Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Damaged Master Boot Record


  • This topic is locked This topic is locked
19 replies to this topic

#1 - Cadence

- Cadence

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 11 January 2014 - 01:47 PM

RogueKiller's MBR Check indicated a damaged MBR. I therefore decided to request for assistance / advice in another forum. I have now followed steps 6, 7 and 8 of the preparation guide, as requested. Here are the DDS log results.
 
Thank you,
 
Matt (- Cadence) 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by TJ at 19:08:04 on 2014-01-11
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.3828.1685 [GMT 1:00]
.
AV: ESET Smart Security 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET Smart Security 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Persoonlijke firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\SystemGuardAlerter.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Soluto\Soluto.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\SecureW2\sw2_tray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uProxyOverride = local
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Verzenden naar OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Download met MiPony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001045-0002-0045-ABCDEFFEDCBC} - <orphaned>
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
TCP: NameServer = 192.168.2.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{D656289C-F4A5-4E52-AD56-9A27F9AC5AC5} : DHCPNameServer = 192.168.2.254 195.241.77.55 195.241.77.58
TCP: Interfaces\{D656289C-F4A5-4E52-AD56-9A27F9AC5AC5}\3596475636F6D6030333541403 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{D656289C-F4A5-4E52-AD56-9A27F9AC5AC5}\4756C65623D243346333 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.41\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [Soluto] c:\program files\soluto\soluto.exe /init
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\5m9xwpbw.default\
FF - prefs.js: browser.startup.homepage - hxxp://nl.msn.com/?pc=UP97&ocid=UP97DHP
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\TJ\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll
FF - plugin: C:\Users\TJ\AppData\Roaming\ACEStream\player\npace_plugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-9-17 62136]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-3 55856]
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2013-6-15 54728]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2013-5-8 30752]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-9-17 44120]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-9-12 1337752]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2013-12-11 1168960]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-25 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-25 701512]
R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2013-5-8 82160]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-10-29 239176]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-7-10 182848]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-7-10 792128]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-7-17 3377904]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-12-12 279616]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-4-28 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-4-28 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-28 287232]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-18 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-4-28 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-5-18 838216]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtuele adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-4-28 172632]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-7-17 273136]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
S3 NUMARK_OMNICONTROL;Numark OMNI CONTROL USB driver;C:\Windows\System32\drivers\nkc2_usb.sys [2012-4-26 399936]
S3 NUMARK_OMNICONTROL_MIDI;Numark OMNI CONTROL WDM MIDI Device;C:\Windows\System32\drivers\nkc2midi.sys [2012-4-26 31296]
S3 NUMARK_OMNICONTROL_WDM;Numark OMNI CONTROL WDM;C:\Windows\System32\drivers\nkc2_wdm.sys [2012-4-26 50240]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-21 19456]
S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2012-7-18 21560]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-6-17 166576]
S3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-7-10 1942528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-10 1255736]
S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
S3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-10-29 98208]
S4 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2013-6-11 6718256]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
S4 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-3 2533400]
.
=============== Created Last 30 ================
.
2014-01-10 07:16:17 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A6A1EF9D-2686-4720-964D-3250EB673130}\mpengine.dll
2014-01-08 22:07:58 8604672 ----a-w- C:\Windows\System32\drivers\NETwNs64.sys.bak
2014-01-06 17:03:53 -------- d-----w- C:\OLDGAMES
2014-01-06 16:53:25 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74
2013-12-12 20:44:03 -------- d-----w- C:\Users\TJ\AppData\Roaming\FireShot
.
==================== Find3M  ====================
.
2013-12-11 15:04:08 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 15:04:08 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-06 21:55:21 362029 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2013-12-03 09:47:22 57584 ----a-w- C:\Windows\System32\iolobtdfg.exe
2013-12-03 09:47:14 26184 ----a-w- C:\Windows\System32\smrgdf.exe
2013-12-03 09:01:56 2155152 ----a-w- C:\Windows\System32\Incinerator64.dll
2013-12-03 09:01:54 2097984 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 02:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-04 12:56:44 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-29 11:24:53 24576 ------w- C:\Windows\SetupAfterRebootService.exe
2013-10-19 11:23:15 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
============= FINISH: 19:10:44,97 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9-6-2011 20:30:53
System Uptime: 11-1-2014 12:24:16 (7 hours ago)
.
Motherboard: Dell Inc. | | 00CKNG
Processor: Intel® Core™ i5 CPU M 560 @ 2.67GHz | U2E1 | 1173/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 115,046 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\SMO8800\1
Manufacturer:
Name:
PNP Device ID: ACPI\SMO8800\1
Service:
.
==== System Restore Points ===================
.
RP428: 10-1-2014 8:15:30 - Windows Update
.
==== Installed Programs ======================
.
Ace Stream Media 2.1.5.3
Adobe AIR
Adobe Community Help
Adobe Digital Editions
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05) - Nederlands
Canon iP4700 series Printer Driver
Canon MG5200 series MP Drivers
CCleaner
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell Edoc Viewer
Dropbox
Edraw Max 7
Epic Privacy Browser
ESET Smart Security
foobar2000 v1.2.9
Google Chrome
Google Drive
Google Earth Plug-in
Google Update Helper
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® PRO/Wireless Driver
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Intel® Turbo Boost Technologie monitor
iolo technologies' System Mechanic Professional
IrfanView (remove only)
Java 7 Update 45
Java Auto Updater
JMicron Flash Media Controller Driver
LatencyMon 4.01
Malwarebytes Anti-Malware versie 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (Nederlands)
Microsoft .NET Framework 4.5.1 (NLD)
Microsoft Application Error Reporting
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared 32-bit MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Mixed In Key 2.5
Modem Diagnostic Tool
Mozilla Firefox 25.0 (x86 nl)
Mozilla Maintenance Service
Mp3tag v2.57
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Native Instruments Controller Editor
Native Instruments Service Center
Native Instruments Traktor 2
NVIDIA-configuratiescherm 306.97
NVIDIA 3D Vision stuurprogramma 306.97
NVIDIA Grafisch stuurprogramma 306.97
NVIDIA HD Audio-stuurprogramma 1.3.18.0
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA PhysX
NVIDIA PhysX systeemsoftware 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
OMNI CONTROL USB Audio driver
Quickset64
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Samsung Printer Live Update
Sandboxie 3.72 (64-bit)
SecureW2 TTLS Client 3.3.1 for Windows
SecureW2 VU-Wireless
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Skype™ 6.11
Soluto
Spek
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition
VLC media player 2.1.2
Windows Software Development Kit for Windows 8.1 Preview
WinRAR 4.11 (64-bit)
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 21 January 2014 - 09:18 PM.
Posted Attach.txt


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:17 PM

Posted 16 January 2014 - 01:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520468 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 21 January 2014 - 09:11 PM

Greetings Matt and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me to get started.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 24 January 2014 - 12:47 PM

Greetings Matt,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 - Cadence

- Cadence
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 25 January 2014 - 07:38 AM

Hello Gary,

 

I have been a bit occupied lately, must have missed your reply. I will now follow your instructions and post the logs in a bit. Thanks for looking into it Gary.

 

Matt



#6 - Cadence

- Cadence
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 25 January 2014 - 07:50 AM

Farbar crashes at some point during the scan. One out of two logs appears on my desktop, the Addition.txt pop up screen does not show. 

 

FRST Results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by TJ (administrator) on TJ-PC on 25-01-2014 13:48:08
Running from C:\Users\TJ\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\SystemGuardAlerter.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(SecureW2 B.V.) C:\Program Files (x86)\SecureW2\sw2_tray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [Soluto] - c:\program files\soluto\soluto.exe [1230912 2013-07-10] (Soluto)
HKLM-x32\...\Run: [SecureW2 Tray] - C:\Program Files (x86)\SecureW2\sw2_tray.exe [218968 2013-03-04] (SecureW2 B.V.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
HKU\UpdatusUser\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 212.54.40.25 212.54.35.25
 
FireFox:
========
FF ProfilePath: C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\5m9xwpbw.default
FF Homepage: hxxp://nl.msn.com/?pc=UP97&ocid=UP97DHP
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.1.5.3 - C:\Users\TJ\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 - C:\Users\TJ\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 - C:\Users\TJ\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
FF Extension: DoNotTrackMe - C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\5m9xwpbw.default\Extensions\donottrackplus@abine.com [2013-10-29]
FF Extension: Copy Plain Text 2 - C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\5m9xwpbw.default\Extensions\copyplaintext@teo.pl.xpi [2013-10-29]
FF Extension: Ghostery - C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\5m9xwpbw.default\Extensions\firefox@ghostery.com.xpi [2013-10-29]
FF Extension: Official My JDownloader AddOn - C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\5m9xwpbw.default\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2013-10-29]
FF Extension: Adblock Plus - C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\5m9xwpbw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-29]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-04]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-04]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Epic Privacy Browser Update) - C:\Users\TJ\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
CHR Plugin: (Ace Stream P2P Multimedia Plug-in) - C:\Users\TJ\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Documenten) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-29]
CHR Extension: (Google Drive) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-12]
CHR Extension: (WOT) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-10-29]
CHR Extension: (Poper Blocker) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2013-10-29]
CHR Extension: (YouTube) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-29]
CHR Extension: (Google Zoeken) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-29]
CHR Extension: (Screen Capture (by Google)) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg [2013-12-12]
CHR Extension: (MaskMe) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg [2013-10-29]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2013-10-29]
CHR Extension: (Google Analytics Opt-out Add-on (van Google)) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2013-10-29]
CHR Extension: (HTTPS Everywhere) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-10-29]
CHR Extension: (AdBlock) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-01]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2013-10-29]
CHR Extension: (goo.gl URL Shortener) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2013-10-29]
CHR Extension: (Capture Webpage Screenshot - FireShot) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2013-12-12]
CHR Extension: (Ghostery) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-10-29]
CHR Extension: (Google Wallet) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 25 January 2014 - 09:57 AM

Hi Matt and thanks for posting the information.

