x10c0  [ 5C3FF68267A5D242EE79EE01B993D6CE, 853637AC30A16698F2F583693E98B67104ECE5B8F80C6FB88266665162623B92 ] LVUSBS64        C:\Windows\system32\drivers\LVUSBS64.sys
00:54:31.0577 0x10c0  LVUSBS64 - ok
00:54:31.0580 0x10c0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:54:31.0583 0x10c0  Mcx2Svc - ok
00:54:31.0585 0x10c0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
00:54:31.0586 0x10c0  megasas - ok
00:54:31.0592 0x10c0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
00:54:31.0597 0x10c0  MegaSR - ok
00:54:31.0600 0x10c0  [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
00:54:31.0601 0x10c0  MEIx64 - ok
00:54:31.0603 0x10c0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
00:54:31.0605 0x10c0  MMCSS - ok
00:54:31.0607 0x10c0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
00:54:31.0608 0x10c0  Modem - ok
00:54:31.0610 0x10c0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:54:31.0611 0x10c0  monitor - ok
00:54:31.0613 0x10c0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:54:31.0614 0x10c0  mouclass - ok
00:54:31.0616 0x10c0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:54:31.0617 0x10c0  mouhid - ok
00:54:31.0620 0x10c0  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:54:31.0622 0x10c0  mountmgr - ok
00:54:31.0625 0x10c0  [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:54:31.0627 0x10c0  MozillaMaintenance - ok
00:54:31.0633 0x10c0  [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
00:54:31.0637 0x10c0  MpFilter - ok
00:54:31.0641 0x10c0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:54:31.0644 0x10c0  mpio - ok
00:54:31.0647 0x10c0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:54:31.0648 0x10c0  mpsdrv - ok
00:54:31.0662 0x10c0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:54:31.0674 0x10c0  MpsSvc - ok
00:54:31.0678 0x10c0  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:54:31.0681 0x10c0  MRxDAV - ok
00:54:31.0685 0x10c0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:54:31.0688 0x10c0  mrxsmb - ok
00:54:31.0694 0x10c0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:54:31.0698 0x10c0  mrxsmb10 - ok
00:54:31.0702 0x10c0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:54:31.0704 0x10c0  mrxsmb20 - ok
00:54:31.0706 0x10c0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:54:31.0707 0x10c0  msahci - ok
00:54:31.0711 0x10c0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:54:31.0713 0x10c0  msdsm - ok
00:54:31.0717 0x10c0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
00:54:31.0720 0x10c0  MSDTC - ok
00:54:31.0724 0x10c0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:54:31.0725 0x10c0  Msfs - ok
00:54:31.0726 0x10c0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:54:31.0727 0x10c0  mshidkmdf - ok
00:54:31.0729 0x10c0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:54:31.0730 0x10c0  msisadrv - ok
00:54:31.0734 0x10c0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:54:31.0737 0x10c0  MSiSCSI - ok
00:54:31.0739 0x10c0  msiserver - ok
00:54:31.0741 0x10c0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:54:31.0741 0x10c0  MSKSSRV - ok
00:54:31.0745 0x10c0  [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
00:54:31.0745 0x10c0  MsMpSvc - ok
00:54:31.0747 0x10c0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:54:31.0748 0x10c0  MSPCLOCK - ok
00:54:31.0750 0x10c0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:54:31.0750 0x10c0  MSPQM - ok
00:54:31.0757 0x10c0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:54:31.0763 0x10c0  MsRPC - ok
00:54:31.0766 0x10c0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
00:54:31.0766 0x10c0  mssmbios - ok
00:54:31.0768 0x10c0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:54:31.0769 0x10c0  MSTEE - ok
00:54:31.0771 0x10c0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
00:54:31.0772 0x10c0  MTConfig - ok
00:54:31.0774 0x10c0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
00:54:31.0775 0x10c0  Mup - ok
00:54:31.0783 0x10c0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
00:54:31.0790 0x10c0  napagent - ok
00:54:31.0797 0x10c0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:54:31.0802 0x10c0  NativeWifiP - ok
00:54:31.0817 0x10c0  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:54:31.0830 0x10c0  NDIS - ok
00:54:31.0832 0x10c0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:54:31.0833 0x10c0  NdisCap - ok
00:54:31.0836 0x10c0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:54:31.0836 0x10c0  NdisTapi - ok
00:54:31.0839 0x10c0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:54:31.0840 0x10c0  Ndisuio - ok
00:54:31.0844 0x10c0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:54:31.0847 0x10c0  NdisWan - ok
00:54:31.0850 0x10c0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:54:31.0851 0x10c0  NDProxy - ok
00:54:31.0853 0x10c0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:54:31.0855 0x10c0  NetBIOS - ok
00:54:31.0860 0x10c0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:54:31.0863 0x10c0  NetBT - ok
00:54:31.0866 0x10c0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
00:54:31.0867 0x10c0  Netlogon - ok
00:54:31.0873 0x10c0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
00:54:31.0879 0x10c0  Netman - ok
00:54:31.0882 0x10c0  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:54:31.0885 0x10c0  NetMsmqActivator - ok
00:54:31.0888 0x10c0  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:54:31.0889 0x10c0  NetPipeActivator - ok
00:54:31.0898 0x10c0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
00:54:31.0905 0x10c0  netprofm - ok
00:54:31.0919 0x10c0  [ 618C55B392238B9467F9113E13525C49, 304A77EF3E1E7A1738E5A4F6A911B4DF736CEF4867C6F07CA71E227048E90370 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
00:54:31.0931 0x10c0  netr28ux - ok
00:54:31.0934 0x10c0  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:54:31.0936 0x10c0  NetTcpActivator - ok
00:54:31.0939 0x10c0  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:54:31.0940 0x10c0  NetTcpPortSharing - ok
00:54:31.0943 0x10c0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
00:54:31.0944 0x10c0  nfrd960 - ok
00:54:31.0949 0x10c0  [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:54:31.0950 0x10c0  NisDrv - ok
00:54:31.0957 0x10c0  [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
00:54:31.0962 0x10c0  NisSrv - ok
00:54:31.0968 0x10c0  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:54:31.0973 0x10c0  NlaSvc - ok
00:54:31.0976 0x10c0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:54:31.0977 0x10c0  Npfs - ok
00:54:31.0979 0x10c0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
00:54:31.0981 0x10c0  nsi - ok
00:54:31.0983 0x10c0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:54:31.0983 0x10c0  nsiproxy - ok
00:54:32.0009 0x10c0  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:54:32.0031 0x10c0  Ntfs - ok
00:54:32.0034 0x10c0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
00:54:32.0035 0x10c0  Null - ok
00:54:32.0040 0x10c0  [ 554964B900AE2954B8B589B6287034AC, C6C9EA3ADAFEBBF2AF944E4A0656BD795AD37706008CC0CA3F2150BD709476E7 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
00:54:32.0042 0x10c0  NVHDA - ok
00:54:32.0210 0x10c0  [ E71E299FF15390E585BACF2C18F55078, 7A51D989DA55349B1761839DEAFD593B6E6F88C433B132E7B027467E050FBA67 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:54:32.0346 0x10c0  nvlddmkm - ok
00:54:32.0375 0x10c0  [ 1D3878E5722F0AB3C22D04E88AC4AC55, F36048FA1CDDA5065AD1DEF1F08A241D1859A1BC199B073DCD1C355257A97D7C ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
00:54:32.0394 0x10c0  NvNetworkService - ok
00:54:32.0399 0x10c0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:54:32.0401 0x10c0  nvraid - ok
00:54:32.0406 0x10c0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:54:32.0409 0x10c0  nvstor - ok
00:54:32.0628 0x10c0  [ 34F09EE6871318C287E65949A683B198, 0ADD3DC6BFE77C932913A3D8C227FBBBC81100B94B5E3CEFD430DE1B2F09E3AE ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
00:54:32.0843 0x10c0  NvStreamSvc - ok
00:54:32.0868 0x10c0  [ 415695F5A54E91E869EEBFEA261361A6, 1829C15E07D902686171C8A66EB03040A037CAC1E00E24BF598030D9DA795CEC ] nvsvc           C:\Windows\system32\nvvsvc.exe
00:54:32.0881 0x10c0  nvsvc - ok
00:54:32.0884 0x10c0  [ E54A699931F73E52C6DA2DA2776BA98D, F600F4C5535F9C170265EF0B6BEE9D03F19A07A6A7B45FD606B2E64D085CA0BF ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
00:54:32.0885 0x10c0  nvvad_WaveExtensible - ok
00:54:32.0888 0x10c0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:54:32.0890 0x10c0  nv_agp - ok
00:54:32.0893 0x10c0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:54:32.0895 0x10c0  ohci1394 - ok
00:54:32.0901 0x10c0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:54:32.0907 0x10c0  p2pimsvc - ok
00:54:32.0915 0x10c0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
00:54:32.0922 0x10c0  p2psvc - ok
00:54:32.0925 0x10c0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
00:54:32.0927 0x10c0  Parport - ok
00:54:32.0930 0x10c0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:54:32.0931 0x10c0  partmgr - ok
00:54:32.0936 0x10c0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:54:32.0939 0x10c0  PcaSvc - ok
00:54:32.0944 0x10c0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
00:54:32.0947 0x10c0  pci - ok
00:54:32.0949 0x10c0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
00:54:32.0950 0x10c0  pciide - ok
00:54:32.0954 0x10c0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
00:54:32.0958 0x10c0  pcmcia - ok
00:54:32.0961 0x10c0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:54:32.0962 0x10c0  pcw - ok
00:54:32.0972 0x10c0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:54:32.0981 0x10c0  PEAUTH - ok
00:54:33.0002 0x10c0  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
00:54:33.0021 0x10c0  PeerDistSvc - ok
00:54:33.0040 0x10c0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:54:33.0041 0x10c0  PerfHost - ok
00:54:33.0085 0x10c0  [ 087A343DFC337F37723DD7912DE6B6CD, AE11C28A01D4FC2CCB36C5956D9414AEBA8AFC4A868047CC691F32CF31E44AAC ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V64.SYS
00:54:33.0113 0x10c0  PID_PEPI - ok
00:54:33.0136 0x10c0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
00:54:33.0156 0x10c0  pla - ok
00:54:33.0164 0x10c0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:54:33.0170 0x10c0  PlugPlay - ok
00:54:33.0173 0x10c0  PnkBstrA - ok
00:54:33.0175 0x10c0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:54:33.0177 0x10c0  PNRPAutoReg - ok
00:54:33.0183 0x10c0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:54:33.0187 0x10c0  PNRPsvc - ok
00:54:33.0196 0x10c0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:54:33.0204 0x10c0  PolicyAgent - ok
00:54:33.0209 0x10c0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
00:54:33.0212 0x10c0  Power - ok
