Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think my PC is infected


  • This topic is locked This topic is locked
12 replies to this topic

#1 Adiga88

Adiga88

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 08 April 2014 - 01:25 AM

I'm sure that my pc is infected by some sort of maleware or rootkit, some stalker is targeting my pc and monitoring internet activity, creating folders on my desktop. My SSD drive space keeps increasing and decreasing at random by gigabytes without my permission

 

I tried runing DSS put I keep getting this error "DSS is not meant to run in compatibilty mode" I'm using windows 8.1 pro with bitdefender total security and comodo firewall.

 

Any help identifying the issue would be greatly appreciated


Edited by Adiga88, 08 April 2014 - 01:28 AM.


BC AdBot (Login to Remove)

 


m

#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:52 PM

Posted 08 April 2014 - 09:45 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Adiga88

Adiga88
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 08 April 2014 - 02:52 PM

Thank you for assisting me

 

FRST scan results

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Muhannad (administrator) on MUHANNAD-PEESEA on 08-04-2014 22:48:26
Running from C:\Users\Muhannad\Desktop
Windows 8.1 Pro (X64) OS Language: English(UK)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
() C:\Windows\SysWOW64\ASGT.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.03.03\AsusFanControlService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
() C:\Windows\System\3DG4me.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\odscanui.exe
(Microsoft Corporation) C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\odscanui.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\seccenter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\seccenter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\seccenter.exe
() C:\WINDOWS\SysWOW64\PnkBstrB.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7192792 2013-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1739480 2014-02-25] (Bitdefender)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-07-02] (Intel Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] - C:\WINDOWS\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [3DG4me] - C:\WINDOWS\System\3DG4me.exe [151552 2013-05-28] ()
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] - C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442200 2013-09-28] (Razer Inc.)
HKLM-x32\...\Run: [KeyScrambler] - C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [508144 2013-11-14] (QFX Software Corporation)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-02-07] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-02-07] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-02-07] (Bitdefender)
HKU\S-1-5-21-4089625715-2344423901-4217151236-1001\...\Run: [Bitdefender Wallet Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-02-07] (Bitdefender)
HKU\S-1-5-21-4089625715-2344423901-4217151236-1001\...\Run: [Bitdefender Wallet] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-02-07] (Bitdefender)
HKU\S-1-5-21-4089625715-2344423901-4217151236-1001\...\Run: [Bitdefender Wallet Application Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-02-07] (Bitdefender)
HKU\S-1-5-21-4089625715-2344423901-4217151236-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-4089625715-2344423901-4217151236-1001\...\Run: [uTorrent] - C:\Users\Muhannad\AppData\Roaming\uTorrent\uTorrent.exe [905296 2014-01-26] (BitTorrent Inc.)
HKU\S-1-5-21-4089625715-2344423901-4217151236-1001\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-03-27] (Electronic Arts)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6348C2AAE7D0CE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E19BC741-D9D3-45BA-9140-295AC0433DDE}: [NameServer]156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{E3D968D9-08AC-4E5E-9D2D-BBC48BF04992}: [NameServer]156.154.70.22,156.154.71.22

FireFox:
========
FF ProfilePath: C:\Users\Muhannad\AppData\Roaming\Mozilla\Firefox\Profiles\jmlp8w5v.default
FF user.js: detected! => C:\Users\Muhannad\AppData\Roaming\Mozilla\Firefox\Profiles\jmlp8w5v.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\Muhannad\AppData\Roaming\Mozilla\Firefox\Profiles\jmlp8w5v.default\searchplugins\zonealarm.xml
FF Extension: Reddit Enhancement Suite - C:\Users\Muhannad\AppData\Roaming\Mozilla\Firefox\Profiles\jmlp8w5v.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-03-28]
FF Extension: Google Translator for Firefox - C:\Users\Muhannad\AppData\Roaming\Mozilla\Firefox\Profiles\jmlp8w5v.default\Extensions\translator@zoli.bod.xpi [2014-01-12]
FF Extension: NoScript - C:\Users\Muhannad\AppData\Roaming\Mozilla\Firefox\Profiles\jmlp8w5v.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-01-12]
FF Extension: Adblock Plus - C:\Users\Muhannad\AppData\Roaming\Mozilla\Firefox\Profiles\jmlp8w5v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-12]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2014-03-29]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-10-01]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ []
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-10-01]

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Muhannad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-12]
CHR Extension: (Google Drive) - C:\Users\Muhannad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-12]
CHR Extension: (YouTube) - C:\Users\Muhannad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-12]
CHR Extension: (Bitdefender Wallet) - C:\Users\Muhannad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-01-12]
CHR Extension: (Google Search) - C:\Users\Muhannad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-12]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\Muhannad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2014-02-25]
CHR Extension: (Google Wallet) - C:\Users\Muhannad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-25]
CHR Extension: (Gmail) - C:\Users\Muhannad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-12]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.crx [2014-02-25]