Please try to run the program in Safe Mode.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 - Cadence

- Cadence
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 25 January 2014 - 12:50 PM

Same thing happened in Safe Mode: Farbar closed abruptly, no addition.txt available. Here is the FRST scan result. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by TJ (administrator) on TJ-PC on 25-01-2014 18:37:03
Running from C:\Users\TJ\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Dutch Standard
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\SystemGuardAlerter.exe
(Microsoft Corporation) C:\Windows\System32\userinit.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [5618456 2013-09-12] (ESET)
HKLM\...\Run: [Soluto] - c:\program files\soluto\soluto.exe [1230912 2013-07-10] (Soluto)
HKLM-x32\...\Run: [SecureW2 Tray] - C:\Program Files (x86)\SecureW2\sw2_tray.exe [218968 2013-03-04] (SecureW2 B.V.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
HKU\UpdatusUser\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 212.54.40.25 212.54.35.25
 
FireFox:
========
FF ProfilePath: C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\5m9xwpbw.default
FF Homepage: hxxp://nl.msn.com/?pc=UP97&ocid=UP97DHP
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.1.5.3 - C:\Users\TJ\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 - C:\Users\TJ\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 - C:\Users\TJ\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
FF Extension: DoNotTrackMe - C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\5m9xwpbw.default\Extensions\donottrackplus@abine.com [2013-10-29]
FF Extension: Copy Plain Text 2 - C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\5m9xwpbw.default\Extensions\copyplaintext@teo.pl.xpi [2013-10-29]
FF Extension: Ghostery - C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\5m9xwpbw.default\Extensions\firefox@ghostery.com.xpi [2013-10-29]
FF Extension: Official My JDownloader AddOn - C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\5m9xwpbw.default\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2013-10-29]
FF Extension: Adblock Plus - C:\Users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\5m9xwpbw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-29]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-04]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-11-04]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Epic Privacy Browser Update) - C:\Users\TJ\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
CHR Plugin: (Ace Stream P2P Multimedia Plug-in) - C:\Users\TJ\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Documenten) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-29]
CHR Extension: (Google Drive) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-12]
CHR Extension: (WOT) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-10-29]
CHR Extension: (Poper Blocker) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2013-10-29]
CHR Extension: (YouTube) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-29]
CHR Extension: (Google Zoeken) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-29]
CHR Extension: (Screen Capture (by Google)) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg [2013-12-12]
CHR Extension: (MaskMe) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg [2013-10-29]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2013-10-29]
CHR Extension: (Google Analytics Opt-out Add-on (van Google)) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh [2013-10-29]
CHR Extension: (HTTPS Everywhere) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2013-10-29]
CHR Extension: (AdBlock) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-01]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2013-10-29]
CHR Extension: (goo.gl URL Shortener) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk [2013-10-29]
CHR Extension: (Capture Webpage Screenshot - FireShot) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2013-12-12]
CHR Extension: (Ghostery) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-10-29]
CHR Extension: (Google Wallet) - C:\Users\TJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 25 January 2014 - 06:43 PM

Hi Matt,

Please try these programs.

===================================================

Run TDSSKiller by Kaspersky on Vista/7

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".


===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 - Cadence

- Cadence
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 26 January 2014 - 02:03 PM

Hi Gary, thanks for your response. I followed your instructions and here are the logs. aswMBR crashes at some point. To be sure I ran it in safe mode, but aswMBR still crashed. Saving the log before crashing gave the following result.

 