00:54:33.0216 0x10c0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:54:33.0218 0x10c0  PptpMiniport - ok
00:54:33.0220 0x10c0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
00:54:33.0222 0x10c0  Processor - ok
00:54:33.0227 0x10c0  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:54:33.0230 0x10c0  ProfSvc - ok
00:54:33.0233 0x10c0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
00:54:33.0233 0x10c0  ProtectedStorage - ok
00:54:33.0237 0x10c0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:54:33.0239 0x10c0  Psched - ok
00:54:33.0262 0x10c0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
00:54:33.0283 0x10c0  ql2300 - ok
00:54:33.0288 0x10c0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
00:54:33.0290 0x10c0  ql40xx - ok
00:54:33.0296 0x10c0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
00:54:33.0300 0x10c0  QWAVE - ok
00:54:33.0303 0x10c0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:54:33.0303 0x10c0  QWAVEdrv - ok
00:54:33.0305 0x10c0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:54:33.0306 0x10c0  RasAcd - ok
00:54:33.0309 0x10c0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:54:33.0310 0x10c0  RasAgileVpn - ok
00:54:33.0314 0x10c0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
00:54:33.0316 0x10c0  RasAuto - ok
00:54:33.0320 0x10c0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:54:33.0322 0x10c0  Rasl2tp - ok
00:54:33.0329 0x10c0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
00:54:33.0334 0x10c0  RasMan - ok
00:54:33.0337 0x10c0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:54:33.0339 0x10c0  RasPppoe - ok
00:54:33.0342 0x10c0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:54:33.0344 0x10c0  RasSstp - ok
00:54:33.0350 0x10c0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:54:33.0354 0x10c0  rdbss - ok
00:54:33.0356 0x10c0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:54:33.0357 0x10c0  rdpbus - ok
00:54:33.0359 0x10c0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:54:33.0360 0x10c0  RDPCDD - ok
00:54:33.0364 0x10c0  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
00:54:33.0367 0x10c0  RDPDR - ok
00:54:33.0369 0x10c0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:54:33.0369 0x10c0  RDPENCDD - ok
00:54:33.0372 0x10c0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:54:33.0372 0x10c0  RDPREFMP - ok
00:54:33.0375 0x10c0  [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:54:33.0376 0x10c0  RdpVideoMiniport - ok
00:54:33.0381 0x10c0  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:54:33.0384 0x10c0  RDPWD - ok
00:54:33.0389 0x10c0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:54:33.0392 0x10c0  rdyboost - ok
00:54:33.0395 0x10c0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:54:33.0398 0x10c0  RemoteAccess - ok
00:54:33.0402 0x10c0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:54:33.0405 0x10c0  RemoteRegistry - ok
00:54:33.0408 0x10c0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:54:33.0410 0x10c0  RpcEptMapper - ok
00:54:33.0412 0x10c0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
00:54:33.0413 0x10c0  RpcLocator - ok
00:54:33.0422 0x10c0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
00:54:33.0428 0x10c0  RpcSs - ok
00:54:33.0431 0x10c0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:54:33.0433 0x10c0  rspndr - ok
00:54:33.0435 0x10c0  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
00:54:33.0435 0x10c0  s3cap - ok
00:54:33.0438 0x10c0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
00:54:33.0438 0x10c0  SamSs - ok
00:54:33.0441 0x10c0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:54:33.0443 0x10c0  sbp2port - ok
00:54:33.0449 0x10c0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:54:33.0453 0x10c0  SCardSvr - ok
00:54:33.0455 0x10c0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:54:33.0456 0x10c0  scfilter - ok
00:54:33.0473 0x10c0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
00:54:33.0488 0x10c0  Schedule - ok
00:54:33.0492 0x10c0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:54:33.0493 0x10c0  SCPolicySvc - ok
00:54:33.0498 0x10c0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:54:33.0501 0x10c0  SDRSVC - ok
00:54:33.0504 0x10c0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:54:33.0504 0x10c0  secdrv - ok
00:54:33.0507 0x10c0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
00:54:33.0508 0x10c0  seclogon - ok
00:54:33.0511 0x10c0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
00:54:33.0513 0x10c0  SENS - ok
00:54:33.0515 0x10c0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:54:33.0517 0x10c0  SensrSvc - ok
00:54:33.0519 0x10c0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:54:33.0520 0x10c0  Serenum - ok
00:54:33.0523 0x10c0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:54:33.0524 0x10c0  Serial - ok
00:54:33.0526 0x10c0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
00:54:33.0527 0x10c0  sermouse - ok
00:54:33.0533 0x10c0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
00:54:33.0536 0x10c0  SessionEnv - ok
00:54:33.0538 0x10c0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:54:33.0539 0x10c0  sffdisk - ok
00:54:33.0541 0x10c0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:54:33.0542 0x10c0  sffp_mmc - ok
00:54:33.0543 0x10c0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:54:33.0544 0x10c0  sffp_sd - ok
00:54:33.0547 0x10c0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
00:54:33.0548 0x10c0  sfloppy - ok
00:54:33.0554 0x10c0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:54:33.0560 0x10c0  SharedAccess - ok
00:54:33.0567 0x10c0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:54:33.0573 0x10c0  ShellHWDetection - ok
00:54:33.0576 0x10c0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
00:54:33.0577 0x10c0  SiSRaid2 - ok
00:54:33.0580 0x10c0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:54:33.0582 0x10c0  SiSRaid4 - ok
00:54:33.0585 0x10c0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:54:33.0587 0x10c0  Smb - ok
00:54:33.0590 0x10c0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:54:33.0592 0x10c0  SNMPTRAP - ok
00:54:33.0594 0x10c0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:54:33.0594 0x10c0  spldr - ok
00:54:33.0604 0x10c0  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
00:54:33.0612 0x10c0  Spooler - ok
00:54:33.0662 0x10c0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
00:54:33.0710 0x10c0  sppsvc - ok
00:54:33.0715 0x10c0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:54:33.0718 0x10c0  sppuinotify - ok
00:54:33.0726 0x10c0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:54:33.0733 0x10c0  srv - ok
00:54:33.0741 0x10c0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:54:33.0747 0x10c0  srv2 - ok
00:54:33.0752 0x10c0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:54:33.0755 0x10c0  srvnet - ok
00:54:33.0760 0x10c0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:54:33.0763 0x10c0  SSDPSRV - ok
00:54:33.0767 0x10c0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:54:33.0769 0x10c0  SstpSvc - ok
00:54:33.0779 0x10c0  [ C3D855CC0A8E5E373FDFCF4F743C5C9D, 8DFDD2470DCCC63FCF1621B6B3A996285C75EE330BE8AC905B2176E5DE52C150 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
00:54:33.0787 0x10c0  Steam Client Service - ok
00:54:33.0795 0x10c0  [ A9D26626BEADF5A0641BF6B5095EF309, EABC711466FECA20058D7E24CA2593059E1F113B38A2E7574822E48BFBBF4146 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
00:54:33.0801 0x10c0  Stereo Service - ok
00:54:33.0803 0x10c0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
00:54:33.0804 0x10c0  stexstor - ok
00:54:33.0815 0x10c0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
00:54:33.0823 0x10c0  stisvc - ok
00:54:33.0826 0x10c0  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
00:54:33.0827 0x10c0  storflt - ok
00:54:33.0830 0x10c0  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
00:54:33.0831 0x10c0  storvsc - ok
00:54:33.0833 0x10c0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:54:33.0834 0x10c0  swenum - ok
00:54:33.0844 0x10c0  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:54:33.0851 0x10c0  SwitchBoard - ok
00:54:33.0861 0x10c0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
00:54:33.0869 0x10c0  swprv - ok
00:54:33.0873 0x10c0  [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc      C:\Windows\system32\drivers\Synth3dVsc.sys
00:54:33.0875 0x10c0  Synth3dVsc - ok
00:54:33.0900 0x10c0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
00:54:33.0925 0x10c0  SysMain - ok
00:54:33.0929 0x10c0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:54:33.0932 0x10c0  TabletInputService - ok
00:54:33.0938 0x10c0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:54:33.0943 0x10c0  TapiSrv - ok
00:54:33.0946 0x10c0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
00:54:33.0948 0x10c0  TBS - ok
00:54:33.0976 0x10c0  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:54:34.0002 0x10c0  Tcpip - ok
00:54:34.0032 0x10c0  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:54:34.0052 0x10c0  TCPIP6 - ok
00:54:34.0057 0x10c0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:54:34.0058 0x10c0  tcpipreg - ok
00:54:34.0061 0x10c0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:54:34.0062 0x10c0  TDPIPE - ok
00:54:34.0064 0x10c0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:54:34.0064 0x10c0  TDTCP - ok
00:54:34.0068 0x10c0  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:54:34.0070 0x10c0  tdx - ok
00:54:34.0072 0x10c0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:54:34.0073 0x10c0  TermDD - ok
00:54:34.0076 0x10c0  [ 2B5BDFF688EC9871D7EC5837833374E9, BD6C629FA2938987ABF95B790B20F0B7D4D023D5013E575F343A802D6213074E ] terminpt        C:\Windows\system32\drivers\terminpt.sys
00:54:34.0077 0x10c0  terminpt - ok
00:54:34.0089 0x10c0  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
00:54:34.0099 0x10c0  TermService - ok
00:54:34.0102 0x10c0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
00:54:34.0104 0x10c0  Themes - ok
00:54:34.0106 0x10c0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
00:54:34.0108 0x10c0  THREADORDER - ok
00:54:34.0111 0x10c0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
00:54:34.0114 0x10c0  TrkWks - ok
00:54:34.0119 0x10c0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:54:34.0122 0x10c0  TrustedInstaller - ok
00:54:34.0125 0x10c0  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:54:34.0127 0x10c0  tssecsrv - ok
00:54:34.0130 0x10c0  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:54:34.0131 0x10c0  TsUsbFlt - ok
00:54:34.0133 0x10c0  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
00:54:34.0134 0x10c0  TsUsbGD - ok
00:54:34.0138 0x10c0  [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
00:54:34.0140 0x10c0  tsusbhub - ok
00:54:34.0143 0x10c0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:54:34.0146 0x10c0  tunnel - ok