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.03.03\AsusFanControlService.exe [1660728 2013-07-31] (ASUSTeK Computer Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-11-27] (Bitdefender)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6812400 2014-03-25] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-07-02] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-02-28] ()
R2 PnkBstrB; C:\WINDOWS\SysWOW64\PnkBstrB.exe [214392 2014-04-08] ()
S2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-16] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1507248 2014-02-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2013-01-08] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2012-05-07] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [21400 2013-01-28] (http://www.asmedia.com.tw)
R2 AsRamDisk; C:\Windows\system32\DRIVERS\asramdisk.sys [106296 2013-04-09] (Asus)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-01-27] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [261056 2013-10-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-01-27] (BitDefender)
S3 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [21456 2012-12-20] (Olof Lagerkvist)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2013-07-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-14] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-03-25] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [748272 2014-03-25] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [37560 2014-03-25] (COMODO)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-08-23] (BitDefender LLC)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127664 2014-03-25] (COMODO)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222200 2013-05-31] (QFX Software Corporation)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 Lycosa; C:\Windows\system32\drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 rzp1endpt; C:\Windows\System32\drivers\rzp1endpt.sys [39096 2013-09-13] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\drivers\rzvmouse.sys [30904 2013-09-13] (Razer Inc)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-08-07] (BitDefender S.R.L.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 USBADVAU; C:\Windows\system32\drivers\cm11264.sys [4121088 2012-11-29] (C-Media Electronics Inc)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
R4 IOMap; \??\C:\WINDOWS\system32\drivers\IOMap64.sys [X]
R3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.sys [X]
U3 aswMBR; \??\C:\Users\Muhannad\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-08 22:48 - 2014-04-08 22:48 - 00021764 _____ () C:\Users\Muhannad\Desktop\FRST.txt
2014-04-08 22:47 - 2014-04-08 22:48 - 00000000 ____D () C:\FRST
2014-04-08 22:46 - 2014-04-08 22:47 - 02157056 _____ (Farbar) C:\Users\Muhannad\Desktop\FRST64.exe
2014-04-08 08:33 - 2014-04-08 08:33 - 00075666 _____ () C:\Users\Public\Documents\SIGVERIF.TXT
2014-04-08 08:04 - 2014-04-08 09:20 - 00000000 ____D () C:\Users\Muhannad\AppData\Local\CrashDumps
2014-04-08 06:51 - 2014-04-08 06:51 - 00688992 _____ (Swearware) C:\Users\Muhannad\Downloads\dds.com
2014-04-08 06:41 - 2014-04-08 06:42 - 01426178 _____ () C:\Users\Muhannad\Downloads\AdwCleaner.exe
2014-04-08 06:41 - 2014-04-08 06:41 - 00019562 _____ () C:\Users\Muhannad\Desktop\RKreport[0]_D_04082014_064116.txt
2014-04-08 06:40 - 2014-04-08 06:40 - 00019513 _____ () C:\Users\Muhannad\Desktop\RKreport[0]_S_04082014_064003.txt
2014-04-08 06:36 - 2014-04-08 06:41 - 00000000 ____D () C:\Users\Muhannad\Desktop\RK_Quarantine
2014-04-08 06:36 - 2014-04-08 06:36 - 03972608 _____ () C:\Users\Muhannad\Downloads\RogueKiller.exe
2014-04-08 01:55 - 2014-04-08 01:55 - 04745728 _____ (AVAST Software) C:\Users\Muhannad\Downloads\aswmbr.exe
2014-04-08 01:16 - 2014-04-08 01:16 - 02347384 _____ (ESET) C:\Users\Muhannad\Downloads\esetsmartinstaller_enu.exe
2014-04-08 01:16 - 2014-04-08 01:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-07 23:09 - 2014-04-07 23:09 - 00000338 _____ () C:\WINDOWS\PFRO.log
2014-04-07 12:13 - 2014-04-07 12:13 - 00002022 _____ () C:\Users\Public\Desktop\Pandora Recovery.lnk
2014-04-07 12:13 - 2014-04-07 12:13 - 00000000 ____D () C:\Users\Muhannad\AppData\Roaming\PandoraRecovery
2014-04-07 12:13 - 2014-04-07 12:13 - 00000000 ____D () C:\Program Files (x86)\Pandora Recovery
2014-04-07 12:11 - 2014-04-07 12:11 - 00930952 _____ (CNET Download.com) C:\Users\Muhannad\Downloads\cbsidlm-cbsi183-Pandora_Recovery-BP-10694796.exe
2014-04-03 17:08 - 2014-04-04 03:42 - 00003060 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat
2014-04-03 17:08 - 2014-04-03 17:08 - 00000000 ___HD () C:\VTRoot
2014-03-31 00:08 - 2014-03-31 00:08 - 00000000 ____D () C:\Users\Muhannad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-03-31 00:08 - 2014-03-31 00:08 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2014-03-31 00:07 - 2014-03-31 00:08 - 00645729 _____ (WDS Team) C:\Users\Muhannad\Downloads\windirstat1_1_2_setup.exe
2014-03-29 12:12 - 2014-03-29 12:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-27 22:19 - 2014-03-28 00:52 - 00000000 ____D () C:\Users\Muhannad\AppData\Local\Origin
2014-03-22 14:47 - 2014-04-04 03:43 - 00000000 ____D () C:\WINDOWS\System32\Tasks\COMODO
2014-03-22 14:47 - 2014-04-03 17:07 - 00001963 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-03-22 14:47 - 2014-03-22 14:47 - 00003028 _____ () C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-03-22 14:46 - 2014-03-22 14:46 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-03-19 06:34 - 2014-03-19 06:34 - 00078162 _____ () C:\Users\Muhannad\Documents\cc_20140319_063404.reg
2014-03-19 06:32 - 2014-03-19 06:32 - 00002778 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-03-19 06:22 - 2014-03-19 06:32 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-19 06:21 - 2014-03-19 06:21 - 04765152 _____ (Piriform Ltd) C:\Users\Muhannad\Downloads\ccsetup411.exe
2014-03-19 02:51 - 2014-01-03 01:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-03-19 02:51 - 2013-12-27 10:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-03-19 02:51 - 2013-12-27 09:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-03-19 02:51 - 2013-12-27 08:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-03-19 02:50 - 2014-01-08 03:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-03-19 02:50 - 2014-01-08 03:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-03-19 02:50 - 2014-01-04 17:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-03-19 02:50 - 2014-01-04 17:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-03-19 02:50 - 2014-01-04 16:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-03-19 02:50 - 2014-01-04 15:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-03-19 02:50 - 2014-01-03 01:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-03-19 02:50 - 2014-01-01 03:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-03-19 02:50 - 2014-01-01 03:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-03-19 02:50 - 2014-01-01 02:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-03-19 02:50 - 2014-01-01 02:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-03-19 02:50 - 2014-01-01 01:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-03-19 02:50 - 2014-01-01 01:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-03-19 02:50 - 2014-01-01 01:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-03-19 02:50 - 2013-12-31 01:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-03-19 02:50 - 2013-12-31 01:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-03-19 02:50 - 2013-12-31 01:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-03-19 02:50 - 2013-12-31 01:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-03-19 02:50 - 2013-12-31 01:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-03-19 02:50 - 2013-12-27 17:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-03-19 02:50 - 2013-12-27 10:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-03-19 02:50 - 2013-12-27 10:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-03-19 02:50 - 2013-12-27 09:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-03-19 02:50 - 2013-12-21 09:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-03-19 02:50 - 2013-12-17 09:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-03-19 02:50 - 2013-12-14 08:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-03-19 02:50 - 2013-12-14 08:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-03-19 02:50 - 2013-12-13 12:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-03-19 02:50 - 2013-12-13 09:24 - 00121088 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2014-03-19 02:50 - 2013-12-13 08:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-03-19 02:50 - 2013-12-13 07:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-03-19 02:50 - 2013-12-09 10:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-03-19 02:50 - 2013-12-09 06:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-03-17 07:02 - 2014-03-17 07:02 - 00000404 __RSH () C:\ProgramData\ntuser.pol
2014-03-12 15:40 - 2014-03-16 15:38 - 00000000 ____D () C:\Users\Muhannad\AppData\Local\Overwolf
2014-03-12 15:40 - 2014-03-12 16:01 - 00000000 ____D () C:\Users\Muhannad\AppData\Roaming\TS3Client
2014-03-12 15:40 - 2014-03-12 15:40 - 00000000 ____D () C:\Users\Muhannad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-03-12 15:40 - 2014-03-12 15:40 - 00000000 ____D () C:\Users\Muhannad\AppData\Local\TeamSpeak 3 Client
2014-03-12 15:22 - 2014-03-12 15:39 - 32520760 _____ (TeamSpeak Systems GmbH) C:\Users\Muhannad\Downloads\TeamSpeak3-Client-win64-3.0.13.1.exe
2014-03-12 12:06 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-12 12:06 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-12 12:06 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-12 12:06 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-12 12:06 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-12 12:06 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-12 12:06 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-12 12:06 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-12 12:06 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-12 12:06 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-12 12:06 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-12 12:06 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-12 12:06 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-12 12:06 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-12 12:06 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-12 12:06 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-12 12:06 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-12 12:06 - 2014-02-22 14:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-12 12:06 - 2014-02-22 13:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-12 12:06 - 2014-01-31 18:15 - 00311640 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-12 12:06 - 2014-01-31 18:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-12 12:06 - 2014-01-31 18:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-12 12:06 - 2014-01-31 15:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-12 12:06 - 2014-01-31 11:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-12 12:06 - 2014-01-29 11:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-12 12:06 - 2014-01-29 10:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-12 12:06 - 2014-01-29 10:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-12 12:06 - 2014-01-29 10:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-12 12:06 - 2014-01-29 10:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-12 12:06 - 2014-01-29 09:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-12 12:06 - 2014-01-29 09:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-12 12:06 - 2014-01-29 09:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-12 12:06 - 2014-01-29 08:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-12 12:06 - 2014-01-29 02:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-12 12:06 - 2014-01-27 21:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-12 12:06 - 2014-01-27 21:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-12 12:06 - 2014-01-27 21:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-12 12:06 - 2014-01-27 20:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-12 12:06 - 2014-01-27 20:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-12 12:06 - 2014-01-27 20:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-12 12:06 - 2014-01-27 20:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-12 12:06 - 2014-01-27 20:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-12 12:06 - 2014-01-27 19:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-12 12:06 - 2014-01-27 19:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-12 12:06 - 2014-01-27 19:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-12 12:06 - 2014-01-27 17:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-12 12:06 - 2014-01-27 17:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-12 12:06 - 2014-01-27 13:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-12 12:06 - 2014-01-18 01:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-12 12:06 - 2014-01-17 23:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 12:06 - 2013-12-21 16:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-12 12:06 - 2013-12-21 10:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-12 12:06 - 2013-12-20 12:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-12 12:06 - 2013-12-20 12:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-12 12:05 - 2014-02-11 05:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-12 12:05 - 2014-02-11 04:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 12:05 - 2014-02-11 04:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-12 12:05 - 2013-10-31 02:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-12 12:05 - 2013-10-31 02:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-12 12:05 - 2013-10-31 02:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-11 12:42 - 2014-03-30 23:42 - 00000407 _____ () C:\WINDOWS\system32\checkdnsid.xml
2014-03-11 09:19 - 2014-03-11 09:20 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Muhannad\Downloads\tdsskiller.exe
2014-03-11 08:55 - 2014-03-11 08:55 - 00000000 ____D () C:\Users\Muhannad\AppData\Roaming\Malwarebytes
2014-03-11 08:55 - 2014-03-11 08:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 08:55 - 2014-03-11 08:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 08:55 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-11 08:50 - 2014-03-11 08:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Muhannad\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-10 10:49 - 2014-03-22 15:51 - 00000082 _____ () C:\WINDOWS\wininit.ini
2014-03-10 08:37 - 2014-03-10 08:37 - 00000935 _____ () C:\Users\Public\Desktop\TCPEye.lnk
2014-03-10 08:37 - 2014-03-10 08:37 - 00000000 ____D () C:\Program Files (x86)\TCPEye
2014-03-10 03:39 - 2014-03-10 03:39 - 00000000 ____D () C:\Users\Muhannad\Downloads\Bitdefender Safepay
2014-03-10 00:43 - 2013-11-04 17:38 - 00820736 _____ () C:\Users\Muhannad\Documents\pbsetup.exe