TDSS

18:12:57.0017 0x1468  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
18:13:00.0685 0x1468  ============================================================
18:13:00.0685 0x1468  Current date / time: 2014/01/26 18:13:00.0685
18:13:00.0685 0x1468  SystemInfo:
18:13:00.0686 0x1468  
18:13:00.0686 0x1468  OS Version: 6.1.7601 ServicePack: 1.0
18:13:00.0686 0x1468  Product type: Workstation
18:13:00.0686 0x1468  ComputerName: TJ-PC
18:13:00.0686 0x1468  UserName: TJ
18:13:00.0686 0x1468  Windows directory: C:\Windows
18:13:00.0686 0x1468  System windows directory: C:\Windows
18:13:00.0686 0x1468  Running under WOW64
18:13:00.0686 0x1468  Processor architecture: Intel x64
18:13:00.0686 0x1468  Number of processors: 4
18:13:00.0686 0x1468  Page size: 0x1000
18:13:00.0686 0x1468  Boot type: Normal boot
18:13:00.0686 0x1468  ============================================================
18:13:00.0885 0x1468  KLMD registered as C:\Windows\system32\drivers\32047487.sys
18:13:01.0026 0x1468  System UUID: {C70A78F4-B329-C534-4C3E-2A4A8009CCCF}
18:13:01.0486 0x1468  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:13:01.0515 0x1468  ============================================================
18:13:01.0515 0x1468  \Device\Harddisk0\DR0:
18:13:01.0515 0x1468  MBR partitions:
18:13:01.0515 0x1468  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
18:13:01.0515 0x1468  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
18:13:01.0515 0x1468  ============================================================
18:13:01.0543 0x1468  C: <-> \Device\Harddisk0\DR0\Partition2
18:13:01.0543 0x1468  ============================================================
18:13:01.0543 0x1468  Initialize success
18:13:01.0543 0x1468  ============================================================
18:13:41.0036 0x1218  ============================================================
18:13:41.0036 0x1218  Scan started
18:13:41.0036 0x1218  Mode: Manual; SigCheck; TDLFS; 
18:13:41.0036 0x1218  ============================================================
18:13:41.0036 0x1218  KSN ping started
18:13:55.0762 0x1218  KSN ping finished: true
18:13:55.0918 0x1218  ================ Scan system memory ========================
18:13:55.0918 0x1218  System memory - ok
18:13:55.0918 0x1218  ================ Scan services =============================
18:13:56.0012 0x1218  [ 620C92D6EEFA9853A3EAD41B5EB9B5FD, 72DD7297179AC6629B816DD9656D5EC3F02BE677EA01A05A5EB808180F0D775F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:13:56.0074 0x1218  !SASCORE - ok
18:13:56.0292 0x1218  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:13:56.0464 0x1218  1394ohci - ok
18:13:56.0495 0x1218  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:13:56.0526 0x1218  ACPI - ok
18:13:56.0526 0x1218  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:13:56.0636 0x1218  AcpiPmi - ok
18:13:56.0760 0x1218  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:13:56.0776 0x1218  AdobeARMservice - ok
18:13:56.0916 0x1218  [ 8D268693A6DCE3D7319DF14834841BAF, 229C95FE2E6A692EBC2842823A1C7D438F8DF18F44691BD7AFE79DB76F092F9D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:13:56.0948 0x1218  AdobeFlashPlayerUpdateSvc - ok
18:13:57.0010 0x1218  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:13:57.0041 0x1218  adp94xx - ok
18:13:57.0088 0x1218  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:13:57.0104 0x1218  adpahci - ok
18:13:57.0119 0x1218  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:13:57.0119 0x1218  adpu320 - ok
18:13:57.0150 0x1218  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:13:57.0306 0x1218  AeLookupSvc - ok
18:13:57.0369 0x1218  [ D1E343BC00136CE03C4D403194D06A80, 94F2543164A2CEA179EDE53E1294EE24391A59CAEFF83BA5CE9385E8E686E89C ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:13:57.0384 0x1218  AERTFilters - ok
18:13:57.0447 0x1218  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
18:13:57.0540 0x1218  AFD - ok
18:13:57.0572 0x1218  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:13:57.0587 0x1218  agp440 - ok
18:13:57.0618 0x1218  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:13:57.0712 0x1218  ALG - ok
18:13:57.0728 0x1218  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:13:57.0743 0x1218  aliide - ok
18:13:57.0759 0x1218  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:13:57.0759 0x1218  amdide - ok
18:13:57.0774 0x1218  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:13:57.0852 0x1218  AmdK8 - ok
18:13:57.0868 0x1218  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:13:57.0915 0x1218  AmdPPM - ok
18:13:57.0946 0x1218  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:13:57.0977 0x1218  amdsata - ok
18:13:57.0993 0x1218  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:13:57.0993 0x1218  amdsbs - ok
18:13:58.0024 0x1218  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:13:58.0024 0x1218  amdxata - ok
18:13:58.0040 0x1218  [ 7D9E301AB3247765702D0B65E2E47E50, 110F1D9A01F1DB36815B4CBF04E540958B760AC46955F7712D03F958F78734D0 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
18:13:58.0118 0x1218  AMPPAL - ok
18:13:58.0133 0x1218  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
18:13:58.0274 0x1218  AppID - ok
18:13:58.0305 0x1218  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:13:58.0383 0x1218  AppIDSvc - ok
18:13:58.0430 0x1218  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
18:13:58.0476 0x1218  Appinfo - ok
18:13:58.0508 0x1218  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:13:58.0523 0x1218  arc - ok
18:13:58.0539 0x1218  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:13:58.0554 0x1218  arcsas - ok
18:13:58.0664 0x1218  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:13:58.0679 0x1218  aspnet_state - ok
18:13:58.0679 0x1218  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:13:58.0726 0x1218  AsyncMac - ok
18:13:58.0757 0x1218  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:13:58.0757 0x1218  atapi - ok
18:13:58.0820 0x1218  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:13:58.0898 0x1218  AudioEndpointBuilder - ok
18:13:58.0913 0x1218  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:13:58.0960 0x1218  AudioSrv - ok
18:13:59.0007 0x1218  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:13:59.0116 0x1218  AxInstSV - ok
18:13:59.0163 0x1218  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:13:59.0256 0x1218  b06bdrv - ok
18:13:59.0288 0x1218  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:13:59.0334 0x1218  b57nd60a - ok
18:13:59.0366 0x1218  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:13:59.0428 0x1218  BDESVC - ok
18:13:59.0444 0x1218  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:13:59.0522 0x1218  Beep - ok
18:13:59.0584 0x1218  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
18:13:59.0662 0x1218  BFE - ok
18:13:59.0740 0x1218  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
18:13:59.0849 0x1218  BITS - ok
18:13:59.0880 0x1218  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:13:59.0912 0x1218  blbdrive - ok
18:13:59.0943 0x1218  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:13:59.0974 0x1218  bowser - ok
18:14:00.0021 0x1218  [ F46DD257FAD7D2D097EF32E72220A06C, 073232E10CE9654D39360B3031BDEACA15FFAD879DAE41B866762AA207050B59 ] bpenum          C:\Windows\system32\DRIVERS\bpenum.sys
18:14:00.0052 0x1218  bpenum - detected UnsignedFile.Multi.Generic ( 1 )
18:14:02.0829 0x1218  Detect skipped due to KSN trusted
18:14:02.0829 0x1218  bpenum - ok
18:14:02.0876 0x1218  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:14:02.0985 0x1218  BrFiltLo - ok
18:14:02.0985 0x1218  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:14:03.0000 0x1218  BrFiltUp - ok
18:14:03.0000 0x1218  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
18:14:03.0047 0x1218  BridgeMP - ok
18:14:03.0094 0x1218  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
18:14:03.0188 0x1218  Browser - ok
18:14:03.0219 0x1218  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:14:03.0297 0x1218  Brserid - ok
18:14:03.0312 0x1218  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:14:03.0359 0x1218  BrSerWdm - ok
18:14:03.0359 0x1218  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:14:03.0375 0x1218  BrUsbMdm - ok
18:14:03.0375 0x1218  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:14:03.0390 0x1218  BrUsbSer - ok
18:14:03.0390 0x1218  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:14:03.0422 0x1218  BTHMODEM - ok
18:14:03.0468 0x1218  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:14:03.0546 0x1218  bthserv - ok
18:14:03.0578 0x1218  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:14:03.0671 0x1218  cdfs - ok
18:14:03.0718 0x1218  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:14:03.0765 0x1218  cdrom - ok
18:14:03.0812 0x1218  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:14:03.0905 0x1218  CertPropSvc - ok
18:14:03.0921 0x1218  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:14:03.0952 0x1218  circlass - ok
18:14:03.0999 0x1218  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
18:14:04.0030 0x1218  CLFS - ok
18:14:04.0092 0x1218  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:14:04.0108 0x1218  clr_optimization_v2.0.50727_32 - ok
18:14:04.0155 0x1218  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:14:04.0170 0x1218  clr_optimization_v2.0.50727_64 - ok
18:14:04.0233 0x1218  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:14:04.0264 0x1218  clr_optimization_v4.0.30319_32 - ok
18:14:04.0280 0x1218  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:14:04.0295 0x1218  clr_optimization_v4.0.30319_64 - ok
18:14:04.0295 0x1218  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:14:04.0326 0x1218  CmBatt - ok
18:14:04.0358 0x1218  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:14:04.0373 0x1218  cmdide - ok
18:14:04.0420 0x1218  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
18:14:04.0467 0x1218  CNG - ok
18:14:04.0498 0x1218  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:14:04.0514 0x1218  Compbatt - ok
18:14:04.0545 0x1218  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:14:04.0592 0x1218  CompositeBus - ok
18:14:04.0592 0x1218  COMSysApp - ok
18:14:04.0638 0x1218  cpuz136 - ok
18:14:04.0638 0x1218  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:14:04.0654 0x1218  crcdisk - ok
18:14:04.0685 0x1218  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:14:04.0763 0x1218  CryptSvc - ok
18:14:04.0763 0x1218  CtClsFlt - ok
18:14:04.0810 0x1218  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:14:04.0872 0x1218  DcomLaunch - ok
18:14:04.0919 0x1218  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:14:04.0966 0x1218  defragsvc - ok
18:14:04.0997 0x1218  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:14:05.0091 0x1218  DfsC - ok
18:14:05.0122 0x1218  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:14:05.0184 0x1218  Dhcp - ok
18:14:05.0231 0x1218  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:14:05.0294 0x1218  discache - ok
18:14:05.0309 0x1218  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:14:05.0325 0x1218  Disk - ok
18:14:05.0356 0x1218  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:14:05.0434 0x1218  Dnscache - ok
18:14:05.0465 0x1218  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:14:05.0559 0x1218  dot3svc - ok
18:14:05.0606 0x1218  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:14:05.0684 0x1218  DPS - ok
18:14:05.0715 0x1218  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:14:05.0808 0x1218  drmkaud - ok
18:14:05.0840 0x1218  [ 400582B09E0BB557D0EC28A945150EEB, 605AC0DF14F9F64B72604968CC4C02725E8D5C879D6DB1B2B5D9598B902FC9D0 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:14:05.0871 0x1218  dtsoftbus01 - ok
18:14:05.0964 0x1218  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:14:05.0996 0x1218  DXGKrnl - ok
18:14:06.0027 0x1218  [ FE96AA1A36E76588C80DF1040286DDE1, 86EED8A0B59CD1930E6282997537ED94333FC7D45E3FE5A4D82057E1C8E5C2CD ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
18:14:06.0042 0x1218  eamonm - ok
18:14:06.0074 0x1218  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:14:06.0152 0x1218  EapHost - ok
18:14:06.0292 0x1218  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:14:06.0401 0x1218  ebdrv - ok
18:14:06.0432 0x1218  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
18:14:06.0510 0x1218  EFS - ok
18:14:06.0542 0x1218  [ 807BA90D47F8885C09E1D6AFBB706E18, A803FE639C9C87733CA73D8F6C04A8CEB28DC45EEEA6CEC01ED3D4124C8E48EA ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
18:14:06.0557 0x1218  ehdrv - ok
18:14:06.0651 0x1218  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:14:06.0713 0x1218  ehRecvr - ok
18:14:06.0744 0x1218  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:14:06.0822 0x1218  ehSched - ok
18:14:06.0963 0x1218  [ 4CB575D97653FA91FFB02DA3105EB084, 59FB4D2485EEDBCC56D92C1F5DF3FEAE67D751F3AD7AEA7590F3C73107C829E8 ] ekrn            C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
18:14:06.0994 0x1218  ekrn - ok
18:14:07.0010 0x1218  [ 627350A11295D82BF78D155B12FFD0EF, BF4A80A379803C765EF5163EE7422A30D8F35820E38690F11A27FA605DD20FFA ] ElRawDisk       C:\Windows\system32\drivers\ElRawDsk.sys
18:14:07.0025 0x1218  ElRawDisk - ok
18:14:07.0072 0x1218  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:14:07.0103 0x1218  elxstor - ok
18:14:07.0134 0x1218  [ 00A81DC02BA17FB4BFCFA026DC47458F, 1B95BD51727E66B023BA4F2C9F57E69496790582CB272D57FE4BC15BA64952D8 ] epfw            C:\Windows\system32\DRIVERS\epfw.sys
18:14:07.0166 0x1218  epfw - ok
18:14:07.0181 0x1218  [ 3B085449438B2BCFD09CC84A0B90D1DB, 098DD64CC446E3960F93C0CDA495069DB6E7D9397CAC857E09E9FA323F5D31B2 ] EpfwLWF         C:\Windows\system32\DRIVERS\EpfwLWF.sys
18:14:07.0181 0x1218  EpfwLWF - ok
18:14:07.0212 0x1218  [ 91D54747A07F56ADCE1B6CFD3387AF60, 6F27AC896EA360284F6868BA1FEB55AE9325C914E54D73AECC5EBC8328650D41 ] epfwwfp         C:\Windows\system32\DRIVERS\epfwwfp.sys
18:14:07.0228 0x1218  epfwwfp - ok
18:14:07.0259 0x1218  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:14:07.0290 0x1218  ErrDev - ok
18:14:07.0337 0x1218  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:14:07.0431 0x1218  EventSystem - ok
18:14:07.0556 0x1218  [ 91CD2315EB4F0547E0A6573A9AF5B576, 65DEC986C7489010EC2E14FCEF96F998A4E6E60EDA12AACAB5914A9F7FECAEFA ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:14:07.0571 0x1218  EvtEng - ok
18:14:07.0602 0x1218  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:14:07.0634 0x1218  exfat - ok
18:14:07.0665 0x1218  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:14:07.0712 0x1218  fastfat - ok
18:14:07.0774 0x1218  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
18:14:07.0852 0x1218  Fax - ok
18:14:07.0868 0x1218  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:14:07.0914 0x1218  fdc - ok
18:14:07.0946 0x1218  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:14:08.0024 0x1218  fdPHost - ok
18:14:08.0055 0x1218  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:14:08.0133 0x1218  FDResPub - ok
18:14:08.0133 0x1218  FileDisk - ok
18:14:08.0164 0x1218  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:14:08.0180 0x1218  FileInfo - ok
18:14:08.0180 0x1218  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:14:08.0258 0x1218  Filetrace - ok
18:14:08.0289 0x1218  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:14:08.0289 0x1218  flpydisk - ok
18:14:08.0320 0x1218  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:14:08.0336 0x1218  FltMgr - ok
18:14:08.0414 0x1218  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
18:14:08.0492 0x1218  FontCache - ok
18:14:08.0554 0x1218  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:14:08.0570 0x1218  FontCache3.0.0.0 - ok
18:14:08.0601 0x1218  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:14:08.0601 0x1218  FsDepends - ok
18:14:08.0632 0x1218  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:14:08.0663 0x1218  Fs_Rec - ok
18:14:08.0694 0x1218  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:14:08.0710 0x1218  fvevol - ok
18:14:08.0726 0x1218  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:14:08.0757 0x1218  gagp30kx - ok
18:14:08.0819 0x1218  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:14:08.0882 0x1218  gpsvc - ok
18:14:09.0006 0x1218  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:14:09.0038 0x1218  gupdate - ok
18:14:09.0038 0x1218  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:14:09.0038 0x1218  gupdatem - ok
18:14:09.0084 0x1218  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:14:09.0131 0x1218  hcw85cir - ok
18:14:09.0162 0x1218  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:14:09.0225 0x1218  HdAudAddService - ok
18:14:09.0272 0x1218  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:14:09.0334 0x1218  HDAudBus - ok
18:14:09.0365 0x1218  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
18:14:09.0381 0x1218  HECIx64 - ok
18:14:09.0396 0x1218  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:14:09.0443 0x1218  HidBatt - ok
18:14:09.0459 0x1218  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:14:09.0506 0x1218  HidBth - ok
18:14:09.0521 0x1218  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:14:09.0552 0x1218  HidIr - ok
18:14:09.0568 0x1218  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
18:14:09.0646 0x1218  hidserv - ok
18:14:09.0662 0x1218  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:14:09.0693 0x1218  HidUsb - ok
18:14:09.0724 0x1218  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:14:09.0818 0x1218  hkmsvc - ok
18:14:09.0849 0x1218  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:14:09.0927 0x1218  HomeGroupListener - ok
18:14:09.0974 0x1218  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:14:10.0005 0x1218  HomeGroupProvider - ok
18:14:10.0052 0x1218  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:14:10.0067 0x1218  HpSAMD - ok
18:14:10.0098 0x1218  [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:14:10.0130 0x1218  HTCAND64 - detected UnsignedFile.Multi.Generic ( 1 )
18:14:12.0844 0x1218  Detect skipped due to KSN trusted
18:14:12.0844 0x1218  HTCAND64 - ok
18:14:12.0922 0x1218  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:14:12.0984 0x1218  HTTP - ok
18:14:13.0031 0x1218  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:14:13.0047 0x1218  hwpolicy - ok
18:14:13.0062 0x1218  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:14:13.0078 0x1218  i8042prt - ok
18:14:13.0125 0x1218  [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
18:14:13.0140 0x1218  iaStor - ok
18:14:13.0203 0x1218  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:14:13.0234 0x1218  iaStorV - ok
18:14:13.0312 0x1218  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:14:13.0343 0x1218  idsvc - ok
18:14:13.0343 0x1218  IEEtwCollectorService - ok
18:14:13.0624 0x1218  [ 1BE8D9CA4F2363B8E8015621878E0043, 695B5F88A6F6943156D033DAA86188F50308AD71FCF26CF0AEDF7E23F774FB56 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:14:13.0967 0x1218  igfx - ok
18:14:14.0014 0x1218  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:14:14.0030 0x1218  iirsp - ok
18:14:14.0108 0x1218  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:14:14.0154 0x1218  IKEEXT - ok
18:14:14.0186 0x1218  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
18:14:14.0217 0x1218  Impcd - ok
18:14:14.0357 0x1218  [ CCEDD47ABD068C58C8513DEB785093BB, 2B5571688655265037ACB44D2F2E0CD646EC0567D823C32CA09F13A1814C241B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:14:14.0435 0x1218  IntcAzAudAddService - ok
18:14:14.0482 0x1218  [ 03C74719D48056A1078F3A51CEB76BAA, 34BCC73EE4D65E1F282208C243C54BBD8458DB50FA893DE3306E1A1E73D05B1A ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