00:54:34.0148 0x10c0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:54:34.0150 0x10c0  uagp35 - ok
00:54:34.0156 0x10c0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:54:34.0161 0x10c0  udfs - ok
00:54:34.0165 0x10c0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:54:34.0167 0x10c0  UI0Detect - ok
00:54:34.0170 0x10c0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:54:34.0171 0x10c0  uliagpkx - ok
00:54:34.0174 0x10c0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:54:34.0175 0x10c0  umbus - ok
00:54:34.0177 0x10c0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
00:54:34.0177 0x10c0  UmPass - ok
00:54:34.0182 0x10c0  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
00:54:34.0186 0x10c0  UmRdpService - ok
00:54:34.0194 0x10c0  [ 0F9E1BC7E2BEA1A4108EC9736CF0C2D9, 0D256DC2A6B867E7077DD3A5C18FF0345D2FEEC7A2245B037530761248BC9FB1 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:54:34.0199 0x10c0  UNS - ok
00:54:34.0206 0x10c0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
00:54:34.0213 0x10c0  upnphost - ok
00:54:34.0216 0x10c0  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
00:54:34.0217 0x10c0  USBAAPL64 - ok
00:54:34.0221 0x10c0  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
00:54:34.0223 0x10c0  usbaudio - ok
00:54:34.0226 0x10c0  [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:54:34.0228 0x10c0  usbccgp - ok
00:54:34.0231 0x10c0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:54:34.0233 0x10c0  usbcir - ok
00:54:34.0236 0x10c0  [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci         C:\Windows\system32\drivers\usbehci.sys
00:54:34.0237 0x10c0  usbehci - ok
00:54:34.0244 0x10c0  [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:54:34.0250 0x10c0  usbhub - ok
00:54:34.0252 0x10c0  [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:54:34.0253 0x10c0  usbohci - ok
00:54:34.0255 0x10c0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
00:54:34.0256 0x10c0  usbprint - ok
00:54:34.0259 0x10c0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:54:34.0261 0x10c0  USBSTOR - ok
00:54:34.0263 0x10c0  [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
00:54:34.0264 0x10c0  usbuhci - ok
00:54:34.0267 0x10c0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
00:54:34.0269 0x10c0  UxSms - ok
00:54:34.0271 0x10c0  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
00:54:34.0272 0x10c0  VaultSvc - ok
00:54:34.0274 0x10c0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:54:34.0275 0x10c0  vdrvroot - ok
00:54:34.0284 0x10c0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
00:54:34.0292 0x10c0  vds - ok
00:54:34.0295 0x10c0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:54:34.0296 0x10c0  vga - ok
00:54:34.0299 0x10c0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:54:34.0299 0x10c0  VgaSave - ok
00:54:34.0301 0x10c0  VGPU - ok
00:54:34.0306 0x10c0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:54:34.0309 0x10c0  vhdmp - ok
00:54:34.0312 0x10c0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:54:34.0313 0x10c0  viaide - ok
00:54:34.0317 0x10c0  [ ABAD6959CF4448E0CBA3D291870A3C09, 7C87DF86665EC5A96A8E95606FC5C801AB7AD100EB9AD563FB8CF4F3CA1CABC3 ] vm3dmp          C:\Windows\system32\DRIVERS\vm3dmp.sys
00:54:34.0319 0x10c0  vm3dmp - ok
00:54:34.0324 0x10c0  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
00:54:34.0327 0x10c0  vmbus - ok
00:54:34.0329 0x10c0  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
00:54:34.0330 0x10c0  VMBusHID - ok
00:54:34.0332 0x10c0  vmci - ok
00:54:34.0334 0x10c0  [ 4FD691FC69C1060A587CEF75CAFC462E, B95923A4AA80365F2D01130FEB851EF3353731EA1D5854E49DAC37CEE5F18C7A ] vmmouse         C:\Windows\system32\DRIVERS\vmmouse.sys
00:54:34.0335 0x10c0  vmmouse - ok
00:54:34.0338 0x10c0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:54:34.0339 0x10c0  volmgr - ok
00:54:34.0346 0x10c0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:54:34.0351 0x10c0  volmgrx - ok
00:54:34.0357 0x10c0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:54:34.0361 0x10c0  volsnap - ok
00:54:34.0366 0x10c0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
00:54:34.0368 0x10c0  vsmraid - ok
00:54:34.0392 0x10c0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
00:54:34.0415 0x10c0  VSS - ok
00:54:34.0418 0x10c0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
00:54:34.0419 0x10c0  vwifibus - ok
00:54:34.0421 0x10c0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
00:54:34.0423 0x10c0  vwififlt - ok
00:54:34.0430 0x10c0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
00:54:34.0437 0x10c0  W32Time - ok
00:54:34.0440 0x10c0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
00:54:34.0441 0x10c0  WacomPen - ok
00:54:34.0444 0x10c0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:54:34.0446 0x10c0  WANARP - ok
00:54:34.0448 0x10c0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:54:34.0450 0x10c0  Wanarpv6 - ok
00:54:34.0469 0x10c0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
00:54:34.0487 0x10c0  WatAdminSvc - ok
00:54:34.0510 0x10c0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
00:54:34.0531 0x10c0  wbengine - ok
00:54:34.0537 0x10c0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:54:34.0541 0x10c0  WbioSrvc - ok
00:54:34.0548 0x10c0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:54:34.0554 0x10c0  wcncsvc - ok
00:54:34.0557 0x10c0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:54:34.0559 0x10c0  WcsPlugInService - ok
00:54:34.0561 0x10c0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
00:54:34.0562 0x10c0  Wd - ok
00:54:34.0574 0x10c0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:54:34.0586 0x10c0  Wdf01000 - ok
00:54:34.0589 0x10c0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:54:34.0592 0x10c0  WdiServiceHost - ok
00:54:34.0594 0x10c0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:54:34.0596 0x10c0  WdiSystemHost - ok
00:54:34.0602 0x10c0  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
00:54:34.0607 0x10c0  WebClient - ok
00:54:34.0612 0x10c0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:54:34.0616 0x10c0  Wecsvc - ok
00:54:34.0620 0x10c0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:54:34.0622 0x10c0  wercplsupport - ok
00:54:34.0625 0x10c0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:54:34.0628 0x10c0  WerSvc - ok
00:54:34.0630 0x10c0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:54:34.0631 0x10c0  WfpLwf - ok
00:54:34.0633 0x10c0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:54:34.0634 0x10c0  WIMMount - ok
00:54:34.0635 0x10c0  WinDefend - ok
00:54:34.0639 0x10c0  WinHttpAutoProxySvc - ok
00:54:34.0648 0x10c0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:54:34.0651 0x10c0  Winmgmt - ok
00:54:34.0681 0x10c0  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
00:54:34.0709 0x10c0  WinRM - ok
00:54:34.0715 0x10c0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
00:54:34.0720 0x10c0  WinUsb - ok
00:54:34.0735 0x10c0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:54:34.0747 0x10c0  Wlansvc - ok
00:54:34.0750 0x10c0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:54:34.0751 0x10c0  WmiAcpi - ok
00:54:34.0757 0x10c0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:54:34.0760 0x10c0  wmiApSrv - ok
00:54:34.0762 0x10c0  WMPNetworkSvc - ok
00:54:34.0764 0x10c0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:54:34.0766 0x10c0  WPCSvc - ok
00:54:34.0773 0x10c0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:54:34.0776 0x10c0  WPDBusEnum - ok
00:54:34.0778 0x10c0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:54:34.0779 0x10c0  ws2ifsl - ok
00:54:34.0783 0x10c0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
00:54:34.0785 0x10c0  wscsvc - ok
00:54:34.0787 0x10c0  WSearch - ok
00:54:34.0822 0x10c0  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:54:34.0856 0x10c0  wuauserv - ok
00:54:34.0861 0x10c0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:54:34.0863 0x10c0  WudfPf - ok
00:54:34.0868 0x10c0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:54:34.0871 0x10c0  WUDFRd - ok
00:54:34.0874 0x10c0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:54:34.0876 0x10c0  wudfsvc - ok
00:54:34.0882 0x10c0  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:54:34.0886 0x10c0  WwanSvc - ok
00:54:34.0890 0x10c0  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
00:54:34.0892 0x10c0  xusb21 - ok
00:54:34.0893 0x10c0  ================ Scan global ===============================
00:54:34.0895 0x10c0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
00:54:34.0901 0x10c0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
00:54:34.0909 0x10c0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
00:54:34.0914 0x10c0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
00:54:34.0921 0x10c0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
00:54:34.0925 0x10c0  [ Global ] - ok
00:54:34.0926 0x10c0  ================ Scan MBR ==================================
00:54:34.0927 0x10c0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
00:54:34.0929 0x10c0  \Device\Harddisk1\DR1 - ok
00:54:34.0931 0x10c0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:54:35.0140 0x10c0  \Device\Harddisk0\DR0 - ok
00:54:35.0143 0x10c0  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
00:54:35.0145 0x10c0  \Device\Harddisk2\DR2 - ok
00:54:35.0146 0x10c0  ================ Scan VBR ==================================
00:54:35.0147 0x10c0  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
00:54:35.0147 0x10c0  \Device\Harddisk1\DR1\Partition1 - ok
00:54:35.0148 0x10c0  [ 65352FEB7BF380F110747FF26679E8E4 ] \Device\Harddisk1\DR1\Partition2
00:54:35.0149 0x10c0  \Device\Harddisk1\DR1\Partition2 - ok
00:54:35.0150 0x10c0  [ 47334FCC35F3F3B258287ADD6BEDE704 ] \Device\Harddisk0\DR0\Partition1
00:54:35.0151 0x10c0  \Device\Harddisk0\DR0\Partition1 - ok
00:54:35.0152 0x10c0  [ 2A450EBE1D71807B23D8DAF22A991F36 ] \Device\Harddisk0\DR0\Partition2
00:54:35.0153 0x10c0  \Device\Harddisk0\DR0\Partition2 - ok
00:54:35.0155 0x10c0  [ 4E0161F55D3F42DF58E432C788573A73 ] \Device\Harddisk2\DR2\Partition1
00:54:35.0156 0x10c0  \Device\Harddisk2\DR2\Partition1 - ok
00:54:35.0156 0x10c0  Waiting for KSN requests completion. In queue: 197
00:54:36.0157 0x10c0  Waiting for KSN requests completion. In queue: 197
00:54:37.0157 0x10c0  Waiting for KSN requests completion. In queue: 197
00:54:38.0170 0x10c0  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
00:54:38.0178 0x10c0  Win FW state via NFP2: enabled
00:54:40.0686 0x10c0  ============================================================
00:54:40.0686 0x10c0  Scan finished
00:54:40.0686 0x10c0  ============================================================
00:54:40.0694 0x0678  Detected object count: 0
00:54:40.0694 0x0678  Actual detected object count: 0
 