==================== One Month Modified Files and Folders =======

2014-04-08 22:48 - 2014-04-08 22:48 - 00021764 _____ () C:\Users\Muhannad\Desktop\FRST.txt
2014-04-08 22:48 - 2014-04-08 22:47 - 00000000 ____D () C:\FRST
2014-04-08 22:48 - 2013-10-01 23:11 - 00000021 _____ () C:\Users\Muhannad\AppData\Roaming\config_data.dat
2014-04-08 22:47 - 2014-04-08 22:46 - 02157056 _____ (Farbar) C:\Users\Muhannad\Desktop\FRST64.exe
2014-04-08 22:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-04-08 22:01 - 2014-01-18 05:59 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-08 21:53 - 2014-01-12 22:32 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 17:59 - 2013-10-01 04:52 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4089625715-2344423901-4217151236-1001
2014-04-08 17:53 - 2014-01-12 22:32 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 17:22 - 2013-10-29 08:20 - 01372646 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-08 13:25 - 2013-10-01 09:50 - 00214392 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-04-08 11:48 - 2013-10-01 09:50 - 00214392 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-04-08 09:20 - 2014-04-08 08:04 - 00000000 ____D () C:\Users\Muhannad\AppData\Local\CrashDumps
2014-04-08 08:33 - 2014-04-08 08:33 - 00075666 _____ () C:\Users\Public\Documents\SIGVERIF.TXT
2014-04-08 07:05 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-04-08 06:51 - 2014-04-08 06:51 - 00688992 _____ (Swearware) C:\Users\Muhannad\Downloads\dds.com
2014-04-08 06:42 - 2014-04-08 06:41 - 01426178 _____ () C:\Users\Muhannad\Downloads\AdwCleaner.exe
2014-04-08 06:41 - 2014-04-08 06:41 - 00019562 _____ () C:\Users\Muhannad\Desktop\RKreport[0]_D_04082014_064116.txt
2014-04-08 06:41 - 2014-04-08 06:36 - 00000000 ____D () C:\Users\Muhannad\Desktop\RK_Quarantine
2014-04-08 06:40 - 2014-04-08 06:40 - 00019513 _____ () C:\Users\Muhannad\Desktop\RKreport[0]_S_04082014_064003.txt
2014-04-08 06:36 - 2014-04-08 06:36 - 03972608 _____ () C:\Users\Muhannad\Downloads\RogueKiller.exe
2014-04-08 01:55 - 2014-04-08 01:55 - 04745728 _____ (AVAST Software) C:\Users\Muhannad\Downloads\aswmbr.exe
2014-04-08 01:22 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-04-08 01:16 - 2014-04-08 01:16 - 02347384 _____ (ESET) C:\Users\Muhannad\Downloads\esetsmartinstaller_enu.exe
2014-04-08 01:16 - 2014-04-08 01:16 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-07 23:15 - 2013-09-30 06:12 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-07 23:10 - 2013-11-07 20:21 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-07 23:10 - 2013-10-07 22:31 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-07 23:10 - 2013-10-01 22:32 - 00000000 ____D () C:\Users\Muhannad\AppData\Roaming\uTorrent
2014-04-07 23:10 - 2013-10-01 07:39 - 00000000 ____D () C:\ProgramData\Origin
2014-04-07 23:10 - 2013-10-01 07:04 - 01048576 _____ () C:\WINDOWS\PE_Rom.dll
2014-04-07 23:09 - 2014-04-07 23:09 - 00000338 _____ () C:\WINDOWS\PFRO.log
2014-04-07 23:09 - 2013-10-29 08:20 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-07 23:09 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-07 23:09 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-04-07 23:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\en-GB
2014-04-07 23:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-04-07 23:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\en-GB
2014-04-07 23:08 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-04-07 13:13 - 2013-10-01 22:32 - 00000000 ____D () C:\Users\Muhannad\AppData\Roaming\vlc
2014-04-07 12:13 - 2014-04-07 12:13 - 00002022 _____ () C:\Users\Public\Desktop\Pandora Recovery.lnk
2014-04-07 12:13 - 2014-04-07 12:13 - 00000000 ____D () C:\Users\Muhannad\AppData\Roaming\PandoraRecovery
2014-04-07 12:13 - 2014-04-07 12:13 - 00000000 ____D () C:\Program Files (x86)\Pandora Recovery
2014-04-07 12:11 - 2014-04-07 12:11 - 00930952 _____ (CNET Download.com) C:\Users\Muhannad\Downloads\cbsidlm-cbsi183-Pandora_Recovery-BP-10694796.exe
2014-04-07 05:11 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-04-06 03:16 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-04-05 11:25 - 2014-02-28 03:00 - 00000090 _____ () C:\Users\Muhannad\Desktop\java.txt
2014-04-05 11:14 - 2013-10-01 07:13 - 00000000 _____ () C:\WINDOWS\Path.idx
2014-04-05 11:04 - 2013-11-15 00:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-04 03:43 - 2014-03-22 14:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\COMODO
2014-04-04 03:42 - 2014-04-03 17:08 - 00003060 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat
2014-04-04 03:30 - 2013-11-13 08:36 - 00003966 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{31757B97-5FB2-43B6-9D25-9E4CCAA2FDDE}
2014-04-03 17:08 - 2014-04-03 17:08 - 00000000 ___HD () C:\VTRoot
2014-04-03 17:07 - 2014-03-22 14:47 - 00001963 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-03-31 00:08 - 2014-03-31 00:08 - 00000000 ____D () C:\Users\Muhannad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-03-31 00:08 - 2014-03-31 00:08 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2014-03-31 00:08 - 2014-03-31 00:07 - 00645729 _____ (WDS Team) C:\Users\Muhannad\Downloads\windirstat1_1_2_setup.exe
2014-03-30 23:42 - 2014-03-11 12:42 - 00000407 _____ () C:\WINDOWS\system32\checkdnsid.xml
2014-03-30 17:48 - 2014-01-12 22:32 - 00003906 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 17:48 - 2014-01-12 22:32 - 00003670 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 12:12 - 2014-03-29 12:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-29 10:54 - 2014-01-18 05:59 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-03-28 21:14 - 2013-10-01 06:15 - 00003576 _____ () C:\WINDOWS\System32\Tasks\Bitdefender Autoscan
2014-03-28 21:05 - 2013-11-04 13:05 - 00000000 ____D () C:\ProgramData\COMODO
2014-03-28 00:52 - 2014-03-27 22:19 - 00000000 ____D () C:\Users\Muhannad\AppData\Local\Origin
2014-03-25 21:22 - 2013-11-14 11:38 - 00748272 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdguard.sys
2014-03-25 21:22 - 2013-11-14 11:38 - 00043216 _____ (COMODO) C:\WINDOWS\system32\cmdcsr.dll
2014-03-25 21:22 - 2013-09-24 10:54 - 00127664 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2014-03-25 21:22 - 2013-09-24 10:54 - 00037560 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2014-03-25 21:22 - 2013-09-24 10:54 - 00023168 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2014-03-25 21:22 - 2013-09-24 10:53 - 00453680 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2014-03-25 21:22 - 2013-09-24 10:53 - 00363504 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2014-03-25 21:22 - 2013-09-24 10:53 - 00352984 _____ (COMODO) C:\WINDOWS\system32\cmdvrt64.dll
2014-03-25 21:22 - 2013-09-24 10:53 - 00284888 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdvrt32.dll
2014-03-25 21:22 - 2013-09-24 10:53 - 00045784 _____ (COMODO) C:\WINDOWS\system32\cmdkbd64.dll
2014-03-25 21:22 - 2013-09-24 10:53 - 00040664 _____ (COMODO) C:\WINDOWS\SysWOW64\cmdkbd32.dll
2014-03-25 13:16 - 2013-11-21 15:19 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-03-22 15:51 - 2014-03-10 10:49 - 00000082 _____ () C:\WINDOWS\wininit.ini
2014-03-22 15:51 - 2013-11-04 13:04 - 00000000 ____D () C:\Program Files (x86)\Comodo
2014-03-22 15:33 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-03-22 14:47 - 2014-03-22 14:47 - 00003028 _____ () C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3}
2014-03-22 14:47 - 2014-03-22 14:47 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-03-22 14:47 - 2013-11-04 13:04 - 00000000 ____D () C:\Program Files\COMODO
2014-03-22 14:46 - 2014-03-22 14:46 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-03-21 21:18 - 2014-02-23 16:54 - 00000000 ____D () C:\Users\Muhannad\Documents\eclipse
2014-03-19 06:34 - 2014-03-19 06:34 - 00078162 _____ () C:\Users\Muhannad\Documents\cc_20140319_063404.reg
2014-03-19 06:33 - 2013-12-13 05:45 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-19 06:33 - 2013-10-29 11:19 - 00000000 ___DC () C:\WINDOWS\Panther
2014-03-19 06:32 - 2014-03-19 06:32 - 00002778 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-03-19 06:32 - 2014-03-19 06:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-19 06:21 - 2014-03-19 06:21 - 04765152 _____ (Piriform Ltd) C:\Users\Muhannad\Downloads\ccsetup411.exe
2014-03-19 05:50 - 2013-10-01 05:31 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-19 05:49 - 2013-10-01 05:31 - 90015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-17 07:02 - 2014-03-17 07:02 - 00000404 __RSH () C:\ProgramData\ntuser.pol
2014-03-17 07:00 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-03-16 15:38 - 2014-03-12 15:40 - 00000000 ____D () C:\Users\Muhannad\AppData\Local\Overwolf
2014-03-16 15:37 - 2013-12-07 17:36 - 00000000 ___RD () C:\Users\Muhannad\SkyDrive
2014-03-12 16:19 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-12 16:19 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-12 16:19 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-12 16:19 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-12 16:19 - 2013-08-22 16:44 - 00353856 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-12 16:01 - 2014-03-12 15:40 - 00000000 ____D () C:\Users\Muhannad\AppData\Roaming\TS3Client
2014-03-12 15:40 - 2014-03-12 15:40 - 00000000 ____D () C:\Users\Muhannad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-03-12 15:40 - 2014-03-12 15:40 - 00000000 ____D () C:\Users\Muhannad\AppData\Local\TeamSpeak 3 Client
2014-03-12 15:39 - 2014-03-12 15:22 - 32520760 _____ (TeamSpeak Systems GmbH) C:\Users\Muhannad\Downloads\TeamSpeak3-Client-win64-3.0.13.1.exe
2014-03-12 11:15 - 2013-11-04 12:08 - 00007620 _____ () C:\Users\Muhannad\AppData\Local\Resmon.ResmonCfg
2014-03-11 09:20 - 2014-03-11 09:19 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Muhannad\Downloads\tdsskiller.exe
2014-03-11 08:55 - 2014-03-11 08:55 - 00000000 ____D () C:\Users\Muhannad\AppData\Roaming\Malwarebytes
2014-03-11 08:55 - 2014-03-11 08:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 08:55 - 2014-03-11 08:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 08:50 - 2014-03-11 08:50 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Muhannad\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-10 10:50 - 2013-10-01 04:30 - 00000000 ___RD () C:\Users\Muhannad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-10 08:37 - 2014-03-10 08:37 - 00000935 _____ () C:\Users\Public\Desktop\TCPEye.lnk
2014-03-10 08:37 - 2014-03-10 08:37 - 00000000 ____D () C:\Program Files (x86)\TCPEye
2014-03-10 03:39 - 2014-03-10 03:39 - 00000000 ____D () C:\Users\Muhannad\Downloads\Bitdefender Safepay
2014-03-10 00:47 - 2014-01-20 18:08 - 00000000 ____D () C:\Users\Muhannad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

Some content of TEMP:
====================
C:\Users\Muhannad\AppData\Local\Temp\GR.exe
C:\Users\Muhannad\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Muhannad\AppData\Local\Temp\RUVUQ.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 12:06] - [2014-01-31 18:15] - 0311640 ___AC (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-04-08 01:22

==================== End Of Log ============================


Edited by Adiga88, 08 April 2014 - 03:57 PM.