18:14:14.0529 0x1218  IntcDAud - ok
18:14:14.0576 0x1218  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:14:14.0591 0x1218  intelide - ok
18:14:14.0622 0x1218  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:14:14.0669 0x1218  intelppm - ok
18:14:14.0810 0x1218  [ 01D805FAC2510E3C963EA4727B1E2F00, EDEC59524A7BFA44929AEF87BF34A7A46D8BC3E9C0C6607138E9014636629D56 ] ioloSystemService C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
18:14:14.0841 0x1218  ioloSystemService - ok
18:14:14.0888 0x1218  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:14:14.0950 0x1218  IPBusEnum - ok
18:14:14.0997 0x1218  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:14:15.0059 0x1218  IpFilterDriver - ok
18:14:15.0137 0x1218  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:14:15.0200 0x1218  iphlpsvc - ok
18:14:15.0215 0x1218  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:14:15.0262 0x1218  IPMIDRV - ok
18:14:15.0293 0x1218  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:14:15.0387 0x1218  IPNAT - ok
18:14:15.0402 0x1218  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:14:15.0465 0x1218  IRENUM - ok
18:14:15.0512 0x1218  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:14:15.0527 0x1218  isapnp - ok
18:14:15.0558 0x1218  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:14:15.0574 0x1218  iScsiPrt - ok
18:14:15.0605 0x1218  [ 43F319DE026E04B9CF9219A14BF24FE8, 7DBB28CBDE53126AA28FF89535D92130294536F5348E0EC853892A507AEE2A13 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
18:14:15.0621 0x1218  JMCR - ok
18:14:15.0652 0x1218  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:14:15.0668 0x1218  kbdclass - ok
18:14:15.0683 0x1218  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:14:15.0730 0x1218  kbdhid - ok
18:14:15.0746 0x1218  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
18:14:15.0761 0x1218  KeyIso - ok
18:14:15.0808 0x1218  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:14:15.0808 0x1218  KSecDD - ok
18:14:15.0839 0x1218  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:14:15.0855 0x1218  KSecPkg - ok
18:14:15.0886 0x1218  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:14:15.0980 0x1218  ksthunk - ok
18:14:16.0058 0x1218  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:14:16.0120 0x1218  KtmRm - ok
18:14:16.0167 0x1218  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
18:14:16.0245 0x1218  LanmanServer - ok
18:14:16.0276 0x1218  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:14:16.0354 0x1218  LanmanWorkstation - ok
18:14:16.0370 0x1218  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:14:16.0416 0x1218  lltdio - ok
18:14:16.0479 0x1218  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:14:16.0541 0x1218  lltdsvc - ok
18:14:16.0557 0x1218  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:14:16.0604 0x1218  lmhosts - ok
18:14:16.0666 0x1218  [ 23D990150D56B670A62B21B9ABDD45EE, BB9DBC0D02474976420321162C3AB1FDF975FA0494B1030488B03BC98A65F888 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:14:16.0697 0x1218  LMS - ok
18:14:16.0728 0x1218  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:14:16.0744 0x1218  LSI_FC - ok
18:14:16.0775 0x1218  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:14:16.0791 0x1218  LSI_SAS - ok
18:14:16.0806 0x1218  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:14:16.0822 0x1218  LSI_SAS2 - ok
18:14:16.0838 0x1218  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:14:16.0838 0x1218  LSI_SCSI - ok
18:14:16.0869 0x1218  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:14:16.0931 0x1218  luafv - ok
18:14:16.0994 0x1218  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:14:17.0009 0x1218  MBAMProtector - ok
18:14:17.0072 0x1218  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:14:17.0103 0x1218  MBAMScheduler - ok
18:14:17.0165 0x1218  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:14:17.0181 0x1218  MBAMService - ok
18:14:17.0212 0x1218  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:14:17.0259 0x1218  Mcx2Svc - ok
18:14:17.0306 0x1218  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:14:17.0321 0x1218  megasas - ok
18:14:17.0368 0x1218  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:14:17.0384 0x1218  MegaSR - ok
18:14:17.0430 0x1218  Microsoft SharePoint Workspace Audit Service - ok
18:14:17.0462 0x1218  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:14:17.0540 0x1218  MMCSS - ok
18:14:17.0540 0x1218  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:14:17.0586 0x1218  Modem - ok
18:14:17.0602 0x1218  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:14:17.0649 0x1218  monitor - ok
18:14:17.0680 0x1218  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:14:17.0696 0x1218  mouclass - ok
18:14:17.0789 0x1218  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:14:17.0836 0x1218  mouhid - ok
18:14:17.0867 0x1218  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:14:17.0898 0x1218  mountmgr - ok
18:14:17.0930 0x1218  [ 5D494509432897338AFC19DB78A76DCB, 873F61F45D4A96096E17F9E266B1A20CCD65E4678DDB21DDE3DB98E831E524D3 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:14:17.0961 0x1218  MozillaMaintenance - ok
18:14:17.0992 0x1218  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:14:18.0023 0x1218  mpio - ok
18:14:18.0054 0x1218  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:14:18.0101 0x1218  mpsdrv - ok
18:14:18.0164 0x1218  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:14:18.0242 0x1218  MpsSvc - ok
18:14:18.0257 0x1218  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:14:18.0304 0x1218  MRxDAV - ok
18:14:18.0335 0x1218  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:14:18.0382 0x1218  mrxsmb - ok
18:14:18.0413 0x1218  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:14:18.0460 0x1218  mrxsmb10 - ok
18:14:18.0476 0x1218  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:14:18.0507 0x1218  mrxsmb20 - ok
18:14:18.0554 0x1218  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:14:18.0569 0x1218  msahci - ok
18:14:18.0585 0x1218  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:14:18.0600 0x1218  msdsm - ok
18:14:18.0616 0x1218  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:14:18.0632 0x1218  MSDTC - ok
18:14:18.0678 0x1218  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:14:18.0710 0x1218  Msfs - ok
18:14:18.0710 0x1218  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:14:18.0741 0x1218  mshidkmdf - ok
18:14:18.0756 0x1218  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:14:18.0772 0x1218  msisadrv - ok
18:14:18.0819 0x1218  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:14:18.0881 0x1218  MSiSCSI - ok
18:14:18.0881 0x1218  msiserver - ok
18:14:18.0897 0x1218  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:14:18.0959 0x1218  MSKSSRV - ok
18:14:18.0975 0x1218  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:14:19.0022 0x1218  MSPCLOCK - ok
18:14:19.0022 0x1218  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:14:19.0068 0x1218  MSPQM - ok
18:14:19.0100 0x1218  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:14:19.0115 0x1218  MsRPC - ok
18:14:19.0146 0x1218  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:14:19.0162 0x1218  mssmbios - ok
18:14:19.0178 0x1218  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:14:19.0224 0x1218  MSTEE - ok
18:14:19.0256 0x1218  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:14:19.0271 0x1218  MTConfig - ok
18:14:19.0302 0x1218  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:14:19.0302 0x1218  Mup - ok
18:14:19.0349 0x1218  [ 85B42715B134BF8ABE035078F81E0A8C, B522D9BA55102FFD9138A6B6B85C9FACB4DD7D7565F4B276E44536B61962D78D ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:14:19.0365 0x1218  MyWiFiDHCPDNS - ok
18:14:19.0396 0x1218  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:14:19.0458 0x1218  napagent - ok
18:14:19.0490 0x1218  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:14:19.0521 0x1218  NativeWifiP - ok
18:14:19.0568 0x1218  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:14:19.0599 0x1218  NDIS - ok
18:14:19.0646 0x1218  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:14:19.0692 0x1218  NdisCap - ok
18:14:19.0708 0x1218  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:14:19.0739 0x1218  NdisTapi - ok
18:14:19.0770 0x1218  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:14:19.0833 0x1218  Ndisuio - ok
18:14:19.0864 0x1218  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:14:19.0926 0x1218  NdisWan - ok
18:14:19.0942 0x1218  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:14:19.0989 0x1218  NDProxy - ok
18:14:20.0020 0x1218  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:14:20.0082 0x1218  NetBIOS - ok
18:14:20.0114 0x1218  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:14:20.0176 0x1218  NetBT - ok
18:14:20.0192 0x1218  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
18:14:20.0207 0x1218  Netlogon - ok
18:14:20.0254 0x1218  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:14:20.0301 0x1218  Netman - ok
18:14:20.0363 0x1218  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:14:20.0379 0x1218  NetMsmqActivator - ok
18:14:20.0394 0x1218  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:14:20.0410 0x1218  NetPipeActivator - ok
18:14:20.0426 0x1218  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:14:20.0488 0x1218  netprofm - ok
18:14:20.0488 0x1218  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:14:20.0504 0x1218  NetTcpActivator - ok
18:14:20.0519 0x1218  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:14:20.0535 0x1218  NetTcpPortSharing - ok
18:14:20.0800 0x1218  [ 18555F48844C2861D9DCE8F2B7223AE5, 35F8C0DFCF14780F86AD9A476A7AE22A98589B27ED9C7E109945CBBD227E6E2B ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
18:14:21.0050 0x1218  NETw5s64 - ok
18:14:21.0393 0x1218  [ 7D3646F4E3F2C27A1415F1685391F024, E5426EC1347DBA302C786B72B510C61BA694D7A1FE0023CA61A587672F8F3548 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwsw00.sys
18:14:21.0720 0x1218  NETwNs64 - ok
18:14:21.0783 0x1218  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:14:21.0798 0x1218  nfrd960 - ok
18:14:22.0079 0x1218  [ 97E0383BD4CB6CF411DC8776992B8BD7, 082FFD0D19D24D0881F838D3EB2FB763008EDF48EE8ED96BD30E6F1F8294D257 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
18:14:22.0204 0x1218  NIHardwareService - ok
18:14:22.0282 0x1218  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:14:22.0329 0x1218  NlaSvc - ok
18:14:22.0344 0x1218  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:14:22.0422 0x1218  Npfs - ok
18:14:22.0469 0x1218  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:14:22.0532 0x1218  nsi - ok
18:14:22.0563 0x1218  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:14:22.0625 0x1218  nsiproxy - ok
18:14:22.0719 0x1218  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:14:22.0766 0x1218  Ntfs - ok
18:14:22.0781 0x1218  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:14:22.0812 0x1218  Null - ok
18:14:22.0875 0x1218  [ AF01555FCE33E082620FBCAD1FE94659, 20C13FDF0B9636DD626F659E160D3048CF8A8408618FBB99B6AC3BA94C538042 ] NUMARK_OMNICONTROL C:\Windows\system32\Drivers\nkc2_usb.sys
18:14:22.0906 0x1218  NUMARK_OMNICONTROL - ok
18:14:22.0906 0x1218  [ 971EFC2F6B5B0211B6A72DE9B8FA592C, E44A7A4561CA390CE5D29D60B2BE458689EF1A8E65BDA3CA6DD090E14B205146 ] NUMARK_OMNICONTROL_MIDI C:\Windows\system32\drivers\nkc2midi.sys
18:14:22.0922 0x1218  NUMARK_OMNICONTROL_MIDI - ok
18:14:22.0922 0x1218  [ 32AE97717A9876390FFC1632A6E5D93C, 5AE7C2FA150256118FDCAEE0D6BF449DD84768F143D57EDF7D6FCF66E790238D ] NUMARK_OMNICONTROL_WDM C:\Windows\system32\drivers\nkc2_wdm.sys
18:14:22.0937 0x1218  NUMARK_OMNICONTROL_WDM - ok
18:14:22.0968 0x1218  [ 0EBC9D13CD96C15B1B18D8678A609E4B, B10896DE16B0C102DFB3E73A6C11A1982C5B428015DAE1F8776BCEF94A0F75C6 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
18:14:23.0015 0x1218  nusb3hub - ok
18:14:23.0062 0x1218  [ 7BDEC000D56D485021D9C1E63C2F81CA, 7F1303FD0371AF8715BFC38433B730C797170AEF10C7DB845B7B547DA8DBB5D5 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:14:23.0109 0x1218  nusb3xhc - ok
18:14:23.0156 0x1218  [ 1F07B814C0BB5AABA703ABFF1F31F2E8, 07F578686CAE0FAB5462B472A03DD1BC5DFE0D5DA6307895534CECC330C3D220 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
18:14:23.0171 0x1218  NVHDA - ok
18:14:23.0546 0x1218  [ 5104BAC2DA2A5BDD86AC6B0708B00F06, A02501514F8517CB5A6CFE4352A3D0F864153470015589428A6B14477E791514 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:14:23.0811 0x1218  nvlddmkm - ok
18:14:23.0873 0x1218  [ 918841B2454F4F2BD94479692079490B, 16667315DE4EB5543E176273362791B157223E775ED1CF285330CC8195E0F1BB ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
18:14:23.0873 0x1218  nvpciflt - ok
18:14:23.0936 0x1218  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:14:23.0951 0x1218  nvraid - ok
18:14:23.0982 0x1218  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:14:23.0998 0x1218  nvstor - ok
18:14:24.0060 0x1218  [ DDFAFCE89A5C93D04712B86F94E9FCBA, 377303D4CAC9E3AD5B58894CF7AECDA4FCD3D721568BE8BACC0A897A0956919A ] NVSvc           C:\Windows\system32\nvvsvc.exe
18:14:24.0076 0x1218  NVSvc - ok
18:14:24.0185 0x1218  [ 84E035225474E48CD3A6A3CE52332095, C90E1BC112EDED3035F2D440DDA6FC838D5D9B5F0D7CBE5E4672FEB1CC49F449 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:14:24.0216 0x1218  nvUpdatusService - ok
18:14:24.0263 0x1218  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:14:24.0279 0x1218  nv_agp - ok
18:14:24.0310 0x1218  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:14:24.0372 0x1218  ohci1394 - ok
18:14:24.0404 0x1218  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:14:24.0435 0x1218  ose64 - ok
18:14:24.0622 0x1218  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:14:24.0731 0x1218  osppsvc - ok
18:14:24.0794 0x1218  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:14:24.0872 0x1218  p2pimsvc - ok
18:14:24.0903 0x1218  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:14:24.0950 0x1218  p2psvc - ok
18:14:24.0996 0x1218  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:14:25.0028 0x1218  Parport - ok
18:14:25.0074 0x1218  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:14:25.0090 0x1218  partmgr - ok
18:14:25.0121 0x1218  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:14:25.0184 0x1218  PcaSvc - ok
18:14:25.0230 0x1218  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:14:25.0262 0x1218  pci - ok
18:14:25.0293 0x1218  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:14:25.0308 0x1218  pciide - ok
18:14:25.0308 0x1218  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:14:25.0324 0x1218  pcmcia - ok
18:14:25.0340 0x1218  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:14:25.0355 0x1218  pcw - ok
18:14:25.0386 0x1218  [ 8570C04D9DBFDDD2CCF655DEB4D84715, FF2A810A1395EC134154528640152306425163EAB4A8E71D6F506758487D2B6D ] PDFsFilter      C:\Windows\system32\DRIVERS\PDFsFilter.sys
18:14:25.0402 0x1218  PDFsFilter - ok
18:14:25.0433 0x1218  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:14:25.0496 0x1218  PEAUTH - ok
18:14:25.0589 0x1218  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:14:25.0620 0x1218  PerfHost - ok
18:14:25.0730 0x1218  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:14:25.0792 0x1218  pla - ok
18:14:25.0854 0x1218  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:14:25.0932 0x1218  PlugPlay - ok
18:14:25.0964 0x1218  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:14:26.0010 0x1218  PNRPAutoReg - ok
18:14:26.0057 0x1218  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:14:26.0104 0x1218  PNRPsvc - ok
18:14:26.0151 0x1218  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:14:26.0198 0x1218  PolicyAgent - ok
18:14:26.0229 0x1218  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:14:26.0291 0x1218  Power - ok
18:14:26.0338 0x1218  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:14:26.0400 0x1218  PptpMiniport - ok
18:14:26.0447 0x1218  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:14:26.0463 0x1218  Processor - ok
18:14:26.0541 0x1218  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:14:26.0634 0x1218  ProfSvc - ok
18:14:26.0666 0x1218  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:14:26.0681 0x1218  ProtectedStorage - ok
18:14:26.0712 0x1218  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:14:26.0775 0x1218  Psched - ok
18:14:26.0790 0x1218  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
18:14:26.0806 0x1218  PxHlpa64 - ok
18:14:26.0837 0x1218  [ 0928BD20273625622722FE1DE5BBDE57, 5313C222F8810D3A62CCE64482B5E50E58BBE2A2C298A23C84A454C34324AC52 ] qicflt          C:\Windows\system32\DRIVERS\qicflt.sys
18:14:26.0837 0x1218  qicflt - ok
18:14:26.0931 0x1218  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:14:26.0978 0x1218  ql2300 - ok
18:14:27.0024 0x1218  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:14:27.0040 0x1218  ql40xx - ok
18:14:27.0087 0x1218  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:14:27.0118 0x1218  QWAVE - ok
18:14:27.0134 0x1218  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:14:27.0165 0x1218  QWAVEdrv - ok
18:14:27.0180 0x1218  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:14:27.0227 0x1218  RasAcd - ok
18:14:27.0274 0x1218  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:14:27.0321 0x1218  RasAgileVpn - ok
18:14:27.0321 0x1218  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:14:27.0383 0x1218  RasAuto - ok
18:14:27.0414 0x1218  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:14:27.0477 0x1218  Rasl2tp - ok
18:14:27.0508 0x1218  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
18:14:27.0570 0x1218  RasMan - ok
18:14:27.0617 0x1218  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:14:27.0695 0x1218  RasPppoe - ok
18:14:27.0726 0x1218  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:14:27.0789 0x1218  RasSstp - ok
18:14:27.0820 0x1218  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:14:27.0867 0x1218  rdbss - ok
18:14:27.0898 0x1218  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:14:27.0914 0x1218  rdpbus - ok
18:14:27.0945 0x1218  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:14:27.0976 0x1218  RDPCDD - ok
18:14:27.0992 0x1218  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:14:28.0054 0x1218  RDPENCDD - ok
18:14:28.0085 0x1218  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:14:28.0116 0x1218  RDPREFMP - ok
18:14:28.0163 0x1218  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:14:28.0210 0x1218  RdpVideoMiniport - ok
18:14:28.0241 0x1218  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:14:28.0304 0x1218  RDPWD - ok
18:14:28.0350 0x1218  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:14:28.0382 0x1218  rdyboost - ok
18:14:28.0444 0x1218  [ 86177A203F65E08FB91D53A6F2475363, 1316208F182ECCB2DCC848E8CE707456ED6F6CD21001386F160B61AF455EFAAA ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:14:28.0460 0x1218  RegSrvc - ok
18:14:28.0506 0x1218  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:14:28.0584 0x1218  RemoteAccess - ok
18:14:28.0600 0x1218  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:14:28.0678 0x1218  RemoteRegistry - ok
18:14:28.0694 0x1218  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:14:28.0772 0x1218  RpcEptMapper - ok
18:14:28.0803 0x1218  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:14:28.0818 0x1218  RpcLocator - ok
18:14:28.0850 0x1218  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
18:14:28.0912 0x1218  RpcSs - ok
18:14:28.0959 0x1218  [ 67999437480A1D0B96E5298CC609DF1B, 910F6E47EFCA3E16CDF7BB17AEFD3F28F309E6541F1100426B64CF9E75D0ABEE ] rspLLL          C:\Windows\system32\DRIVERS\rspLLL64.sys