 

 

# AdwCleaner v3.017 - Report created 15/01/2014 at 00:58:59
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Ryan - RYAN-PC
# Running from : C:\Users\Ryan\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\UpdaterEX
Key Found : [x64] HKCU\Software\UpdaterEX
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab
Key Found : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0
Key Found : HKLM\SOFTWARE\Classes\surf
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\g7oxst88.default-1385696217819\prefs.js ]

Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R0].txt - [5444 octets] - [05/11/2013 23:30:08]
AdwCleaner[R1].txt - [2738 octets] - [28/11/2013 20:40:17]
AdwCleaner[R2].txt - [2541 octets] - [15/01/2014 00:58:59]
AdwCleaner[S0].txt - [5015 octets] - [05/11/2013 23:30:52]
AdwCleaner[S1].txt - [3468 octets] - [28/11/2013 20:46:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2721 octets] ##########
 

 

# AdwCleaner v3.017 - Report created 15/01/2014 at 01:08:58
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Ryan - RYAN-PC
# Running from : C:\Users\Ryan\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab
Key Deleted : HKLM\SOFTWARE\Classes\SearchNewTab.SearchNewTab.1.0
Key Deleted : HKLM\SOFTWARE\Classes\surf
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\g7oxst88.default-1385696217819\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

*************************

AdwCleaner[R0].txt - [5444 octets] - [05/11/2013 23:30:08]
AdwCleaner[R1].txt - [2738 octets] - [28/11/2013 20:40:17]
AdwCleaner[R2].txt - [2813 octets] - [15/01/2014 00:58:59]
AdwCleaner[S0].txt - [5015 octets] - [05/11/2013 23:30:52]
AdwCleaner[S1].txt - [3468 octets] - [28/11/2013 20:46:17]
AdwCleaner[S2].txt - [2729 octets] - [15/01/2014 01:08:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2789 octets] ##########
 



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:18 PM

Posted 15 January 2014 - 11:14 AM

Hi!!
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 Birdfeather

Birdfeather
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 15 January 2014 - 11:48 AM

Here you go good sir!

 