#4 Adiga88

Adiga88
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 08 April 2014 - 02:53 PM

And addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Muhannad at 2014-04-08 22:48:48
Running from C:\Users\Muhannad\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30488 - BitTorrent Inc.)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.55 - ASUSTeK Computer Inc.)
AIDA64 Extreme Edition v3.20 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.20 - FinalWire Ltd.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.9.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.9.2 - ASUSTek COMPUTER INC.) Hidden
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 17.19.0.831 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
COMODO Firewall (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.)
Corsair Link (HKLM-x32\...\{658EFB3F-8606-4576-8FEC-B0CED48F1E68}) (Version: 2.4.5065 - Corsair)
CPUID ROG CPU-Z 1.65 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.65 - CPUID, Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel® Network Connections 18.1.59.0 (Version: 18.1.59.0 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.0.1036 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.7.0.1036 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.3.0.0 - QFX Software Corporation)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MemTweakIt (HKLM-x32\...\{E51AAC3A-D66D-4912-B883-DAFBA249D10F}) (Version: 2.00.01 - ASUSTeK Computer Inc.)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA Control Panel 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3489 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.14.4 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
ROG RAMDisk (HKLM-x32\...\{DE8C1883-4F14-40DF-8C8C-376157ADF5A3}) (Version: 2.00.03 - ASUSTeK Computer Inc.)
Sennheiser 3D G4ME1 (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB6}) (Version: 1.00.0001 - )
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Sonic Radar (HKLM\...\{DD125B8B-6A76-4951-A6EC-069A322D5785}) (Version: 1.0.501 - ASUSTeKcomputer.Inc)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TCPEye 1.0 (HKLM-x32\...\{998C9435-DAF8-4BDF-B9A5-F844B01D524C}_is1) (Version:  - Free Software Relase)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wireshark 1.10.5 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.5 - The Wireshark developer community, http://www.wireshark.org)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {015E83B8-6FD6-45FB-A7F9-4852F5E71D42} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-12] (Google Inc.)
Task: {018AA894-23A7-4E74-B9E7-363ACCFA6BF2} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {135BE10F-77F5-4A52-AA65-334F55149DC0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-03-19] (Microsoft Corporation)
Task: {17949D73-85EF-4980-9DEF-C956654B4242} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3B90B8AA-8EE7-4548-A6E7-567B800F4BE9} - System32\Tasks\Bitdefender Autoscan => C:\Program Files\Bitdefender\Bitdefender\mtasklaunch.exe [2013-06-19] (Bitdefender)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {559C7B37-0AC8-4550-A0EA-74AB1470BAE4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-12] (Google Inc.)
Task: {60CFDBA9-F65F-4D81-8AD4-D14C05B88419} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {AD123C89-19D3-4E2A-8FCC-068839878CD2} - System32\Tasks\Start CorsairLINK Hardware Monitor => C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.exe [2013-07-08] (Corsair Components, Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D56F5AA2-86B6-4013-9C05-AAEB42E7D6EB} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2013-07-31] ()
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D98D527E-B9FB-4D66-ACB7-7F01FD0DAA12} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-25] (COMODO)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E9DAF0D2-D1C4-4D42-874C-11B7EB15D9C4} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)
Task: {F8221BE7-F9A7-4931-B910-CE234DA3847E} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-08-01] (ASUSTeK Computer Inc.)
Task: {FFC8D9C4-0E7A-4C3C-9963-141F283ADE2D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-29] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-29 08:20 - 2014-02-08 19:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-29 08:20 - 2012-10-29 09:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
2012-01-17 10:24 - 2012-01-17 10:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2013-10-01 09:50 - 2014-02-28 22:40 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-10-01 06:14 - 2013-06-19 13:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2013-10-01 06:56 - 2013-07-31 17:20 - 01225528 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2013-10-01 07:07 - 2013-06-21 12:01 - 00109848 _____ () C:\WINDOWS\SYSTEM32\AcpiServiceVnA64.dll
2013-11-10 18:37 - 2013-05-28 16:56 - 00151552 _____ () C:\Windows\System\3DG4me.exe
2013-10-01 06:15 - 2013-09-27 14:10 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2013-10-01 06:14 - 2011-11-14 21:17 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2013-10-01 06:15 - 2013-09-27 14:10 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-03-29 11:08 - 2014-03-29 11:08 - 00771328 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_015\ashttpbr.mdl
2014-03-29 11:08 - 2014-03-29 11:08 - 00568400 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_015\ashttpdsp.mdl
2014-03-29 11:08 - 2014-03-29 11:08 - 02593416 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_015\ashttpph.mdl
2014-03-29 11:08 - 2014-03-29 11:08 - 01317216 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00038_015\ashttprbl.mdl
2013-10-01 09:50 - 2014-04-08 13:25 - 00214392 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2013-10-29 08:20 - 2014-04-07 23:09 - 00033792 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2013-10-29 08:20 - 2012-05-07 18:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2013-10-01 23:11 - 2013-07-08 12:33 - 00140288 _____ () C:\Program Files (x86)\Corsair\Corsair Link\UsbClink.dll
2013-10-01 06:56 - 2013-07-31 17:20 - 00685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2013-10-01 06:56 - 2013-07-31 17:20 - 00825344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2013-10-01 06:56 - 2013-07-31 17:20 - 00765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2013-10-01 06:56 - 2013-07-31 17:20 - 00776704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2013-10-01 06:56 - 2013-07-31 17:20 - 00904704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\UsbPowerManager.dll
2013-11-10 18:37 - 2012-06-06 09:56 - 00143360 ____N () C:\Windows\System\3DG4me.dll
2013-10-01 06:14 - 2013-06-19 13:44 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2014-03-27 22:19 - 2014-03-27 22:19 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-03-27 22:19 - 2014-03-27 22:19 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-03-27 22:19 - 2014-03-27 22:19 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-03-27 22:19 - 2014-03-27 22:19 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-03-27 22:19 - 2014-03-27 22:19 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-03-27 22:19 - 2014-03-27 22:19 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-03-27 22:19 - 2014-03-27 22:19 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-03-27 22:19 - 2014-03-27 22:19 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-03-29 12:12 - 2014-03-29 12:12 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-01 06:14 - 2013-09-10 20:46 - 00035896 _____ () C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\components\ffpwdman.dll
2013-10-01 06:59 - 2013-03-12 14:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-03-24 16:14 - 2014-03-24 16:14 - 00289176 _____ () C:\Program Files (x86)\Battlelog Web Plugins\launcher-133.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Muhannad\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Muhannad\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\Muhannad\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\Muhannad\Downloads\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\aida64extreme320.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\aswmbr.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\cbsidlm-cbsi183-Pandora_Recovery-BP-10694796.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\ccsetup411.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\cfw_installer (1).exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\ChromeSetup.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\corsairlink-installer-rc-v2.4.5065.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\dds.com:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\esetsmartinstaller_enu.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\Firefox Setup Stub 25.0.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\KeyScrambler_Setup.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\LGS_8.50.281_x64_Logitech.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\mbam-setup-1.75.0.1300.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\Razer_Synapse_Framework_V1.14.04.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\RogueKiller.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\tdsskiller.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\TeamSpeak3-Client-win64-3.0.13.1.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\utorrent.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\vlc-2.1.0-win32.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\windirstat1_1_2_setup.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\winrar-x64-500.exe:BDU
AlternateDataStreams: C:\Users\Muhannad\Downloads\zafwSetupWeb_120_121_000.exe:BDU

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Microsoft Storage Spaces Controller
Description: Microsoft Storage Spaces Controller
Class Guid:
Manufacturer:
Service: spaceport
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom 802.11ac Network Adapter
Description: Broadcom 802.11ac Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2014 10:48:48 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].


Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 13
   Snapshot Context: 13
   Execution Context: Coordinator

Error: (04/08/2014 10:48:48 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 13
   Snapshot Context: 13
   Execution Context: Coordinator

Error: (04/08/2014 09:20:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: seccenter.exe, version: 17.26.0.1081, time stamp: 0x52e93257
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000038f0851
Faulting process ID: 0x4e8
Faulting application start time: 0xseccenter.exe0
Faulting application path: seccenter.exe1
Faulting module path: seccenter.exe2
Report ID: seccenter.exe3
Faulting package full name: seccenter.exe4
Faulting package-relative application ID: seccenter.exe5

Error: (04/08/2014 08:05:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process ID: 0xe60
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report ID: RootkitRevealer.exe3
Faulting package full name: RootkitRevealer.exe4
Faulting package-relative application ID: RootkitRevealer.exe5

Error: (04/08/2014 08:05:00 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (04/08/2014 08:04:08 AM) (Source: Application Error) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process ID: 0x10dc
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report ID: RootkitRevealer.exe3
Faulting package full name: RootkitRevealer.exe4
Faulting package-relative application ID: RootkitRevealer.exe5

Error: (04/08/2014 06:59:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: vsserv.exe, version: 17.26.0.1081, time stamp: 0x52e931aa
Faulting module name: ntdll.dll, version: 6.3.9600.16502, time stamp: 0x52c359e8
Exception code: 0xc0000374
Fault offset: 0x00000000000f387c
Faulting process ID: 0x3f0
Faulting application start time: 0xvsserv.exe0
Faulting application path: vsserv.exe1
Faulting module path: vsserv.exe2
Report ID: vsserv.exe3
Faulting package full name: vsserv.exe4
Faulting package-relative application ID: vsserv.exe5

Error: (04/08/2014 06:53:03 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (04/08/2014 02:29:29 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].


Operation:
   Obtain a callable interface for this provider
   Obtaining provider management interface

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: -1
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (04/08/2014 02:29:29 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Obtain a callable interface for this provider
   Obtaining provider management interface

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: -1
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}


System errors:
=============
Error: (04/08/2014 10:00:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/08/2014 07:00:12 AM) (Source: Service Control Manager) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).

Error: (04/08/2014 07:00:12 AM) (Source: DCOM) (User: MUHANNAD-PEESEA)
Description: 1068SafeBoxUnavailable{F681ABD0-41DE-46C8-9ED3-D0F4EBA19111}

Error: (04/08/2014 07:00:11 AM) (Source: DCOM) (User: MUHANNAD-PEESEA)
Description: 1068SafeBoxUnavailable{F681ABD0-41DE-46C8-9ED3-D0F4EBA19111}

Error: (04/08/2014 07:00:10 AM) (Source: DCOM) (User: MUHANNAD-PEESEA)
Description: 1068SafeBoxUnavailable{F681ABD0-41DE-46C8-9ED3-D0F4EBA19111}

Error: (04/08/2014 07:00:09 AM) (Source: DCOM) (User: MUHANNAD-PEESEA)
Description: 1068SafeBoxUnavailable{F681ABD0-41DE-46C8-9ED3-D0F4EBA19111}

Error: (04/08/2014 07:00:08 AM) (Source: DCOM) (User: MUHANNAD-PEESEA)
Description: 1068SafeBoxUnavailable{F681ABD0-41DE-46C8-9ED3-D0F4EBA19111}

Error: (04/08/2014 07:00:07 AM) (Source: DCOM) (User: MUHANNAD-PEESEA)
Description: 1068SafeBoxUnavailable{F681ABD0-41DE-46C8-9ED3-D0F4EBA19111}

Error: (04/08/2014 07:00:06 AM) (Source: DCOM) (User: MUHANNAD-PEESEA)
Description: 1068SafeBoxUnavailable{F681ABD0-41DE-46C8-9ED3-D0F4EBA19111}

Error: (04/08/2014 07:00:05 AM) (Source: DCOM) (User: MUHANNAD-PEESEA)
Description: 1068SafeBoxUnavailable{F681ABD0-41DE-46C8-9ED3-D0F4EBA19111}


Microsoft Office Sessions:
=========================
Error: (04/08/2014 10:48:48 PM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 13
   Snapshot Context: 13
   Execution Context: Coordinator

Error: (04/08/2014 10:48:48 PM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 13
   Snapshot Context: 13
   Execution Context: Coordinator

Error: (04/08/2014 09:20:49 AM) (Source: Application Error)(User: )
Description: seccenter.exe17.26.0.108152e93257unknown0.0.0.000000000c000000500000000038f08514e801cf52faf2c22358C:\Program Files\Bitdefender\Bitdefender\seccenter.exeunknown4efbd6e6-beee-11e3-bec8-ac220bc36252

Error: (04/08/2014 08:05:44 AM) (Source: Application Error)(User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cde6001cf52f0938ad7d7C:\Users\Muhannad\Desktop\RootkitRevealer.exeC:\Users\Muhannad\Desktop\RootkitRevealer.exed1595a08-bee3-11e3-bec8-ac220bc36252

Error: (04/08/2014 08:05:00 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\Muhannad\Downloads\esetsmartinstaller_enu.exe

Error: (04/08/2014 08:04:08 AM) (Source: Application Error)(User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cd10dc01cf52f0594f8313C:\Users\Muhannad\AppData\Local\Temp\Rar$EXa0.677\RootkitRevealer.exeC:\Users\Muhannad\AppData\Local\Temp\Rar$EXa0.677\RootkitRevealer.exe98740754-bee3-11e3-bec8-ac220bc36252

Error: (04/08/2014 06:59:45 AM) (Source: Application Error)(User: )
Description: vsserv.exe17.26.0.108152e931aantdll.dll6.3.9600.1650252c359e8c000037400000000000f387c3f001cf52a5a9dc2a9fC:\Program Files\Bitdefender\Bitdefender\vsserv.exeC:\WINDOWS\SYSTEM32\ntdll.dll9a188624-beda-11e3-bec8-ac220bc36252

Error: (04/08/2014 06:53:03 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\Muhannad\Downloads\esetsmartinstaller_enu.exe

Error: (04/08/2014 02:29:29 AM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
   Obtain a callable interface for this provider
   Obtaining provider management interface

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: -1
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (04/08/2014 02:29:29 AM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
   Obtain a callable interface for this provider
   Obtaining provider management interface

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: -1
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}


CodeIntegrity Errors:
===================================
  Date: 2014-04-08 22:47:30.668
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-08 14:54:27.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-08 08:44:46.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-07 23:09:44.605
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-05 11:56:31.299
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-05 11:41:59.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-05 11:35:38.883
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-05 11:15:36.535
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-05 11:09:00.227
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-04 20:25:24.288
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 25%
Total physical RAM: 16321.6 MB
Available physical RAM: 12092.23 MB
Total Pagefile: 18753.6 MB
Available Pagefile: 14063.01 MB



#5 Adiga88

Adiga88
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 08 April 2014 - 02:59 PM

TDSSKiller log

 