18:14:28.0974 0x1218  rspLLL - ok
18:14:29.0037 0x1218  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:14:29.0099 0x1218  rspndr - ok
18:14:29.0162 0x1218  [ 3A50489C017292386C1C6CF6EB283F23, 42E2C75A83A45070BB548591B83C3744F5DF6BB3743221D0442C1BA23789AD5D ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
18:14:29.0177 0x1218  RtkAudioService - ok
18:14:29.0255 0x1218  [ F15623B73768C35A666BB5CDCEEF497F, 80C3C5A98A740D537C8634741FEA3A128108CE82A9D5CDE80FB57D6800DC7C3C ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:14:29.0271 0x1218  RTL8167 - ok
18:14:29.0286 0x1218  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
18:14:29.0302 0x1218  SamSs - ok
18:14:29.0349 0x1218  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:14:29.0364 0x1218  SASDIFSV - ok
18:14:29.0380 0x1218  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:14:29.0396 0x1218  SASKUTIL - ok
18:14:29.0474 0x1218  [ 495588414F5C62C333F1A69E17E5FB9F, F16FA9EE19BA1B519EBC371282F913FE0E42AEED226D149C6F37976466D61CA8 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
18:14:29.0489 0x1218  SbieDrv - ok
18:14:29.0505 0x1218  [ 099007B7A80E1917FFA110CE7785A3C9, 04B877099A151F226C378FB000185FA4B3CB96FF858ED2801A9440D7625F0E52 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
18:14:29.0520 0x1218  SbieSvc - ok
18:14:29.0567 0x1218  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:14:29.0583 0x1218  sbp2port - ok
18:14:29.0645 0x1218  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:14:29.0708 0x1218  SCardSvr - ok
18:14:29.0739 0x1218  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:14:29.0801 0x1218  scfilter - ok
18:14:29.0879 0x1218  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
18:14:29.0957 0x1218  Schedule - ok
18:14:29.0988 0x1218  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:14:30.0051 0x1218  SCPolicySvc - ok
18:14:30.0098 0x1218  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
18:14:30.0144 0x1218  sdbus - ok
18:14:30.0176 0x1218  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:14:30.0238 0x1218  SDRSVC - ok
18:14:30.0285 0x1218  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:14:30.0347 0x1218  secdrv - ok
18:14:30.0378 0x1218  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
18:14:30.0456 0x1218  seclogon - ok
18:14:30.0488 0x1218  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
18:14:30.0581 0x1218  SENS - ok
18:14:30.0597 0x1218  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:14:30.0659 0x1218  SensrSvc - ok
18:14:30.0706 0x1218  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:14:30.0722 0x1218  Serenum - ok
18:14:30.0737 0x1218  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:14:30.0753 0x1218  Serial - ok
18:14:30.0784 0x1218  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:14:30.0784 0x1218  sermouse - ok
18:14:30.0831 0x1218  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:14:30.0862 0x1218  SessionEnv - ok
18:14:30.0878 0x1218  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:14:30.0940 0x1218  sffdisk - ok
18:14:30.0956 0x1218  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:14:30.0987 0x1218  sffp_mmc - ok
18:14:30.0987 0x1218  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:14:31.0018 0x1218  sffp_sd - ok
18:14:31.0034 0x1218  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:14:31.0065 0x1218  sfloppy - ok
18:14:31.0127 0x1218  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:14:31.0205 0x1218  SharedAccess - ok
18:14:31.0268 0x1218  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:14:31.0314 0x1218  ShellHWDetection - ok
18:14:31.0346 0x1218  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:14:31.0361 0x1218  SiSRaid2 - ok
18:14:31.0377 0x1218  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:14:31.0408 0x1218  SiSRaid4 - ok
18:14:31.0408 0x1218  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:14:31.0470 0x1218  Smb - ok
18:14:31.0502 0x1218  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:14:31.0533 0x1218  SNMPTRAP - ok
18:14:31.0580 0x1218  [ F9369327409492097B0BB7CE86BD29DE, 7E9B7A9659A6971029E491C702C306E2078B8F5547FCF874FDA8BAD5898D5E25 ] Soluto          C:\Windows\system32\DRIVERS\Soluto.sys
18:14:31.0595 0x1218  Soluto - ok
18:14:31.0642 0x1218  [ 2246942EC1FF14529857C18E5C5B778F, 391949748A4A316489EA1F76D89544D58E523FC86C7207515814360E098F8847 ] SolutoLauncherService C:\Program Files\Soluto\SolutoLauncherService.exe
18:14:31.0658 0x1218  SolutoLauncherService - ok
18:14:31.0751 0x1218  [ 3BBA83F780CF49217D11090B31770DBA, 27F6AF138BF0524AB36DA81650F6A31049E5F3DD0C9BD54291DBF25F45A51EE8 ] SolutoRemoteService C:\Program Files\Soluto\SolutoRemoteService.exe
18:14:31.0829 0x1218  SolutoRemoteService - detected UnsignedFile.Multi.Generic ( 1 )
18:14:34.0559 0x1218  Detect skipped due to KSN trusted
18:14:34.0559 0x1218  SolutoRemoteService - ok
18:14:34.0637 0x1218  [ DAF98167366863FF2B784AE174F52749, 230C81EC287415ADB3C8B112002421A332416E3BCF59D836204BF1521D11B9DA ] SolutoService   C:\Program Files\Soluto\SolutoService.exe
18:14:34.0668 0x1218  SolutoService - ok
18:14:34.0715 0x1218  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:14:34.0731 0x1218  spldr - ok
18:14:34.0778 0x1218  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
18:14:34.0902 0x1218  Spooler - ok
18:14:35.0043 0x1218  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:14:35.0168 0x1218  sppsvc - ok
18:14:35.0214 0x1218  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:14:35.0308 0x1218  sppuinotify - ok
18:14:35.0355 0x1218  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:14:35.0417 0x1218  srv - ok
18:14:35.0433 0x1218  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:14:35.0480 0x1218  srv2 - ok
18:14:35.0511 0x1218  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:14:35.0542 0x1218  srvnet - ok
18:14:35.0558 0x1218  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:14:35.0636 0x1218  SSDPSRV - ok
18:14:35.0682 0x1218  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:14:35.0745 0x1218  SstpSvc - ok
18:14:35.0870 0x1218  [ F0359F7CE712D69ACEF0886BDB4792ED, 0E638A3F56B1C431A472469E2F47DABD0ABE1CC043FD1673B4CA6E984FE980CF ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:14:35.0885 0x1218  Stereo Service - ok
18:14:35.0932 0x1218  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:14:35.0932 0x1218  stexstor - ok
18:14:35.0994 0x1218  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\drivers\serscan.sys
18:14:36.0041 0x1218  StillCam - ok
18:14:36.0135 0x1218  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:14:36.0182 0x1218  stisvc - ok
18:14:36.0213 0x1218  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:14:36.0228 0x1218  swenum - ok
18:14:36.0291 0x1218  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:14:36.0353 0x1218  swprv - ok
18:14:36.0447 0x1218  [ 36F506C894E1EA59C65FAF6398BDF49A, 70B7CA69958796C3AFA1ACA4C3BF054CBFEE84DC73A55D395EFED4A80B5399A2 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
18:14:36.0478 0x1218  SynTP - ok
18:14:36.0572 0x1218  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
18:14:36.0650 0x1218  SysMain - ok
18:14:36.0712 0x1218  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:14:36.0743 0x1218  TabletInputService - ok
18:14:36.0774 0x1218  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:14:36.0821 0x1218  TapiSrv - ok
18:14:36.0852 0x1218  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:14:36.0915 0x1218  TBS - ok
18:14:36.0993 0x1218  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:14:37.0040 0x1218  Tcpip - ok
18:14:37.0086 0x1218  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:14:37.0133 0x1218  TCPIP6 - ok
18:14:37.0164 0x1218  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:14:37.0196 0x1218  tcpipreg - ok
18:14:37.0258 0x1218  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:14:37.0305 0x1218  TDPIPE - ok
18:14:37.0320 0x1218  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:14:37.0352 0x1218  TDTCP - ok
18:14:37.0398 0x1218  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:14:37.0445 0x1218  tdx - ok
18:14:37.0492 0x1218  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:14:37.0492 0x1218  TermDD - ok
18:14:37.0570 0x1218  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
18:14:37.0617 0x1218  TermService - ok
18:14:37.0648 0x1218  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
18:14:37.0679 0x1218  Themes - ok
18:14:37.0710 0x1218  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:14:37.0757 0x1218  THREADORDER - ok
18:14:37.0773 0x1218  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:14:37.0820 0x1218  TrkWks - ok
18:14:37.0882 0x1218  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:14:37.0960 0x1218  TrustedInstaller - ok
18:14:38.0007 0x1218  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:14:38.0038 0x1218  tssecsrv - ok
18:14:38.0054 0x1218  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:14:38.0085 0x1218  TsUsbFlt - ok
18:14:38.0116 0x1218  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:14:38.0163 0x1218  tunnel - ok
18:14:38.0210 0x1218  [ 825E7A1F48FB8BCFBA27C178AAB4E275, 94F039917B52BEFFFE383E14A6169AE81B6E79C30BA7DD017A9CFE15708A1605 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
18:14:38.0210 0x1218  TurboB - ok
18:14:38.0272 0x1218  [ B206BE1174D5964D49A56BB6C4E0524A, 9D7DA11220B69E2EDEA9E55EC0E4CB554DD7F638ABF49B76353CE5A5C75965B8 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:14:38.0303 0x1218  TurboBoost - ok
18:14:38.0350 0x1218  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:14:38.0366 0x1218  uagp35 - ok
18:14:38.0428 0x1218  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:14:38.0522 0x1218  udfs - ok
18:14:38.0569 0x1218  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:14:38.0584 0x1218  UI0Detect - ok
18:14:38.0615 0x1218  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:14:38.0631 0x1218  uliagpkx - ok
18:14:38.0662 0x1218  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:14:38.0709 0x1218  umbus - ok
18:14:38.0725 0x1218  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:14:38.0740 0x1218  UmPass - ok
18:14:38.0881 0x1218  [ CBDEE152D73200EE49031A26310B9D3E, 92E22235446F8DB3BFE97EDE7DE7D33F43EAC5957C5B41ACCEC4EBFD19BFF819 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:14:38.0943 0x1218  UNS - ok
18:14:38.0990 0x1218  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:14:39.0037 0x1218  upnphost - ok
18:14:39.0083 0x1218  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:14:39.0146 0x1218  usbaudio - ok
18:14:39.0193 0x1218  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:14:39.0255 0x1218  usbccgp - ok
18:14:39.0286 0x1218  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:14:39.0349 0x1218  usbcir - ok
18:14:39.0380 0x1218  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
18:14:39.0395 0x1218  usbehci - ok
18:14:39.0427 0x1218  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:14:39.0489 0x1218  usbhub - ok
18:14:39.0536 0x1218  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:14:39.0583 0x1218  usbohci - ok
18:14:39.0614 0x1218  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:14:39.0629 0x1218  usbprint - ok
18:14:39.0645 0x1218  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:14:39.0692 0x1218  USBSTOR - ok
18:14:39.0707 0x1218  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:14:39.0723 0x1218  usbuhci - ok
18:14:39.0754 0x1218  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
18:14:39.0801 0x1218  usbvideo - ok
18:14:39.0832 0x1218  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:14:39.0910 0x1218  UxSms - ok
18:14:39.0941 0x1218  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
18:14:39.0941 0x1218  VaultSvc - ok
18:14:39.0988 0x1218  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:14:40.0004 0x1218  vdrvroot - ok
18:14:40.0066 0x1218  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:14:40.0129 0x1218  vds - ok
18:14:40.0175 0x1218  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:14:40.0207 0x1218  vga - ok
18:14:40.0238 0x1218  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:14:40.0285 0x1218  VgaSave - ok
18:14:40.0300 0x1218  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:14:40.0316 0x1218  vhdmp - ok
18:14:40.0331 0x1218  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:14:40.0331 0x1218  viaide - ok
18:14:40.0347 0x1218  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:14:40.0363 0x1218  volmgr - ok
18:14:40.0378 0x1218  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:14:40.0394 0x1218  volmgrx - ok
18:14:40.0441 0x1218  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:14:40.0472 0x1218  volsnap - ok
18:14:40.0503 0x1218  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:14:40.0534 0x1218  vsmraid - ok
18:14:40.0628 0x1218  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:14:40.0721 0x1218  VSS - ok
18:14:40.0737 0x1218  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:14:40.0784 0x1218  vwifibus - ok
18:14:40.0815 0x1218  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:14:40.0846 0x1218  vwififlt - ok
18:14:40.0862 0x1218  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:14:40.0909 0x1218  vwifimp - ok
18:14:40.0987 0x1218  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:14:41.0049 0x1218  W32Time - ok
18:14:41.0080 0x1218  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:14:41.0127 0x1218  WacomPen - ok
18:14:41.0174 0x1218  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:14:41.0252 0x1218  WANARP - ok
18:14:41.0252 0x1218  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:14:41.0283 0x1218  Wanarpv6 - ok
18:14:41.0377 0x1218  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:14:41.0408 0x1218  WatAdminSvc - ok
18:14:41.0470 0x1218  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:14:41.0548 0x1218  wbengine - ok
18:14:41.0595 0x1218  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:14:41.0642 0x1218  WbioSrvc - ok
18:14:41.0689 0x1218  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:14:41.0735 0x1218  wcncsvc - ok
18:14:41.0751 0x1218  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:14:41.0813 0x1218  WcsPlugInService - ok
18:14:41.0860 0x1218  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:14:41.0876 0x1218  Wd - ok
18:14:41.0954 0x1218  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:14:41.0985 0x1218  Wdf01000 - ok
18:14:42.0016 0x1218  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:14:42.0125 0x1218  WdiServiceHost - ok
18:14:42.0125 0x1218  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:14:42.0141 0x1218  WdiSystemHost - ok
18:14:42.0188 0x1218  [ FE31110E39A0B11ABAE1BA43A2DC94F9, 5C520E0FB737A2113FB89F23FB1D36916980BBBD020638EEB04144C10A9D9522 ] wdkmd           C:\Windows\system32\DRIVERS\WDKMD.sys
18:14:42.0203 0x1218  wdkmd - ok
18:14:42.0250 0x1218  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
18:14:42.0281 0x1218  WebClient - ok
18:14:42.0297 0x1218  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:14:42.0375 0x1218  Wecsvc - ok
18:14:42.0406 0x1218  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:14:42.0453 0x1218  wercplsupport - ok
18:14:42.0469 0x1218  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:14:42.0531 0x1218  WerSvc - ok
18:14:42.0547 0x1218  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:14:42.0578 0x1218  WfpLwf - ok
18:14:42.0625 0x1218  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
18:14:42.0625 0x1218  WimFltr - ok
18:14:42.0656 0x1218  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:14:42.0671 0x1218  WIMMount - ok
18:14:42.0703 0x1218  WinDefend - ok
18:14:42.0718 0x1218  WinHttpAutoProxySvc - ok
18:14:42.0796 0x1218  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:14:42.0874 0x1218  Winmgmt - ok
18:14:42.0983 0x1218  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:14:43.0093 0x1218  WinRM - ok
18:14:43.0155 0x1218  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:14:43.0202 0x1218  WinUsb - ok
18:14:43.0264 0x1218  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:14:43.0342 0x1218  Wlansvc - ok
18:14:43.0373 0x1218  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:14:43.0389 0x1218  WmiAcpi - ok
18:14:43.0436 0x1218  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:14:43.0483 0x1218  wmiApSrv - ok
18:14:43.0514 0x1218  WMPNetworkSvc - ok
18:14:43.0545 0x1218  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:14:43.0576 0x1218  WPCSvc - ok
18:14:43.0607 0x1218  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:14:43.0654 0x1218  WPDBusEnum - ok
18:14:43.0685 0x1218  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:14:43.0779 0x1218  ws2ifsl - ok
18:14:43.0810 0x1218  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
18:14:43.0857 0x1218  wscsvc - ok
18:14:43.0904 0x1218  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
18:14:43.0951 0x1218  WSDPrintDevice - ok
18:14:43.0966 0x1218  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
18:14:43.0997 0x1218  WSDScan - ok
18:14:43.0997 0x1218  WSearch - ok
18:14:44.0138 0x1218  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:14:44.0185 0x1218  wuauserv - ok
18:14:44.0216 0x1218  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:14:44.0278 0x1218  WudfPf - ok
18:14:44.0309 0x1218  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:14:44.0325 0x1218  WUDFRd - ok
18:14:44.0356 0x1218  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:14:44.0387 0x1218  wudfsvc - ok
18:14:44.0434 0x1218  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:14:44.0512 0x1218  WwanSvc - ok
18:14:44.0699 0x1218  [ 3C61B6CCD838534E98552530A491EE04, 16F24EDF109404BB19BC2DAAF747CD7FCA0644378E66869C1085E1E083DC4D78 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
18:14:44.0762 0x1218  ZeroConfigService - ok
18:14:44.0777 0x1218  ================ Scan global ===============================
18:14:44.0840 0x1218  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:14:44.0887 0x1218  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:14:44.0902 0x1218  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:14:44.0933 0x1218  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:14:44.0965 0x1218  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
18:14:44.0980 0x1218  [ Global ] - ok
18:14:44.0980 0x1218  ================ Scan MBR ==================================
18:14:44.0996 0x1218  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:14:45.0979 0x1218  \Device\Harddisk0\DR0 - ok
18:14:45.0979 0x1218  ================ Scan VBR ==================================
18:14:45.0994 0x1218  [ 5878A84EB8AC7F34474D33147F22CE24 ] \Device\Harddisk0\DR0\Partition1
18:14:45.0994 0x1218  \Device\Harddisk0\DR0\Partition1 - ok
18:14:46.0025 0x1218  [ 595E2EC2D28B20466AF7AAFAD7BEC1DD ] \Device\Harddisk0\DR0\Partition2
18:14:46.0025 0x1218  \Device\Harddisk0\DR0\Partition2 - ok
18:14:46.0025 0x1218  Waiting for KSN requests completion. In queue: 109
18:14:47.0039 0x1218  Waiting for KSN requests completion. In queue: 109
18:14:48.0053 0x1218  Waiting for KSN requests completion. In queue: 109
18:14:49.0099 0x1218  AV detected via SS2: ESET Smart Security 7.0, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 7.0.302.0 ), 0x41000 ( enabled : updated )
18:14:49.0099 0x1218  FW detected via SS2: ESET Persoonlijke firewall, C:\Program Files\ESET\ESET Smart Security\ecmd.exe ( 7.0.302.0 ), 0x41010 ( enabled )
18:14:51.0844 0x1218  ============================================================
18:14:51.0844 0x1218  Scan finished
18:14:51.0844 0x1218  ============================================================
18:14:51.0844 0x0f88  Detected object count: 0
18:14:51.0844 0x0f88  Actual detected object count: 0
18:15:11.0204 0x0f9c  Deinitialize success
 