ComboFix 14-01-14.02 - Ryan 01/15/2014   9:44.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8153.6532 [GMT -7:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkobljjhmiihnpjhojiklbjedcpaanjk
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkobljjhmiihnpjhojiklbjedcpaanjk\1.0\background.html
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkobljjhmiihnpjhojiklbjedcpaanjk\1.0\content.js
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkobljjhmiihnpjhojiklbjedcpaanjk\1.0\lsdb.js
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkobljjhmiihnpjhojiklbjedcpaanjk\1.0\manifest.json
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkobljjhmiihnpjhojiklbjedcpaanjk\1.0\newtab.html
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkobljjhmiihnpjhojiklbjedcpaanjk\1.0\sqlite.js
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkobljjhmiihnpjhojiklbjedcpaanjk\1.0\xlKSO.js
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddchfkoodmpbanfehpfgniplolfnkpl
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddchfkoodmpbanfehpfgniplolfnkpl\2.19\background.html
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddchfkoodmpbanfehpfgniplolfnkpl\2.19\content.js
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddchfkoodmpbanfehpfgniplolfnkpl\2.19\lsdb.js
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddchfkoodmpbanfehpfgniplolfnkpl\2.19\manifest.json
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddchfkoodmpbanfehpfgniplolfnkpl\2.19\O88k.js
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddchfkoodmpbanfehpfgniplolfnkpl\2.19\sqlite.js
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pookeojlchkneodljcoociokdmoemjcm
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pookeojlchkneodljcoociokdmoemjcm\1.0\background.html
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pookeojlchkneodljcoociokdmoemjcm\1.0\content.js
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pookeojlchkneodljcoociokdmoemjcm\1.0\k5oOXn.js
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pookeojlchkneodljcoociokdmoemjcm\1.0\lsdb.js
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pookeojlchkneodljcoociokdmoemjcm\1.0\manifest.json
c:\users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pookeojlchkneodljcoociokdmoemjcm\1.0\sqlite.js
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-15 to 2014-01-15  )))))))))))))))))))))))))))))))
.
.
2014-01-15 16:46 . 2014-01-15 16:46    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-15 07:38 . 2012-10-18 22:04    1930240    ----a-w-    c:\windows\system32\drivers\athurx.sys
2014-01-15 07:38 . 2012-10-18 22:04    1930240    ------w-    c:\windows\system32\athurx.sys
2014-01-15 07:36 . 2014-01-15 07:36    --------    d-----w-    c:\programdata\TP-LINK
2014-01-15 07:17 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02EC685A-2759-4626-AC8C-E59E23408F36}\mpengine.dll
2014-01-15 07:10 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-15 07:10 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-15 07:10 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-15 07:10 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-15 07:10 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-15 07:10 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-15 07:10 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-15 07:10 . 2013-11-26 11:40    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-15 07:10 . 2013-11-26 10:32    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-13 20:00 . 2014-01-13 20:00    --------    d-----w-    c:\programdata\WindSolutions
2014-01-12 23:27 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-30 05:10 . 2013-12-30 05:10    --------    d-----w-    c:\programdata\Apple Computer
2013-12-29 02:09 . 2013-12-29 02:09    --------    d-----w-    c:\programdata\DAEMON Tools Pro
2013-12-29 02:06 . 2013-12-29 02:06    --------    d-----w-    c:\programdata\Apple
2013-12-29 02:06 . 2014-01-15 16:36    --------    d-----w-    c:\programdata\NVIDIA
2013-12-21 06:14 . 2014-01-05 01:03    --------    d-----w-    c:\users\Ryan\AppData\Roaming\Bioshock
2013-12-20 21:49 . 2013-12-20 21:49    --------    d-----w-    c:\users\Ryan\AppData\Local\SKIDROW
2013-12-20 21:43 . 2013-03-26 03:33    84    ----a-w-    c:\program files (x86)\update-bioshock_Inf.bat
2013-12-20 21:43 . 2013-03-25 19:44    --------    d-----w-    c:\program files (x86)\BioShock Infinite
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 09:52 . 2012-04-15 14:32    86054176    ----a-w-    c:\windows\system32\MRT.exe
2013-12-11 07:34 . 2012-05-23 16:26    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 07:34 . 2012-05-23 16:26    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-29 16:56 . 2013-11-01 20:01    1096480    ----a-w-    c:\windows\system32\nvspcap64.dll
2013-11-29 16:56 . 2013-11-01 20:01    979744    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2013-11-29 04:28 . 2013-11-29 04:28    32512    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2013-11-26 11:54 . 2013-12-11 09:03    23183360    ----a-w-    c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 09:03    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 09:03    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 09:03    66048    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 09:03    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 09:03    2764288    ----a-w-    c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 09:03    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 09:03    33792    ----a-w-    c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 09:03    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 09:03    574976    ----a-w-    c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 09:03    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 09:03    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 09:03    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 09:03    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 09:03    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 09:03    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 09:03    4243968    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 09:03    1995264    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 09:03    12996608    ----a-w-    c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 09:03    1928192    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 09:03    2334208    ----a-w-    c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 09:03    1395200    ----a-w-    c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 09:03    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 09:03    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-11-25 23:45 . 2013-11-25 23:45    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-25 23:45 . 2013-11-25 23:45    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-11-25 23:45 . 2013-11-25 23:45    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-25 23:45 . 2013-11-25 23:45    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-11-25 23:45 . 2013-11-25 23:45    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-11-25 23:45 . 2013-11-25 23:45    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-11-25 23:45 . 2013-11-25 23:45    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-11-25 23:45 . 2013-11-25 23:45    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-11-25 23:45 . 2013-11-25 23:45    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-11-25 23:45 . 2013-11-25 23:45    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-25 23:45 . 2013-11-25 23:45    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-11-25 23:45 . 2013-11-25 23:45    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-11-25 23:45 . 2013-11-25 23:45    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-11-25 23:45 . 2013-11-25 23:45    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2013-11-25 23:45 . 2013-11-25 23:45    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-11-25 23:45 . 2013-11-25 23:45    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-11-25 23:45 . 2013-11-25 23:45    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-11-25 23:45 . 2013-11-25 23:45    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-25 23:45 . 2013-11-25 23:45    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-11-25 23:45 . 2013-11-25 23:45    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-11-25 23:45 . 2013-11-25 23:45    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-11-25 23:45 . 2013-11-25 23:45    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-11-25 23:45 . 2013-11-25 23:45    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-11-25 23:45 . 2013-11-25 23:45    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-11-25 23:45 . 2013-11-25 23:45    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-11-25 23:45 . 2013-11-25 23:45    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-11-25 23:45 . 2013-11-25 23:45    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-11-25 23:45 . 2013-11-25 23:45    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-11-25 23:45 . 2013-11-25 23:45    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-11-25 23:45 . 2013-11-25 23:45    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-11-25 23:45 . 2013-11-25 23:45    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-11-25 23:45 . 2013-11-25 23:45    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-11-25 23:45 . 2013-11-25 23:45    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-11-25 23:45 . 2013-11-25 23:45    626176    ----a-w-    c:\windows\system32\msfeeds.dll
2013-11-25 23:45 . 2013-11-25 23:45    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-11-25 23:45 . 2013-11-25 23:45    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-11-25 23:45 . 2013-11-25 23:45    548352    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-25 23:45 . 2013-11-25 23:45    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-11-25 23:45 . 2013-11-25 23:45    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-11-25 23:45 . 2013-11-25 23:45    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-11-25 23:45 . 2013-11-25 23:45    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-11-25 23:45 . 2013-11-25 23:45    413696    ----a-w-    c:\windows\system32\html.iec
2013-11-25 23:45 . 2013-11-25 23:45    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-25 23:45 . 2013-11-25 23:45    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-11-25 23:45 . 2013-11-25 23:45    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-11-25 23:45 . 2013-11-25 23:45    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-11-25 23:45 . 2013-11-25 23:45    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-11-25 23:45 . 2013-11-25 23:45    235520    ----a-w-    c:\windows\system32\url.dll
2013-11-25 23:45 . 2013-11-25 23:45    195584    ----a-w-    c:\windows\system32\msrating.dll
2013-11-25 23:45 . 2013-11-25 23:45    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-11-25 23:45 . 2013-11-25 23:45    147968    ----a-w-    c:\windows\system32\occache.dll
2013-11-25 23:45 . 2013-11-25 23:45    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-11-25 23:45 . 2013-11-25 23:45    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-11-25 23:45 . 2013-11-25 23:45    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-11-25 23:45 . 2013-11-25 23:45    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-11-25 23:45 . 2013-11-25 23:45    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-11-25 23:45 . 2013-11-25 23:45    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-11-25 23:45 . 2013-11-25 23:45    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-11-25 23:45 . 2013-11-25 23:45    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-11-23 18:26 . 2013-12-11 02:39    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 02:39    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-19 10:21 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-11 02:39    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 02:39    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-10-30 17:03 . 2013-12-06 02:34    39200    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2013-10-30 17:02 . 2013-07-30 23:17    35104    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2013-10-30 17:02 . 2013-12-06 02:34    32544    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2013-10-30 02:32 . 2013-12-11 02:39    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 02:39    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-10-23 10:30 . 2013-11-04 06:16    9524088    ----a-w-    c:\windows\SysWow64\nvcuda.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys;c:\windows\SYSNATIVE\DRIVERS\vm3dmp.sys [x]
R3 vmci;vmci;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys;c:\windows\SYSNATIVE\DRIVERS\vmmouse.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 07:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-29 1096480]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-11-29 2273056]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\g7oxst88.default-1385696217819\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-11-28 21:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\g7oxst88.default-1385696217819\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E0DCF27A-ED8B-B910-5778-2A8ADC15F410} - c:\program files (x86)\YoutubeAdblocker\spFB.dll
BHO-{E96EC74F-2ABB-B6AE-1DDE-7574F85E58D5} - c:\program files (x86)\surf aand keep\v81VT.dll
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{C69F808E-AB80-A26F-ABA9-D30B8C0DE9DD} - c:\program files (x86)\SearchNewTab\qe5.x64.dll
BHO-{E0DCF27A-ED8B-B910-5778-2A8ADC15F410} - c:\program files (x86)\YoutubeAdblocker\spFB.x64.dll
BHO-{E96EC74F-2ABB-B6AE-1DDE-7574F85E58D5} - c:\program files (x86)\surf aand keep\v81VT.x64.dll
AddRemove-ee550837-85e8-43d1-896f-da79577e7f63 - c:\progra~3\INSTAL~1\{78171~1\Setup.exe
AddRemove-Guild Wars 2 - c:\users\Ryan\Desktop\Guild Wars 2\Gw2.exe
AddRemove-S-161304646 - c:\programdata\quickset\sk.enhancer\sk.enhancer.exe
AddRemove-TmNationsForever_is1 - r:\program files (x86)\TmNationsForever\unins000.exe
AddRemove-Uplay - c:\users\Ryan\Desktop\Bates Motel\Ubisoft Game Launcher\Uninstall.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - r:\program files (x86)\Spybot - Search & Destroy\unins000.exe
AddRemove-Search Protection - c:\users\Ryan\AppData\Roaming\Search Protection\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-15  09:47:09
ComboFix-quarantined-files.txt  2014-01-15 16:47
.
Pre-Run: 17,516,470,272 bytes free
Post-Run: 17,741,611,008 bytes free
.
- - End Of File - - CF1EB3EDB0C2D57A1C7A7BFC56EE5756
A36C5E4F47E84449FF07ED3517B43A31
 



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:18 PM

Posted 15 January 2014 - 01:43 PM

Hi there.....how is your system running?  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 Birdfeather

Birdfeather
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 15 January 2014 - 01:56 PM

As far as I can tell it seems to be running better now :)



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:18 PM

Posted 15 January 2014 - 02:00 PM

Good!!

 

When you ran DDS first...was there a log made named Attach.txt?  If so, please post that.  If not, run DDS again and then when it is made post it.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 Birdfeather

Birdfeather
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 15 January 2014 - 02:18 PM