22:56:05.0526 0x4a00  TDSS rootkit removing tool 3.0.0.30 Apr  7 2014 15:39:12
22:56:09.0679 0x4a00  ============================================================
22:56:09.0679 0x4a00  Current date / time: 2014/04/08 22:56:09.0679
22:56:09.0679 0x4a00  SystemInfo:
22:56:09.0679 0x4a00  
22:56:09.0679 0x4a00  OS Version: 6.3.9600 ServicePack: 0.0
22:56:09.0679 0x4a00  Product type: Workstation
22:56:09.0679 0x4a00  ComputerName: MUHANNAD-PEESEA
22:56:09.0679 0x4a00  UserName: Muhannad
22:56:09.0680 0x4a00  Windows directory: C:\WINDOWS
22:56:09.0680 0x4a00  System windows directory: C:\WINDOWS
22:56:09.0680 0x4a00  Running under WOW64
22:56:09.0680 0x4a00  Processor architecture: Intel x64
22:56:09.0680 0x4a00  Number of processors: 8
22:56:09.0680 0x4a00  Page size: 0x1000
22:56:09.0680 0x4a00  Boot type: Normal boot
22:56:09.0680 0x4a00  ============================================================
22:56:09.0749 0x4a00  KLMD registered as C:\WINDOWS\system32\drivers\81812254.sys
22:56:09.0806 0x4a00  System UUID: {1943A8C8-7371-84AF-9C60-924A93009116}
22:56:10.0062 0x4a00  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:56:10.0064 0x4a00  ============================================================
22:56:10.0064 0x4a00  \Device\Harddisk0\DR0:
22:56:10.0064 0x4a00  MBR partitions:
22:56:10.0064 0x4a00  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
22:56:10.0064 0x4a00  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0xEDCC000
22:56:10.0064 0x4a00  ============================================================
22:56:10.0064 0x4a00  C: <-> \Device\Harddisk0\DR0\Partition2
22:56:10.0064 0x4a00  ============================================================
22:56:10.0064 0x4a00  Initialize success
22:56:10.0064 0x4a00  ============================================================
22:56:11.0793 0x34e8  ============================================================
22:56:11.0793 0x34e8  Scan started
22:56:11.0793 0x34e8  Mode: Manual;
22:56:11.0793 0x34e8  ============================================================
22:56:11.0793 0x34e8  KSN ping started
22:56:13.0088 0x34e8  KSN ping finished: true
22:56:13.0667 0x34e8  ================ Scan system memory ========================
22:56:13.0667 0x34e8  System memory - ok
22:56:13.0668 0x34e8  ================ Scan services =============================
22:56:13.0701 0x34e8  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
22:56:13.0706 0x34e8  1394ohci - ok
22:56:13.0717 0x34e8  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
22:56:13.0719 0x34e8  3ware - ok
22:56:13.0729 0x34e8  [ 3D30878A269D934100FA5F972E53AF39, 3D2D22D1A9D80DB94D6059C789FBD04DC945722B8644DF6DAA73D5713A10EC52 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
22:56:13.0735 0x34e8  ACPI - ok
22:56:13.0739 0x34e8  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
22:56:13.0740 0x34e8  acpiex - ok
22:56:13.0742 0x34e8  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
22:56:13.0742 0x34e8  acpipagr - ok
22:56:13.0744 0x34e8  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
22:56:13.0745 0x34e8  AcpiPmi - ok
22:56:13.0747 0x34e8  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
22:56:13.0747 0x34e8  acpitime - ok
22:56:13.0758 0x34e8  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:56:13.0761 0x34e8  AdobeFlashPlayerUpdateSvc - ok
22:56:13.0774 0x34e8  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
22:56:13.0783 0x34e8  ADP80XX - ok
22:56:13.0789 0x34e8  [ B19CA8E441D35AA2B1EE51C10B27DA1B, EBEB96EA44E665B2D4FCD1CC58621A20A17F036EA4A695340A2B65F94F69CDDC ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
22:56:13.0792 0x34e8  AeLookupSvc - ok
22:56:13.0802 0x34e8  [ 239268BAB58EAE9A3FF4E08334C00451, 13F927730DF9BAEDB3A7AB6F7238270A20E4CDEB3D5324A1C471DF2209F3D239 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
22:56:13.0809 0x34e8  AFD - ok
22:56:13.0812 0x34e8  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
22:56:13.0813 0x34e8  agp440 - ok
22:56:13.0816 0x34e8  [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
22:56:13.0817 0x34e8  ahcache - ok
22:56:13.0819 0x34e8  [ 4BFB41025FA1C37205EDEEFDE36F7771, EA171520C0C8DAFA3D656EC4815393F77096C1E22EC9F39756B52D1565483102 ] AiChargerPlus   C:\WINDOWS\syswow64\drivers\AiChargerPlus.sys
22:56:13.0820 0x34e8  AiChargerPlus - ok
22:56:13.0823 0x34e8  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\WINDOWS\System32\alg.exe
22:56:13.0824 0x34e8  ALG - ok
22:56:13.0828 0x34e8  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
22:56:13.0829 0x34e8  AmdK8 - ok
22:56:13.0832 0x34e8  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
22:56:13.0834 0x34e8  AmdPPM - ok
22:56:13.0837 0x34e8  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
22:56:13.0838 0x34e8  amdsata - ok
22:56:13.0843 0x34e8  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
22:56:13.0846 0x34e8  amdsbs - ok
22:56:13.0848 0x34e8  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
22:56:13.0849 0x34e8  amdxata - ok
22:56:13.0852 0x34e8  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
22:56:13.0853 0x34e8  AppID - ok
22:56:13.0855 0x34e8  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
22:56:13.0856 0x34e8  AppIDSvc - ok
22:56:13.0859 0x34e8  [ 7E790DE2487CEDB349D1750B9E47F090, EDA4A87EA2F89ABD174E9590DD46E70B9E7E4B35BDFC3ED90D79CD594F8CB2CD ] Appinfo         C:\WINDOWS\System32\appinfo.dll
22:56:13.0861 0x34e8  Appinfo - ok
22:56:13.0865 0x34e8  [ 8176FBA685178FB0F52D46693474FA50, 69FE3692C7FE24289A479ADD74F2C782B59A099B7B07FE5ACFC4DA899E40BFDE ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
22:56:13.0868 0x34e8  AppMgmt - ok
22:56:13.0876 0x34e8  [ 4B964AE0DF433A3BFA7BD24713BC2E9B, DC8933265E67E43CAE96EA64B146CB9067B536A4DA2C90EDCB38302BBFA1CE6B ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
22:56:13.0883 0x34e8  AppReadiness - ok
22:56:13.0902 0x34e8  [ 0B726D9ED75C787D6FFAF1E3873BCC70, DC3822B35FB65D53CC5D0E3982C326C5F47F0911BEB1F66DCC84A79C84621E1E ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
22:56:13.0918 0x34e8  AppXSvc - ok
22:56:13.0922 0x34e8  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
22:56:13.0924 0x34e8  arcsas - ok
22:56:13.0926 0x34e8  [ AA1A87CF0B150A765B55A671A32F992B, 5199FFCE84372B533AAA6841D5385F86415163AB8FB123DEFCCD915198895586 ] asahci64        C:\WINDOWS\system32\drivers\asahci64.sys
22:56:13.0927 0x34e8  asahci64 - ok
22:56:13.0941 0x34e8  [ 1A7A2CAC3B5AFABD6636B25DFE33CBAD, 0677FD0A6548E93320EF45B7EBD96F2FEA406790C68AA1F41623A1BFF8A1282E ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
22:56:13.0951 0x34e8  asComSvc - ok
22:56:13.0954 0x34e8  [ E536856E96A7605EBF580D62A868E5FE, 70D0F6ECB05E923C1B274605CB3320091D35D7622003FF7E4806645519C70F01 ] ASGT            C:\Windows\SysWOW64\ASGT.exe
22:56:13.0955 0x34e8  ASGT - ok
22:56:13.0969 0x34e8  [ 5F1091FA113607C9C9B2ECF4FBC76F37, F4406635C555A942242F40CACEC7EFD2FED47103C191CB3C2EDF21EE78C8122E ] asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
22:56:13.0979 0x34e8  asHmComSvc - ok
22:56:13.0985 0x34e8  [ EDAA17CE771C696655B6585F7CAD2100, 31F4C6A367AE384E97516CB24F9FCCAA4AA12AEF410CB0D06665EB8C3BBDC3EF ] ASInsHelp       C:\Windows\SysWow64\drivers\AsInsHelp64.sys
22:56:13.0986 0x34e8  ASInsHelp - ok
22:56:13.0989 0x34e8  [ FEF9DD9EA587F8886ADE43C1BEFBDAFE, DDE6F28B3F7F2ABBEE59D4864435108791631E9CB4CDFB1F178E5AA9859956D8 ] AsIO            C:\WINDOWS\syswow64\drivers\AsIO.sys
22:56:13.0990 0x34e8  AsIO - ok
22:56:13.0992 0x34e8  [ B022CF2FF6E5A7774DC796F68AD665B6, 0672ADCAF6B9AD0E4DD9B317BC688AD1A26CC259F74A0124DCD2271E4703E413 ] ASMTFilter      C:\WINDOWS\syswow64\drivers\asmtufdriver.sys
22:56:13.0992 0x34e8  ASMTFilter - ok
22:56:14.0010 0x34e8  [ 639D544E8151ABA0784D89FF3A2F647D, 7A54631BAC0F4AC89124A1EDC6AF0C61DF12E642DAAF27A17D568721B047C58E ] AsRamDisk       C:\WINDOWS\system32\DRIVERS\asramdisk.sys
22:56:14.0021 0x34e8  AsRamDisk - ok
22:56:14.0025 0x34e8  [ AD8947D621FDCA48F1F39F4624B60AA1, D685CD1A378FA411EA11C18615A1EC5D66CEC2F990DB0D4181EE3140B9DF3E8B ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
22:56:14.0027 0x34e8  AsSysCtrlService - ok
22:56:14.0029 0x34e8  [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO          C:\WINDOWS\syswow64\drivers\AsUpIO.sys
22:56:14.0029 0x34e8  AsUpIO - ok
22:56:14.0051 0x34e8  [ CDB97B95B26E568F3C727C8AAB124D5B, 07332EAAC64D8BAD44FCC675E0D5C22D00A7672EE301EB845B05C68AF248BF44 ] AsusFanControlService C:\Program Files (x86)\ASUS\AsusFanControlService\1.03.03\AsusFanControlService.exe