 
aswMBR
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-26 18:19:51
-----------------------------
18:19:51.192    OS Version: Windows x64 6.1.7601 Service Pack 1
18:19:51.192    Number of processors: 4 586 0x2505
18:19:51.192    ComputerName: TJ-PC  UserName: TJ
18:19:52.128    Initialize success
18:20:29.600    AVAST engine defs: 14012600
18:20:32.455    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:20:32.455    Disk 0 Vendor: TOSHIBA_ MC00 Size: 305245MB BusType: 3
18:20:32.611    Disk 0 MBR read successfully
18:20:32.611    Disk 0 MBR scan
18:20:32.627    Disk 0 Windows VISTA default MBR code
18:20:32.642    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
18:20:32.658    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
18:20:32.658    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       290204 MB offset 30801920
18:20:32.705    Disk 0 scanning C:\Windows\system32\drivers
18:20:50.067    Service scanning
18:21:24.200    Modules scanning
18:21:24.200    Disk 0 trace - called modules:
18:21:24.263    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
18:21:24.278    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800523a060]
18:21:24.294    3 CLASSPNP.SYS[fffff88001ad743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f43050]
18:21:25.136    AVAST engine scan C:\Windows
18:21:27.055    AVAST engine scan C:\Windows\system32
18:22:18.223    Disk 0 MBR has been saved successfully to "C:\Users\TJ\Desktop\MBR.dat"
18:22:18.223    The log file has been saved successfully to "C:\Users\TJ\Desktop\aswMBR.txt"