It did make one the first time and I must have forgot to post it, so here is a new one. My apologies.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 5/22/2012 11:18:22 PM
System Uptime: 1/15/2014 11:46:04 AM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | Z77-D3H
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz | Intel® Core™ i5-3570K CPU @ 3.40GHz | 3801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 16.429 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
R: is FIXED (NTFS) - 1863 GiB total, 1696.883 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&FA2F13B&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&FA2F13B&0
Service: i8042prt
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B6F&DEV_7023&SUBSYS_50071458&REV_01\4&2C8787FC&0&00E7
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B6F&DEV_7023&SUBSYS_50071458&REV_01\4&2C8787FC&0&00E7
Service:
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&FA2F13B&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&FA2F13B&0
Service: i8042prt
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_50071458&REV_04\3&11583659&0&A0
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_50071458&REV_04\3&11583659&0&A0
Service:
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2806&SUBSYS_80860101&REV_1000\4&36B8CB0&0&0301
Manufacturer: Microsoft
Name: High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2806&SUBSYS_80860101&REV_1000\4&36B8CB0&0&0301
Service: HdAudAddService
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_1969&DEV_1083&SUBSYS_E0001458&REV_C0\4&841E55&0&00E6
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_1083&SUBSYS_E0001458&REV_C0\4&841E55&0&00E6
Service:
.
==== System Restore Points ===================
.
RP263: 1/4/2014 1:07:49 AM - Windows Update
RP264: 1/7/2014 2:52:11 PM - Windows Update
RP265: 1/11/2014 12:14:11 PM - Windows Update
RP266: 1/15/2014 12:17:11 AM - Windows Update
RP267: 1/15/2014 12:38:47 AM - Installed TP-LINK Wireless Configuration Utility and Driver
RP268: 1/15/2014 2:52:26 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Reader XI (11.0.03)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assassin's Creed II
Bastion
Batman: Arkham Asylum
CCleaner
CopyTrans Suite Remove Only
Counter-Strike: Global Offensive
DAEMON Tools Pro
Diablo II
Diablo III
GeForce Experience NvStream Client Components
Guild Wars 2
Intel® Management Engine Components
Intel® Trusted Connect Service Client
IrfanView (remove only)
iTunes
Java 7 Update 45
Java Auto Updater
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework SDK (English) 1.1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mumble 1.2.3
NVIDIA 3D Vision Controller Driver 331.65
NVIDIA 3D Vision Driver 331.65
NVIDIA Control Panel 331.65
NVIDIA GeForce Experience 1.8
NVIDIA Graphics Driver 331.65
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 10.10.5
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 10.10.5
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.12
PDF Settings CS6
PeerBlock 1.1 (r518)
Portal 2 Publishing Tool
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
SHIELD Streaming
SK.Enhancer
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Steam
TmNationsForever
TP-LINK 150Mbps Wireless N USB Adapter Driver
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Uplay
VLC media player 2.0.4
Warcraft III
.
==== Event Viewer Messages From Past Week ========
.
1/15/2014 9:46:22 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
1/15/2014 9:46:00 AM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
1/15/2014 9:36:22 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291]  - SAM failed to start the TCP/IP or SPX/IPX listening thread
1/10/2014 12:59:17 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk3\DR3.
.
==== End Of File ===========================
 



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:18 PM

Posted 15 January 2014 - 03:07 PM

Hi,
 
Let's check for anything else hiding....
 
GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.
     
          A3npGzM.jpg
       
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

The log can also be found here:
 
Windows 2000 & Windows XP:
C:\Documents and Settings\<USERNAME>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs
 
Windows Vista & Win7:
C:\Users\<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
----------
 

ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 Birdfeather

Birdfeather
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 15 January 2014 - 04:20 PM

Here is the info you asked for. My computer seems to be running much better than before.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.15.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Ryan :: RYAN-PC [administrator]

1/15/2014 1:25:21 PM
mbam-log-2014-01-15 (13-25-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206507
Time elapsed: 1 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

 

 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchNewTab\qe5.dll.vir    a variant of Win32/AdWare.MultiPlug.N application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchNewTab\qe5.x64.dll.vir    a variant of Win64/Adware.MultiPlug.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\surf aand keep\v81VT.dll.vir    a variant of Win32/AdWare.MultiPlug.N application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\surf aand keep\v81VT.x64.dll.vir    a variant of Win64/Adware.MultiPlug.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebSearch\sprotector.dll.vir    a variant of Win32/SProtector.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebSearch\uninstall.exe.vir    Win32/SProtector.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutubeAdblocker\spFB.dll.vir    a variant of Win32/AdWare.MultiPlug.N application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutubeAdblocker\spFB.x64.dll.vir    a variant of Win64/Adware.MultiPlug.A application
C:\AdwCleaner\Quarantine\C\ProgramData\QuickSet\SK.Enhancer\SK.Enhancer.exe.vir    a variant of Win32/TrojanDownloader.Agent.AFD trojan
C:\AdwCleaner\Quarantine\C\ProgramData\SearchNewTab\XjXo.exe.vir    a variant of Win32/AdWare.MultiPlug.K.gen application
C:\AdwCleaner\Quarantine\C\ProgramData\surf aand keep\WFIv7r.exe.vir    a variant of Win32/AdWare.MultiPlug.K.gen application
C:\AdwCleaner\Quarantine\C\ProgramData\YoutubeAdblocker\ZeEgm.exe.vir    a variant of Win32/AdWare.MultiPlug.K.gen application
C:\AdwCleaner\Quarantine\C\Users\Ryan\AppData\Roaming\Search Protection\SearchProtection.exe.vir    a variant of Win32/Toolbar.Widgi application
C:\AdwCleaner\Quarantine\C\Users\Ryan\AppData\Roaming\Search Protection\Uninstall.exe.vir    probably a variant of Win32/Toolbar.Widgi application
C:\Program Files (x86)\Sk.Enhancer\uninstall.exe    a variant of Win32/SProtector.B application
C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkobljjhmiihnpjhojiklbjedcpaanjk\1.0\xlKSO.js.vir    Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddchfkoodmpbanfehpfgniplolfnkpl\2.19\O88k.js.vir    Win32/Adware.MultiPlug.H application
C:\Qoobox\Quarantine\C\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pookeojlchkneodljcoociokdmoemjcm\1.0\k5oOXn.js.vir    Win32/Adware.MultiPlug.H application
R:\Program Files (x86)\iTunes\Ubisoft\Assassin's Creed II\ubiorbitapi_r2.dll    a variant of Win32/Packed.VMProtect.AAA trojan
R:\Program Files (x86)\iTunes\Ubisoft\Assassins.Creed.II-SKIDROW\sr-acii.iso    a variant of Win32/Packed.VMProtect.AAA trojan
R:\Program Files (x86)\iTunes\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll    a variant of Win32/Packed.VMProtect.AAA trojan
R:\Program Files (x86)\Video Games\Assasins Creed 2\Assassin's Creed II\ubiorbitapi_r2.dll    a variant of Win32/Packed.VMProtect.AAA trojan
R:\Program Files (x86)\Video Games\Assasins Creed 2\Assassins.Creed.II-SKIDROW\sr-acii.iso    a variant of Win32/Packed.VMProtect.AAA trojan
R:\Program Files (x86)\Video Games\Assasins Creed 2\Ubisoft Game Launcher\ubiorbitapi_r2.dll    a variant of Win32/Packed.VMProtect.AAA trojan
 



#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:18 PM

Posted 15 January 2014 - 06:59 PM

Hi,
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    File::
    C:\Program Files (x86)\Sk.Enhancer\uninstall.exe
    R:\Program Files (x86)\iTunes\Ubisoft\Assassin's Creed II\ubiorbitapi_r2.dll    
    R:\Program Files (x86)\iTunes\Ubisoft\Assassins.Creed.II-SKIDROW\sr-acii.iso    
    R:\Program Files (x86)\iTunes\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll    
    R:\Program Files (x86)\Video Games\Assasins Creed 2\Assassin's Creed II\ubiorbitapi_r2.dll    
    R:\Program Files (x86)\Video Games\Assasins Creed 2\Assassins.Creed.II-SKIDROW\sr-acii.iso    
    R:\Program Files (x86)\Video Games\Assasins Creed 2\Ubisoft Game Launcher\ubiorbitapi_r2.dll

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Post the new ComboFix log and also let me know what remaining malware related problems you are having.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 Birdfeather

Birdfeather
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 15 January 2014 - 09:56 PM

My apologies for the delay, I had to wait until after work to post this log.

 