22:56:14.0068 0x34e8  AsusFanControlService - ok
22:56:14.0072 0x34e8  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
22:56:14.0073 0x34e8  atapi - ok
22:56:14.0077 0x34e8  [ 4903CBC14742B5AB4DCF7A92F7DEC483, B8491FDA1D1E767658ECC5C3C3DDFB3EB12A969F0F6ACF116C18300FF54075D5 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
22:56:14.0080 0x34e8  AudioEndpointBuilder - ok
22:56:14.0096 0x34e8  [ EF276593AD1BDF5A99032F62D6272848, 3961689B34A6BCD891FF48A044ABD184F5D7320AE882DF79E5ADC57B08205BA9 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
22:56:14.0108 0x34e8  Audiosrv - ok
22:56:14.0126 0x34e8  [ 636B15879AE62E47444F99C60C900AA6, 335B1378037B2CFEBDAA95B1ABB619A4C18C5CD37A12688E606E7A12BE31735C ] avc3            C:\WINDOWS\system32\DRIVERS\avc3.sys
22:56:14.0137 0x34e8  avc3 - ok
22:56:14.0143 0x34e8  [ 3B9549FEF98AB1768A1D6A919F355B70, 0014914051CB54CD7CC25561D29099A19DCFB2E1810FF635F9B6AD3D9C6FBC4B ] avchv           C:\WINDOWS\system32\DRIVERS\avchv.sys
22:56:14.0147 0x34e8  avchv - ok
22:56:14.0157 0x34e8  [ 14023A39BC91AC5A2077766D28EBA7C5, 855FEE69105438ADE79C9389E0581C62FE1D134863F8D6FA27DE83737E4B4213 ] avckf           C:\WINDOWS\system32\DRIVERS\avckf.sys
22:56:14.0165 0x34e8  avckf - ok
22:56:14.0168 0x34e8  [ 5CD957C3333C2874B86D8A19F6762D8F, 25BCDEBA318B1D8844ABA399990AC3ACB7EC88DC9ABCF81429DB865BE6029C60 ] AWEAlloc        C:\WINDOWS\system32\DRIVERS\awealloc.sys
22:56:14.0168 0x34e8  AWEAlloc - ok
22:56:14.0171 0x34e8  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
22:56:14.0173 0x34e8  AxInstSV - ok
22:56:14.0181 0x34e8  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
22:56:14.0187 0x34e8  b06bdrv - ok
22:56:14.0191 0x34e8  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
22:56:14.0192 0x34e8  BasicDisplay - ok
22:56:14.0194 0x34e8  [ 2748E116F8621A4DB0D39FCDD7318C01, DA2DEB7FE1D887B1EF5E2B5103270B72268D8ABDDA36C396627305C0BA90FC20 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
22:56:14.0195 0x34e8  BasicRender - ok
22:56:14.0199 0x34e8  [ 70433F7A216BD0B5EC7DA1202EE53E65, 12F3210EC5546714B34225770242F5CF4AC36032BB49A8E8989620BA274AC505 ] bcbtums         C:\WINDOWS\system32\drivers\bcbtums.sys
22:56:14.0202 0x34e8  bcbtums - ok
22:56:14.0307 0x34e8  [ 9A4EF701A4FC835F7DDD8956D930010F, 28A555B98098ECE47912C40A74CA92AFA76F51A711F2DEFF1A498FF212505F23 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys
22:56:14.0394 0x34e8  BCM43XX - ok
22:56:14.0430 0x34e8  [ 18B186BCC56EC611DE519CBA7D4F65B0, 6F2520AAFDAA4208717DCD121527911D580727C5A6B8C4C7F07C4155C4D8662D ] BcmBtRSupport   C:\WINDOWS\system32\BtwRSupportService.exe
22:56:14.0453 0x34e8  BcmBtRSupport - ok
22:56:14.0457 0x34e8  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
22:56:14.0458 0x34e8  bcmfn2 - ok
22:56:14.0462 0x34e8  [ B56C89AC51CDE54CBDC5E49B94ED54BF, 7EA4C4F838B498944F21E91640535B5507C00A71F2FBEA3A5E9E25900EE3C95D ] BdDesktopParental C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe
22:56:14.0464 0x34e8  BdDesktopParental - ok
22:56:14.0466 0x34e8  [ 3701D3BF4AC12EAACB1F58847C1D32FC, 29F3DA7E4C1706934BE92D03CB6F633C47D0251E5580958E823B6148DA5E5E73 ] bdelam          C:\WINDOWS\system32\drivers\bdelam.sys
22:56:14.0467 0x34e8  bdelam - ok
22:56:14.0473 0x34e8  [ BBE61A40665B83488901E41082A6097D, ADF750DB32E1295C57C03D587A60194529C8B83F90F433C3458288FB5E8F475B ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
22:56:14.0477 0x34e8  BDESVC - ok
22:56:14.0480 0x34e8  [ 78612E1E8D62AA1FDD56FAAE6A7C1BD6, E014BF19D38BA2C8C23E9B866DA36EBE92CA8D3F95D6CDD10F90B909F85B513C ] BdfNdisf        C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys
22:56:14.0482 0x34e8  BdfNdisf - ok
22:56:14.0484 0x34e8  [ 923E8216382E2F64EC8AADBA3C2CFFEE, 3811C5B18CEDCA3E7951950605B4A59301D5E2188E0752E26F1A1F8B868B8E13 ] bdfwfpf         C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
22:56:14.0486 0x34e8  bdfwfpf - ok
22:56:14.0489 0x34e8  [ C0247341C1BCD7FF2742821D0AD7AFBC, EC2B246F3233302DB540394AC0F11F294CA16FB9E44110126CC9807BAC20EA35 ] bdfwfpf_pc      C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys
22:56:14.0490 0x34e8  bdfwfpf_pc - ok
22:56:14.0493 0x34e8  [ B9ECE7FD9F58DAF19450C88338DC5267, 9857DFE0BDDEA791F2DDA99C24A064D488B52E4AC1402A37EF22C244C9283681 ] BDSandBox       C:\Windows\system32\drivers\bdsandbox.sys
22:56:14.0494 0x34e8  BDSandBox - ok
22:56:14.0497 0x34e8  [ F7F20DFE87C425221D8FCE77C5ED46AC, 3AE738763DDC896E0C723C5D7D270B52CD20B52EEE81DABED2C0D311356C7F04 ] BDVEDISK        C:\WINDOWS\system32\DRIVERS\bdvedisk.sys
22:56:14.0498 0x34e8  BDVEDISK - ok
22:56:14.0500 0x34e8  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
22:56:14.0501 0x34e8  Beep - ok
22:56:14.0513 0x34e8  [ 6468B696C65775D51A06615830E0E79D, CC4081B3A4895192B4796A745F0BCE8C9C3149B854A7B9BEF84668A2E1D074B5 ] BFE             C:\WINDOWS\System32\bfe.dll
22:56:14.0523 0x34e8  BFE - ok
22:56:14.0539 0x34e8  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\WINDOWS\System32\qmgr.dll
22:56:14.0552 0x34e8  BITS - ok
22:56:14.0556 0x34e8  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
22:56:14.0558 0x34e8  bowser - ok
22:56:14.0563 0x34e8  [ A6207A88B596F726DE558425F3B7E592, 126375CC8EA101E0878728323B7EAA69DC8699AC04470FB95D482B1025E0FFB2 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
22:56:14.0567 0x34e8  BrokerInfrastructure - ok
22:56:14.0570 0x34e8  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
22:56:14.0570 0x34e8  BthAvrcpTg - ok
22:56:14.0573 0x34e8  [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
22:56:14.0574 0x34e8  BthEnum - ok
22:56:14.0576 0x34e8  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
22:56:14.0577 0x34e8  BthHFEnum - ok
22:56:14.0580 0x34e8  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
22:56:14.0580 0x34e8  bthhfhid - ok
22:56:14.0586 0x34e8  [ FCD8BD17B7193CFFF18C332D1A381D7F, CD8A03086695F8FF2566697164D1FD1B60210C017220EFBD78CB12C38CD12BE1 ] BthLEEnum       C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
22:56:14.0588 0x34e8  BthLEEnum - ok
22:56:14.0591 0x34e8  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
22:56:14.0592 0x34e8  BTHMODEM - ok
22:56:14.0596 0x34e8  [ 3AFE71D80EDF5D4DE0C5731352905669, 3E370169B8C5D301954D1F1DA302F7A0DB2A034990E10B3D64458C48E5693205 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
22:56:14.0598 0x34e8  BthPan - ok
22:56:14.0619 0x34e8  [ 8458ECAB701EE385851C2559B71D1209, 0680031AFB5501C6D16F404CAA43C00C44C3213A790BB5570C9309BB9197C257 ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
22:56:14.0632 0x34e8  BTHPORT - ok
22:56:14.0636 0x34e8  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\WINDOWS\system32\bthserv.dll
22:56:14.0637 0x34e8  bthserv - ok
22:56:14.0641 0x34e8  [ 2C0B77176CD68F1F60510CDF36ADC401, 77990114F9D7B60F5D62122F4634DF89BE69EC56507DAD8C84417B9EC6B21E8D ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
22:56:14.0642 0x34e8  BTHUSB - ok
22:56:14.0646 0x34e8  [ 20C8EB70C0B179DF06A01CA503F4A824, 1C2DADCBC5D85C1D4F6A28B7F374C829E6DCE0EB720EBDA43CF6AC0AC934AA5E ] btwampfl        C:\WINDOWS\system32\DRIVERS\btwampfl.sys
22:56:14.0648 0x34e8  btwampfl - ok
22:56:14.0651 0x34e8  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
22:56:14.0652 0x34e8  cdfs - ok
22:56:14.0657 0x34e8  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
22:56:14.0659 0x34e8  cdrom - ok
22:56:14.0663 0x34e8  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
22:56:14.0665 0x34e8  CertPropSvc - ok
22:56:14.0668 0x34e8  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
22:56:14.0669 0x34e8  circlass - ok
22:56:14.0675 0x34e8  [ 7F006813C2AFE622C13D7AF94F56CD07, 9F4AEEE19B44F4117BE036F1475CE2E91ED740EB7D8D38364F9724517F777482 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
22:56:14.0679 0x34e8  CLFS - ok
22:56:14.0686 0x34e8  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
22:56:14.0686 0x34e8  CmBatt - ok
22:56:14.0771 0x34e8  [ 1C41DCC53A3F02912EA9BC06005FBD53, C871C4DEB74AA46D841C28F21D8C349CAA340F1672CB0CEB035BA8B2768E36A0 ] cmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
22:56:14.0852 0x34e8  cmdAgent - ok
22:56:14.0859 0x34e8  [ 722F90E20B82F1230E30118A7087DA22, 83509935FAAD151C484979315E817BE7A2EC631AE899F7D5CB3A61371A2033E1 ] cmderd          C:\WINDOWS\system32\DRIVERS\cmderd.sys
22:56:14.0860 0x34e8  cmderd - ok