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 26 January 2014 - 03:54 PM

Hi Matt,

Let's get a peek at your Master Boot Record outside of running windows. Please do this.

===================================================

MBR Dump Using Farbar's Recvovery Scan Tool in the Recovery Environment

--------------------
  • From a working computer if necessary press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
SaveMbr: Drive=0
  • Insert the USB device into your infected computer
  • Follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Step 1 - Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:
  • If you are using Windows 8 consult [url=http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/[/*]
  • to enter System Recovery Command prompt and skp the next two options.
  • Option #2

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select English as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    Option #3

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select English as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next
    ----------

    Step 2 - Running Farbar's Recovery Scan Tool in System Recovery
    • Once you are in the System Recovery Options menu you will get the following options:

    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

    • Select Command Prompt
    • In the command window type in Notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select Computer and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      • Note: Replace letter e with the drive letter of your flash drive.
    • When the tool opens click Yes to disclaimer.
    • Press the Fix button just once and wait, the program will automatically launch fixlist.txt.
    • The tool will create a log on the USB called (MBRDUMP.txt)
    • Attach the file to your reply.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
    • Attached file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 - Cadence

- Cadence
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 26 January 2014 - 05:13 PM

Attached.  

 

Matt

 

On a side note, perhaps the information is of service or indicates infection: at the System Recovery Options menu selecting my user account I noticed an unfamiliair useraccount 'arxbvdzg'. Looking into it on my harddrive (c:) there is another there is another unsual user: 'unknown account' (S-1-5-21-1745408687 ... ), more numbers follow as it goes on for a bit.