ComboFix 14-01-14.02 - Ryan 01/15/2014  19:52:23.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8153.6362 [GMT -7:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
Command switches used :: c:\users\Ryan\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-16 to 2014-01-16  )))))))))))))))))))))))))))))))
.
.
2014-01-16 02:54 . 2014-01-16 02:54    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-15 20:24 . 2014-01-15 20:24    --------    d-----w-    c:\programdata\Malwarebytes
2014-01-15 18:48 . 2014-01-15 18:48    --------    d-----w-    c:\users\Ryan\AppData\Local\Diagnostics
2014-01-15 16:51 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{662D0754-C8A2-4A25-9CE2-2486C95D6513}\mpengine.dll
2014-01-15 07:38 . 2012-10-18 22:04    1930240    ----a-w-    c:\windows\system32\drivers\athurx.sys
2014-01-15 07:38 . 2012-10-18 22:04    1930240    ------w-    c:\windows\system32\athurx.sys
2014-01-15 07:36 . 2014-01-15 07:36    --------    d-----w-    c:\programdata\TP-LINK
2014-01-15 07:10 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-15 07:10 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-15 07:10 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-15 07:10 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-15 07:10 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-15 07:10 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-15 07:10 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-15 07:10 . 2013-11-26 11:40    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-15 07:10 . 2013-11-26 10:32    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-13 20:00 . 2014-01-13 20:00    --------    d-----w-    c:\programdata\WindSolutions
2014-01-12 23:27 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-30 05:10 . 2013-12-30 05:10    --------    d-----w-    c:\programdata\Apple Computer
2013-12-29 02:09 . 2013-12-29 02:09    --------    d-----w-    c:\programdata\DAEMON Tools Pro
2013-12-29 02:06 . 2013-12-29 02:06    --------    d-----w-    c:\programdata\Apple
2013-12-29 02:06 . 2014-01-16 02:44    --------    d-----w-    c:\programdata\NVIDIA
2013-12-21 06:14 . 2014-01-05 01:03    --------    d-----w-    c:\users\Ryan\AppData\Roaming\Bioshock
2013-12-20 21:49 . 2013-12-20 21:49    --------    d-----w-    c:\users\Ryan\AppData\Local\SKIDROW
2013-12-20 21:43 . 2013-03-26 03:33    84    ----a-w-    c:\program files (x86)\update-bioshock_Inf.bat
2013-12-20 21:43 . 2013-03-25 19:44    --------    d-----w-    c:\program files (x86)\BioShock Infinite
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 09:52 . 2012-04-15 14:32    86054176    ----a-w-    c:\windows\system32\MRT.exe
2013-12-11 07:34 . 2012-05-23 16:26    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 07:34 . 2012-05-23 16:26    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-29 16:56 . 2013-11-01 20:01    1096480    ----a-w-    c:\windows\system32\nvspcap64.dll
2013-11-29 16:56 . 2013-11-01 20:01    979744    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2013-11-29 04:28 . 2013-11-29 04:28    32512    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2013-11-26 11:54 . 2013-12-11 09:03    23183360    ----a-w-    c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 09:03    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 09:03    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 09:03    66048    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 09:03    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 09:03    2764288    ----a-w-    c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 09:03    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 09:03    33792    ----a-w-    c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 09:03    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 09:03    574976    ----a-w-    c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 09:03    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 09:03    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 09:03    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 09:03    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 09:03    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 09:03    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 09:03    4243968    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 09:03    1995264    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 09:03    12996608    ----a-w-    c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 09:03    1928192    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 09:03    2334208    ----a-w-    c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 09:03    1395200    ----a-w-    c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 09:03    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 09:03    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-11-25 23:45 . 2013-11-25 23:45    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-25 23:45 . 2013-11-25 23:45    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-11-25 23:45 . 2013-11-25 23:45    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-25 23:45 . 2013-11-25 23:45    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-11-25 23:45 . 2013-11-25 23:45    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-11-25 23:45 . 2013-11-25 23:45    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-11-25 23:45 . 2013-11-25 23:45    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-11-25 23:45 . 2013-11-25 23:45    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-11-25 23:45 . 2013-11-25 23:45    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-11-25 23:45 . 2013-11-25 23:45    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-25 23:45 . 2013-11-25 23:45    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-11-25 23:45 . 2013-11-25 23:45    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-11-25 23:45 . 2013-11-25 23:45    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-11-25 23:45 . 2013-11-25 23:45    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2013-11-25 23:45 . 2013-11-25 23:45    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-11-25 23:45 . 2013-11-25 23:45    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-11-25 23:45 . 2013-11-25 23:45    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-11-25 23:45 . 2013-11-25 23:45    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-25 23:45 . 2013-11-25 23:45    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-11-25 23:45 . 2013-11-25 23:45    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-11-25 23:45 . 2013-11-25 23:45    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-11-25 23:45 . 2013-11-25 23:45    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-11-25 23:45 . 2013-11-25 23:45    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-11-25 23:45 . 2013-11-25 23:45    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-11-25 23:45 . 2013-11-25 23:45    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-11-25 23:45 . 2013-11-25 23:45    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-11-25 23:45 . 2013-11-25 23:45    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-11-25 23:45 . 2013-11-25 23:45    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-11-25 23:45 . 2013-11-25 23:45    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-11-25 23:45 . 2013-11-25 23:45    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-11-25 23:45 . 2013-11-25 23:45    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-11-25 23:45 . 2013-11-25 23:45    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-11-25 23:45 . 2013-11-25 23:45    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-11-25 23:45 . 2013-11-25 23:45    626176    ----a-w-    c:\windows\system32\msfeeds.dll
2013-11-25 23:45 . 2013-11-25 23:45    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-11-25 23:45 . 2013-11-25 23:45    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-11-25 23:45 . 2013-11-25 23:45    548352    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-25 23:45 . 2013-11-25 23:45    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-11-25 23:45 . 2013-11-25 23:45    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-11-25 23:45 . 2013-11-25 23:45    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-11-25 23:45 . 2013-11-25 23:45    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-11-25 23:45 . 2013-11-25 23:45    413696    ----a-w-    c:\windows\system32\html.iec
2013-11-25 23:45 . 2013-11-25 23:45    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-25 23:45 . 2013-11-25 23:45    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-11-25 23:45 . 2013-11-25 23:45    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-11-25 23:45 . 2013-11-25 23:45    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-11-25 23:45 . 2013-11-25 23:45    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-11-25 23:45 . 2013-11-25 23:45    235520    ----a-w-    c:\windows\system32\url.dll
2013-11-25 23:45 . 2013-11-25 23:45    195584    ----a-w-    c:\windows\system32\msrating.dll
2013-11-25 23:45 . 2013-11-25 23:45    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-11-25 23:45 . 2013-11-25 23:45    147968    ----a-w-    c:\windows\system32\occache.dll
2013-11-25 23:45 . 2013-11-25 23:45    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-11-25 23:45 . 2013-11-25 23:45    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-11-25 23:45 . 2013-11-25 23:45    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-11-25 23:45 . 2013-11-25 23:45    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-11-25 23:45 . 2013-11-25 23:45    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-11-25 23:45 . 2013-11-25 23:45    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-11-25 23:45 . 2013-11-25 23:45    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-11-25 23:45 . 2013-11-25 23:45    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-11-23 18:26 . 2013-12-11 02:39    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 02:39    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-19 10:21 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-11 02:39    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 02:39    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-10-30 17:03 . 2013-12-06 02:34    39200    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2013-10-30 17:02 . 2013-07-30 23:17    35104    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2013-10-30 17:02 . 2013-12-06 02:34    32544    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2013-10-30 02:32 . 2013-12-11 02:39    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 02:39    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-10-23 10:30 . 2013-11-04 06:16    9524088    ----a-w-    c:\windows\SysWow64\nvcuda.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E0DCF27A-ED8B-B910-5778-2A8ADC15F410}]
c:\program files (x86)\YoutubeAdblocker\spFB.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E96EC74F-2ABB-B6AE-1DDE-7574F85E58D5}]
c:\program files (x86)\surf aand keep\v81VT.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys;c:\windows\SYSNATIVE\DRIVERS\vm3dmp.sys [x]
R3 vmci;vmci;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys;c:\windows\SYSNATIVE\DRIVERS\vmmouse.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 07:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C69F808E-AB80-A26F-ABA9-D30B8C0DE9DD}]
c:\program files (x86)\SearchNewTab\qe5.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-29 1096480]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-11-29 2273056]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\g7oxst88.default-1385696217819\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-11-28 21:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\g7oxst88.default-1385696217819\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ee550837-85e8-43d1-896f-da79577e7f63 - c:\progra~3\INSTAL~1\{78171~1\Setup.exe
AddRemove-Guild Wars 2 - c:\users\Ryan\Desktop\Guild Wars 2\Gw2.exe
AddRemove-S-161304646 - c:\programdata\quickset\sk.enhancer\sk.enhancer.exe
AddRemove-TmNationsForever_is1 - r:\program files (x86)\TmNationsForever\unins000.exe
AddRemove-Uplay - c:\users\Ryan\Desktop\Bates Motel\Ubisoft Game Launcher\Uninstall.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - r:\program files (x86)\Spybot - Search & Destroy\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-15  19:55:05
ComboFix-quarantined-files.txt  2014-01-16 02:55
.
Pre-Run: 16,675,708,928 bytes free
Post-Run: 16,622,641,152 bytes free
.
- - End Of File - - DF4D063A37B082AC4151EE49F9FBA2B0
A36C5E4F47E84449FF07ED3517B43A31
 



#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:18 PM

Posted 16 January 2014 - 07:58 AM

Command switches used :: c:\users\Ryan\Desktop\CFScript.txt.txt

The fix did not work because of this......please run the instructions from Reply 12 again, but this time just name the file CFScript.  The .txt will automatically be added because you will be using Notepad.  
 
Post the new log and let me know how your system is running.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 Birdfeather

Birdfeather
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 16 January 2014 - 12:59 PM

I don't know if this has effected anything badly or not but I had a power outage the first time I tried to run it again so I don't know how far it made it along but it never produced a log so I had to re-run combo fix a second time.

 