Attached Files



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 26 January 2014 - 05:56 PM

HI Matt,

Thanks for the additional information. Could you please run RogueKiller again and post the log. In addition, run this for me.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 - Cadence

- Cadence
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 27 January 2014 - 12:08 PM

  • RogueKiller log

 

RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : TJ [Admin rights]
Mode : Remove -- Date : 01/27/2014 17:29:11
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3261GSY +++++
--- User ---
[MBR] 23ba349322ca4617e8bd883de228346d
[BSP] 2a0f0945c55488122ab84b66004042ff : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_01272014_172901.txt >>
RKreport[0]_S_01272014_172511.txt
 
 
  • Combofix log (partly in Dutch)
 
ComboFix 14-01-27.02 - TJ 27-01-2014  17:35:55.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.3828.2337 [GMT 1:00]
Gestart vanuit: c:\users\TJ\Desktop\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET Persoonlijke firewall *Enabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SecureW2
c:\program files (x86)\SecureW2\_uninstall.exe
c:\program files (x86)\SecureW2\SecureW2 TTLS Client\Uninstall.exe
c:\program files (x86)\SecureW2\sw2_res_default.bmp
c:\program files (x86)\SecureW2\sw2_rsaproxy.exe
c:\program files (x86)\SecureW2\sw2_service.exe
c:\program files (x86)\SecureW2\sw2_tray.exe
c:\program files (x86)\SecureW2\Uninstall.exe
c:\programdata\Roaming
c:\users\TJ\AppData\Local\Temp\_MEI59842\_ctypes.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\_elementtree.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\_hashlib.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\_multiprocessing.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\_socket.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\_ssl.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\pyexpat.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\pysqlite2._sqlite.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\python27.dll
c:\users\TJ\AppData\Local\Temp\_MEI59842\pythoncom27.dll
c:\users\TJ\AppData\Local\Temp\_MEI59842\PyWinTypes27.dll
c:\users\TJ\AppData\Local\Temp\_MEI59842\select.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\unicodedata.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\win32api.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\win32com.shell.shell.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\win32crypt.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\win32event.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\win32file.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\win32inet.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\win32pdh.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\win32pipe.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\win32process.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\win32profile.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\win32security.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\win32ts.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\windows._lib_cacheinvalidation.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\wx._controls_.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\wx._core_.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\wx._gdi_.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\wx._html2.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\wx._misc_.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\wx._windows_.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\wx._wizard.pyd
c:\users\TJ\AppData\Local\Temp\_MEI59842\wxbase294u_net_vc90.dll
c:\users\TJ\AppData\Local\Temp\_MEI59842\wxbase294u_vc90.dll
c:\users\TJ\AppData\Local\Temp\_MEI59842\wxmsw294u_adv_vc90.dll
c:\users\TJ\AppData\Local\Temp\_MEI59842\wxmsw294u_core_vc90.dll
c:\users\TJ\AppData\Local\Temp\_MEI59842\wxmsw294u_html_vc90.dll
c:\users\TJ\AppData\Local\Temp\_MEI59842\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-12-27 to 2014-01-27  ))))))))))))))))))))))))))))))
.
.
2014-01-27 16:43 . 2014-01-27 16:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-27 16:43 . 2014-01-27 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-27 16:43 . 2014-01-27 16:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-01-27 09:01 . 2014-01-27 09:01 -------- d-----w- c:\programdata\Oracle
2014-01-27 09:01 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 03:06 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 03:06 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 03:06 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 03:06 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 03:06 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 03:06 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 03:06 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 03:06 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 03:06 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-06 17:03 . 2014-01-24 22:21 -------- d-----w- C:\OLDGAMES
2014-01-06 16:53 . 2014-01-24 22:28 -------- d-----w- c:\program files (x86)\DOSBox-0.74
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 11:17 . 2012-04-26 20:21 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-19 11:17 . 2011-08-28 16:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-15 03:37 . 2011-06-10 15:49 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 05:13 . 2011-07-20 17:01 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-06 21:55 . 2013-12-06 21:55 362029 ----a-w- c:\windows\SysWow64\sqlite3.dll
2013-12-04 03:28 . 2014-01-24 08:44 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CDADFEC-7232-4C59-B200-604F80665C06}\mpengine.dll
2013-12-03 09:47 . 2013-05-08 08:06 57584 ----a-w- c:\windows\system32\iolobtdfg.exe
2013-12-03 09:47 . 2013-05-08 08:06 26184 ----a-w- c:\windows\system32\smrgdf.exe
2013-12-03 09:01 . 2013-12-11 16:06 2155152 ----a-w- c:\windows\system32\Incinerator64.dll
2013-12-03 09:01 . 2013-05-08 08:07 2097984 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2013-11-26 11:54 . 2013-12-11 23:10 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 23:10 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 23:10 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 23:10 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 23:10 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 23:10 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 23:10 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 23:10 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 23:10 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 23:10 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 23:10 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 23:10 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 23:10 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 23:10 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 23:10 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 23:10 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 23:10 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 23:10 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 23:10 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 23:10 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 23:10 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 23:10 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 23:10 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 23:10 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 12:10 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 12:10 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-13 15:02 . 2013-11-13 15:02 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-13 15:02 . 2013-11-13 15:02 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-13 15:02 . 2013-11-13 15:02 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-13 15:02 . 2013-11-13 15:02 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-13 15:02 . 2013-11-13 15:02 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-13 15:02 . 2013-11-13 15:02 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-13 15:02 . 2013-11-13 15:02 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-13 15:02 . 2013-11-13 15:02 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-13 15:02 . 2013-11-13 15:02 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-13 15:02 . 2013-11-13 15:02 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-13 15:02 . 2013-11-13 15:02 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-13 15:02 . 2013-11-13 15:02 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-13 15:02 . 2013-11-13 15:02 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-13 15:02 . 2013-11-13 15:02 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-13 15:02 . 2013-11-13 15:02 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-13 15:02 . 2013-11-13 15:02 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-13 15:02 . 2013-11-13 15:02 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-13 15:02 . 2013-11-13 15:02 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-13 15:02 . 2013-11-13 15:02 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-13 15:02 . 2013-11-13 15:02 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-13 15:02 . 2013-11-13 15:02 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-13 15:02 . 2013-11-13 15:02 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-13 15:02 . 2013-11-13 15:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-13 15:02 . 2013-11-13 15:02 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-13 15:02 . 2013-11-13 15:02 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-13 15:02 . 2013-11-13 15:02 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-13 15:02 . 2013-11-13 15:02 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-13 15:02 . 2013-11-13 15:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-13 15:02 . 2013-11-13 15:02 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-13 15:02 . 2013-11-13 15:02 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-13 15:02 . 2013-11-13 15:02 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-13 15:02 . 2013-11-13 15:02 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-13 15:02 . 2013-11-13 15:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-13 15:02 . 2013-11-13 15:02 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-13 15:02 . 2013-11-13 15:02 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-13 15:02 . 2013-11-13 15:02 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-13 15:02 . 2013-11-13 15:02 413696 ----a-w- c:\windows\system32\html.iec
2013-11-13 15:02 . 2013-11-13 15:02 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-13 15:02 . 2013-11-13 15:02 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-13 15:02 . 2013-11-13 15:02 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-13 15:02 . 2013-11-13 15:02 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-13 15:02 . 2013-11-13 15:02 235520 ----a-w- c:\windows\system32\url.dll
2013-11-13 15:02 . 2013-11-13 15:02 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-13 15:02 . 2013-11-13 15:02 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-13 15:02 . 2013-11-13 15:02 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-13 15:02 . 2013-11-13 15:02 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-13 15:02 . 2013-11-13 15:02 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-13 15:02 . 2013-11-13 15:02 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-13 15:02 . 2013-11-13 15:02 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-13 15:02 . 2013-11-13 15:02 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-13 15:02 . 2013-11-13 15:02 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-13 15:02 . 2013-11-13 15:02 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-13 15:02 . 2013-11-13 15:02 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-13 15:02 . 2013-11-13 15:02 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-13 15:02 . 2013-11-13 15:02 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-13 15:02 . 2013-11-13 15:02 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-13 15:02 . 2013-11-13 15:02 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-13 15:02 . 2013-11-13 15:02 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-13 15:02 . 2013-11-13 15:02 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-12 02:23 . 2013-12-11 12:10 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 12:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-11-04 12:56 . 2013-11-04 12:56 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-10-30 02:32 . 2013-12-11 12:10 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 12:10 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\01???\0\0NT Native Test\0#???\0\0NT Native Test\01????\0?????????`\0steld.\0\0????????????????????????????????????????????????????????????????????????????????????????\0hk\0\0?U?\0µ\0c:\windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\833f839df2fca5cf76d0bdb135d20cc94716d11a.HomeGroupClassifier\16f89e8119664049ee96e0d049ccacb8\grouping\edb.chk\0chk\0\0U???\0?\0A
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys;c:\windows\SYSNATIVE\DRIVERS\Soluto.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtuele adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
R3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 NUMARK_OMNICONTROL;Numark OMNI CONTROL USB driver;c:\windows\system32\Drivers\nkc2_usb.sys;c:\windows\SYSNATIVE\Drivers\nkc2_usb.sys [x]
R3 NUMARK_OMNICONTROL_MIDI;Numark OMNI CONTROL WDM MIDI Device;c:\windows\system32\drivers\nkc2midi.sys;c:\windows\SYSNATIVE\drivers\nkc2midi.sys [x]
R3 NUMARK_OMNICONTROL_WDM;Numark OMNI CONTROL WDM;c:\windows\system32\drivers\nkc2_wdm.sys;c:\windows\SYSNATIVE\drivers\nkc2_wdm.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys;c:\windows\SYSNATIVE\DRIVERS\rspLLL64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R4 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
R4 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
R4 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe;c:\program files\Soluto\SolutoLauncherService.exe [x]
R4 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe;c:\program files\Soluto\SolutoRemoteService.exe [x]
R4 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe;c:\program files\Soluto\SolutoService.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R4 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 19:33 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2014-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 11:17]
.
2013-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 20:10]
.
2014-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA1ceec99f1a2721b.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-03 20:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\TJ\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 14:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-02 415256]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-03-29 7174728]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-03-08 1278024]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5618456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = local
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Download met MiPony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
FF - ProfilePath - c:\users\TJ\AppData\Roaming\Mozilla\Firefox\Profiles\5m9xwpbw.default\
FF - prefs.js: browser.startup.homepage - hxxp://nl.msn.com/?pc=UP97&ocid=UP97DHP
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-SecureW2 Tray - c:\program files (x86)\SecureW2\sw2_tray.exe
SafeBoot-20830803.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-SecureW2 - c:\program files (x86)\SecureW2\_uninstall.exe
AddRemove-SecureW2 TTLS Client - c:\program files (x86)\SecureW2\SecureW2 TTLS Client\Uninstall.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1745408687-2731728178-474552998-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*o*r*g*_*c*o*e*n*-*b*r*o*t*h*e*r*s*-*­ÉÑr\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2014-01-27  17:51:04 - machine werd herstart
ComboFix-quarantined-files.txt  2014-01-27 16:51
.
Pre-Run: 129.006.309.376 bytes beschikbaar
Post-Run: 129.194.090.496 bytes beschikbaar
.
- - End Of File - - D2E82F2E516735453AB598EDF7601C2B


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,405 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:17 AM

Posted 27 January 2014 - 04:19 PM

Hi Matt,

I am not finding any evidence that your Master Boot Record is currently damaged or compromised. The RogueKiller log you posted looks fine.

Are you experiencing any issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users