ComboFix 14-01-16.03 - Ryan 01/16/2014  10:49:43.4.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8153.6843 [GMT -7:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
Command switches used :: c:\users\Ryan\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Sk.Enhancer\uninstall.exe"
"r:\program files (x86)\iTunes\Ubisoft\Assassin's Creed II\ubiorbitapi_r2.dll"
"r:\program files (x86)\iTunes\Ubisoft\Assassins.Creed.II-SKIDROW\sr-acii.iso"
"r:\program files (x86)\iTunes\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll"
"r:\program files (x86)\Video Games\Assasins Creed 2\Assassin's Creed II\ubiorbitapi_r2.dll"
"r:\program files (x86)\Video Games\Assasins Creed 2\Assassins.Creed.II-SKIDROW\sr-acii.iso"
"r:\program files (x86)\Video Games\Assasins Creed 2\Ubisoft Game Launcher\ubiorbitapi_r2.dll"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\Sk.Enhancer\uninstall.exe
r:\program files (x86)\iTunes\Ubisoft\Assassin's Creed II\ubiorbitapi_r2.dll
r:\program files (x86)\iTunes\Ubisoft\Assassins.Creed.II-SKIDROW\sr-acii.iso
r:\program files (x86)\iTunes\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2.dll
r:\program files (x86)\Video Games\Assasins Creed 2\Assassin's Creed II\ubiorbitapi_r2.dll
r:\program files (x86)\Video Games\Assasins Creed 2\Assassins.Creed.II-SKIDROW\sr-acii.iso
r:\program files (x86)\Video Games\Assasins Creed 2\Ubisoft Game Launcher\ubiorbitapi_r2.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-16 to 2014-01-16  )))))))))))))))))))))))))))))))
.
.
2014-01-16 17:51 . 2014-01-16 17:51    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-15 20:24 . 2014-01-15 20:24    --------    d-----w-    c:\programdata\Malwarebytes
2014-01-15 18:48 . 2014-01-15 18:48    --------    d-----w-    c:\users\Ryan\AppData\Local\Diagnostics
2014-01-15 16:51 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{662D0754-C8A2-4A25-9CE2-2486C95D6513}\mpengine.dll
2014-01-15 07:38 . 2012-10-18 22:04    1930240    ----a-w-    c:\windows\system32\drivers\athurx.sys
2014-01-15 07:38 . 2012-10-18 22:04    1930240    ------w-    c:\windows\system32\athurx.sys
2014-01-15 07:36 . 2014-01-15 07:36    --------    d-----w-    c:\programdata\TP-LINK
2014-01-15 07:10 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-15 07:10 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-15 07:10 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-15 07:10 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-15 07:10 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-15 07:10 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-15 07:10 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-15 07:10 . 2013-11-26 11:40    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-15 07:10 . 2013-11-26 10:32    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-13 20:00 . 2014-01-13 20:00    --------    d-----w-    c:\programdata\WindSolutions
2014-01-12 23:27 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-30 05:10 . 2013-12-30 05:10    --------    d-----w-    c:\programdata\Apple Computer
2013-12-29 02:09 . 2013-12-29 02:09    --------    d-----w-    c:\programdata\DAEMON Tools Pro
2013-12-29 02:06 . 2013-12-29 02:06    --------    d-----w-    c:\programdata\Apple
2013-12-29 02:06 . 2014-01-16 17:30    --------    d-----w-    c:\programdata\NVIDIA
2013-12-21 06:14 . 2014-01-05 01:03    --------    d-----w-    c:\users\Ryan\AppData\Roaming\Bioshock
2013-12-20 21:49 . 2013-12-20 21:49    --------    d-----w-    c:\users\Ryan\AppData\Local\SKIDROW
2013-12-20 21:43 . 2013-03-26 03:33    84    ----a-w-    c:\program files (x86)\update-bioshock_Inf.bat
2013-12-20 21:43 . 2013-03-25 19:44    --------    d-----w-    c:\program files (x86)\BioShock Infinite
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 09:52 . 2012-04-15 14:32    86054176    ----a-w-    c:\windows\system32\MRT.exe
2013-12-11 07:34 . 2012-05-23 16:26    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 07:34 . 2012-05-23 16:26    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-29 16:56 . 2013-11-01 20:01    1096480    ----a-w-    c:\windows\system32\nvspcap64.dll
2013-11-29 16:56 . 2013-11-01 20:01    979744    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2013-11-29 04:28 . 2013-11-29 04:28    32512    ----a-w-    c:\windows\system32\drivers\hitmanpro37.sys
2013-11-26 11:54 . 2013-12-11 09:03    23183360    ----a-w-    c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 09:03    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 09:03    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 09:03    66048    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 09:03    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 09:03    2764288    ----a-w-    c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 09:03    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 09:03    33792    ----a-w-    c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 09:03    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 09:03    574976    ----a-w-    c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 09:03    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 09:03    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 09:03    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 09:03    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 09:03    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 09:03    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 09:03    4243968    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 09:03    1995264    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 09:03    12996608    ----a-w-    c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 09:03    1928192    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 09:03    2334208    ----a-w-    c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 09:03    1395200    ----a-w-    c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 09:03    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 09:03    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-11-25 23:45 . 2013-11-25 23:45    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-25 23:45 . 2013-11-25 23:45    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-11-25 23:45 . 2013-11-25 23:45    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-25 23:45 . 2013-11-25 23:45    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-11-25 23:45 . 2013-11-25 23:45    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-11-25 23:45 . 2013-11-25 23:45    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-11-25 23:45 . 2013-11-25 23:45    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-11-25 23:45 . 2013-11-25 23:45    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-11-25 23:45 . 2013-11-25 23:45    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-11-25 23:45 . 2013-11-25 23:45    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-25 23:45 . 2013-11-25 23:45    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-11-25 23:45 . 2013-11-25 23:45    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-11-25 23:45 . 2013-11-25 23:45    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-11-25 23:45 . 2013-11-25 23:45    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2013-11-25 23:45 . 2013-11-25 23:45    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-11-25 23:45 . 2013-11-25 23:45    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-11-25 23:45 . 2013-11-25 23:45    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-11-25 23:45 . 2013-11-25 23:45    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-25 23:45 . 2013-11-25 23:45    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-11-25 23:45 . 2013-11-25 23:45    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-11-25 23:45 . 2013-11-25 23:45    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-11-25 23:45 . 2013-11-25 23:45    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-11-25 23:45 . 2013-11-25 23:45    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-11-25 23:45 . 2013-11-25 23:45    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-11-25 23:45 . 2013-11-25 23:45    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-11-25 23:45 . 2013-11-25 23:45    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-11-25 23:45 . 2013-11-25 23:45    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-11-25 23:45 . 2013-11-25 23:45    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-11-25 23:45 . 2013-11-25 23:45    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-11-25 23:45 . 2013-11-25 23:45    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-11-25 23:45 . 2013-11-25 23:45    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-11-25 23:45 . 2013-11-25 23:45    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-11-25 23:45 . 2013-11-25 23:45    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-11-25 23:45 . 2013-11-25 23:45    626176    ----a-w-    c:\windows\system32\msfeeds.dll
2013-11-25 23:45 . 2013-11-25 23:45    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-11-25 23:45 . 2013-11-25 23:45    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-11-25 23:45 . 2013-11-25 23:45    548352    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-25 23:45 . 2013-11-25 23:45    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-11-25 23:45 . 2013-11-25 23:45    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-11-25 23:45 . 2013-11-25 23:45    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-11-25 23:45 . 2013-11-25 23:45    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-11-25 23:45 . 2013-11-25 23:45    413696    ----a-w-    c:\windows\system32\html.iec
2013-11-25 23:45 . 2013-11-25 23:45    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-25 23:45 . 2013-11-25 23:45    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-11-25 23:45 . 2013-11-25 23:45    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-11-25 23:45 . 2013-11-25 23:45    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-11-25 23:45 . 2013-11-25 23:45    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-11-25 23:45 . 2013-11-25 23:45    235520    ----a-w-    c:\windows\system32\url.dll
2013-11-25 23:45 . 2013-11-25 23:45    195584    ----a-w-    c:\windows\system32\msrating.dll
2013-11-25 23:45 . 2013-11-25 23:45    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-11-25 23:45 . 2013-11-25 23:45    147968    ----a-w-    c:\windows\system32\occache.dll
2013-11-25 23:45 . 2013-11-25 23:45    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-11-25 23:45 . 2013-11-25 23:45    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-11-25 23:45 . 2013-11-25 23:45    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-11-25 23:45 . 2013-11-25 23:45    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-11-25 23:45 . 2013-11-25 23:45    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-11-25 23:45 . 2013-11-25 23:45    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-11-25 23:45 . 2013-11-25 23:45    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-11-25 23:45 . 2013-11-25 23:45    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-11-23 18:26 . 2013-12-11 02:39    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 02:39    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-19 10:21 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-11 02:39    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 02:39    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-10-30 17:03 . 2013-12-06 02:34    39200    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2013-10-30 17:02 . 2013-07-30 23:17    35104    ----a-w-    c:\windows\system32\nvaudcap64v.dll
2013-10-30 17:02 . 2013-12-06 02:34    32544    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2013-10-30 02:32 . 2013-12-11 02:39    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 02:39    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-10-23 10:30 . 2013-11-04 06:16    9524088    ----a-w-    c:\windows\SysWow64\nvcuda.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E0DCF27A-ED8B-B910-5778-2A8ADC15F410}]
c:\program files (x86)\YoutubeAdblocker\spFB.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E96EC74F-2ABB-B6AE-1DDE-7574F85E58D5}]
c:\program files (x86)\surf aand keep\v81VT.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys;c:\windows\SYSNATIVE\DRIVERS\vm3dmp.sys [x]
R3 vmci;vmci;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
R3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys;c:\windows\SYSNATIVE\DRIVERS\vmmouse.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 07:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C69F808E-AB80-A26F-ABA9-D30B8C0DE9DD}]
c:\program files (x86)\SearchNewTab\qe5.x64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-29 1096480]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-11-29 2273056]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\g7oxst88.default-1385696217819\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-11-28 21:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\g7oxst88.default-1385696217819\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ee550837-85e8-43d1-896f-da79577e7f63 - c:\progra~3\INSTAL~1\{78171~1\Setup.exe
AddRemove-Guild Wars 2 - c:\users\Ryan\Desktop\Guild Wars 2\Gw2.exe
AddRemove-S-161304646 - c:\programdata\quickset\sk.enhancer\sk.enhancer.exe
AddRemove-TmNationsForever_is1 - r:\program files (x86)\TmNationsForever\unins000.exe
AddRemove-Uplay - c:\users\Ryan\Desktop\Bates Motel\Ubisoft Game Launcher\Uninstall.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - r:\program files (x86)\Spybot - Search & Destroy\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-16  10:57:00
ComboFix-quarantined-files.txt  2014-01-16 17:57
ComboFix2.txt  2014-01-16 02:55
.
Pre-Run: 5,299,290,112 bytes free
Post-Run: 4,539,105,280 bytes free
.
- - End Of File - - 85E26530C69687924F3B05A1241555B7
A36C5E4F47E84449FF07ED3517B43A31
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users