22:56:14.0872 0x34e8  [ 8546B6A222018110F18DC750BBC22904, B3B806081CDACFDD3409C60FAE5DFCB9E4B7A9F2A0E3E2CFA4ED841862CE9972 ] cmdGuard        C:\WINDOWS\system32\DRIVERS\cmdguard.sys
22:56:14.0881 0x34e8  cmdGuard - ok
22:56:14.0884 0x34e8  [ E4A197D25C275CECA90A5DF8E8D87FE4, CBF860D600124FB6AFBBD9E23D85B7B4C99C27EE1E948EB70CCE98A671378113 ] cmdhlp          C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
22:56:14.0885 0x34e8  cmdhlp - ok
22:56:14.0915 0x34e8  [ E621EC50B1A85D875904CC0741F03D16, 644077BC4560DA3E8EEAD93170A0E1B7D67293338280A34315BED4A684D42EEB ] cmdvirth        C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
22:56:14.0942 0x34e8  cmdvirth - ok
22:56:14.0953 0x34e8  [ 825BE21E6395E00698D8A23955A87972, 303F10C3BA72ABB3BA27D08968B10E8EB03FFB6951943B0E9DD35CF48BB72578 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
22:56:14.0960 0x34e8  CNG - ok
22:56:14.0964 0x34e8  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
22:56:14.0964 0x34e8  CompositeBus - ok
22:56:14.0966 0x34e8  COMSysApp - ok
22:56:14.0968 0x34e8  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
22:56:14.0969 0x34e8  condrv - ok
22:56:14.0973 0x34e8  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
22:56:14.0975 0x34e8  CryptSvc - ok
22:56:14.0984 0x34e8  [ EE2F3C0D6ADBC975D6B621EC15ACF4E2, D158C0FACA6344BCD77616EC3D23212F9FD76D7D0C834ACA51998B80162106D5 ] CSC             C:\WINDOWS\system32\drivers\csc.sys
22:56:14.0991 0x34e8  CSC - ok
22:56:15.0003 0x34e8  [ 936D9E2871CEEFF6A33695D98374367B, C30D42E870F196C4FA20AF95C7B9D9C9C5414D6DDE71268F88C3FC5BF372E61B ] CscService      C:\WINDOWS\System32\cscsvc.dll
22:56:15.0013 0x34e8  CscService - ok
22:56:15.0016 0x34e8  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
22:56:15.0017 0x34e8  dam - ok
22:56:15.0029 0x34e8  [ 3FD5AE42EC87C6F532A931F96BE731DD, 8282823022391ACF65E23F461FCE5CAFFB5ADC077647FEF80B91BC4BC31EDFE2 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
22:56:15.0038 0x34e8  DcomLaunch - ok
22:56:15.0047 0x34e8  [ F4CCAADC2C78F57E4F16B24C9201CE22, B76A5C487A814CB986FE8CC398FB7493C9EAB9ACC933A3C35384FA447092EF00 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
22:56:15.0053 0x34e8  defragsvc - ok
22:56:15.0060 0x34e8  [ 0BC71D4D3B5883903C37BF4E13B0F0C5, C5EC2AD001FB7E72D3D12DBADFE01C308ACCB7426E0B90CCB3ECE2DE49D5E7D4 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
22:56:15.0065 0x34e8  DeviceAssociationService - ok
22:56:15.0069 0x34e8  [ 752A457320A946E03C3AA86C3ACD735E, 63946150581532D862F4220606E74FFC479209E1A36CD57AA78AC4AE34A26F49 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
22:56:15.0072 0x34e8  DeviceInstall - ok
22:56:15.0076 0x34e8  [ 5DB26D7E0216D0BF364A81D3829AD7B9, FD786D530EA9ADBCB48782FE091E926505A83F2BF3B4181A3D4EDFAA991C4E5E ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
22:56:15.0078 0x34e8  Dfsc - ok
22:56:15.0085 0x34e8  [ 8B107F55FD61654A6C9F1B819AEC5FC4, 773B1B9D3583F17B7C89BDE1EC4487ABB0AE039DF4583F8746460425443DA291 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
22:56:15.0090 0x34e8  Dhcp - ok
22:56:15.0093 0x34e8  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
22:56:15.0095 0x34e8  disk - ok
22:56:15.0097 0x34e8  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
22:56:15.0098 0x34e8  dmvsc - ok
22:56:15.0103 0x34e8  [ 5BAF7714E68F93515A937A3FA8587EF9, DD9296F75341EF96D514139DD8A8680B332E9B9D476368AB897FDA2D5D674E60 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
22:56:15.0106 0x34e8  Dnscache - ok
22:56:15.0112 0x34e8  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
22:56:15.0115 0x34e8  dot3svc - ok
22:56:15.0120 0x34e8  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\WINDOWS\system32\dps.dll
22:56:15.0122 0x34e8  DPS - ok
22:56:15.0125 0x34e8  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
22:56:15.0125 0x34e8  drmkaud - ok
22:56:15.0131 0x34e8  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
22:56:15.0134 0x34e8  DsmSvc - ok
22:56:15.0156 0x34e8  [ 13B160C1913F012BD1615EB1398D3779, 2B5786AAEC845156D28ABDAA77347844D39F33DF53F2C96ACEF38A668ADFF422 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
22:56:15.0173 0x34e8  DXGKrnl - ok
22:56:15.0182 0x34e8  [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress      C:\WINDOWS\system32\DRIVERS\e1i63x64.sys
22:56:15.0186 0x34e8  e1iexpress - ok
22:56:15.0190 0x34e8  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
22:56:15.0192 0x34e8  Eaphost - ok
22:56:15.0235 0x34e8  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
22:56:15.0275 0x34e8  ebdrv - ok
22:56:15.0280 0x34e8  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\WINDOWS\System32\lsass.exe
22:56:15.0282 0x34e8  EFS - ok
22:56:15.0285 0x34e8  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
22:56:15.0286 0x34e8  EhStorClass - ok
22:56:15.0289 0x34e8  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
22:56:15.0291 0x34e8  EhStorTcgDrv - ok
22:56:15.0293 0x34e8  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
22:56:15.0294 0x34e8  ErrDev - ok
22:56:15.0303 0x34e8  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\WINDOWS\system32\es.dll
22:56:15.0309 0x34e8  EventSystem - ok
22:56:15.0318 0x34e8  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
22:56:15.0321 0x34e8  exfat - ok
22:56:15.0328 0x34e8  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
22:56:15.0333 0x34e8  fastfat - ok
22:56:15.0335 0x34e8  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
22:56:15.0336 0x34e8  fdc - ok
22:56:15.0338 0x34e8  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
22:56:15.0339 0x34e8  fdPHost - ok
22:56:15.0341 0x34e8  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
22:56:15.0342 0x34e8  FDResPub - ok
22:56:15.0346 0x34e8  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
22:56:15.0348 0x34e8  fhsvc - ok
22:56:15.0350 0x34e8  [ 957A7A8F5ACCAF23DD9DFF6DAA393CE5, 85D1AC25CF8056FF303930A7E18DE5F7C3AEE429272CB791BD6F81F1DAFB7D8A ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
22:56:15.0351 0x34e8  FileInfo - ok
22:56:15.0353 0x34e8  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
22:56:15.0354 0x34e8  Filetrace - ok
22:56:15.0356 0x34e8  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
22:56:15.0357 0x34e8  flpydisk - ok
22:56:15.0363 0x34e8  [ 60D5067FCE6D9433D35E04C01D8538B3, 2D97E9E8FF18CF564DE8E70F68B56F0177DC6C0E9EEB7E1C58BBDF42456CB0D8 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
22:56:15.0367 0x34e8  FltMgr - ok
22:56:15.0386 0x34e8  [ 183CA7699474FDE235853967D1DA4D9B, 8FBD5997F1E39AFFD8C4322520DF4D2227279B5149017D825C188D7411BA99AF ] FontCache       C:\WINDOWS\system32\FntCache.dll
22:56:15.0402 0x34e8  FontCache - ok
22:56:15.0406 0x34e8  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:56:15.0407 0x34e8  FontCache3.0.0.0 - ok
22:56:15.0409 0x34e8  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
22:56:15.0410 0x34e8  FsDepends - ok
22:56:15.0412 0x34e8  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:56:15.0412 0x34e8  Fs_Rec - ok
22:56:15.0422 0x34e8  [ 83E1F0983B02A6F8EC764D18E24ECF10, B5CA3FCB442697681C513FB37C6BB74D7A72B67DC65E2FCA93A7F9E81B63EAAC ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
22:56:15.0428 0x34e8  fvevol - ok
22:56:15.0431 0x34e8  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
22:56:15.0431 0x34e8  FxPPM - ok
22:56:15.0434 0x34e8  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
22:56:15.0435 0x34e8  gagp30kx - ok
22:56:15.0445 0x34e8  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
22:56:15.0445 0x34e8  gencounter - ok
22:56:15.0457 0x34e8  [ FDA72810CA2F8409D9B31E833C448E34, FC24350E875D2AF2A41DB5EF0BFE4F876DADEACCC0B34B9B9C9B2CA185CBAE87 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
22:56:15.0468 0x34e8  GPIOClx0101 - ok
22:56:15.0494 0x34e8  [ 0BDE0FCF597E9B65600121EF54FF8340, DA5C96E84E05AD09251C82B4BFEDE274342409803730CEBF24EEAD0DCD42DA7E ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
22:56:15.0516 0x34e8  gpsvc - ok
22:56:15.0521 0x34e8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:56:15.0523 0x34e8  gupdate - ok
22:56:15.0527 0x34e8  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:56:15.0528 0x34e8  gupdatem - ok
22:56:15.0534 0x34e8  [ 0A9D58AABD01DA97B1D101473EFA7659, C18EA4F5BF569C230AD682A418F69B6E4209AD467BCCBDABD0515DBB582BF04B ] gzflt           C:\WINDOWS\system32\DRIVERS\gzflt.sys
22:56:15.0536 0x34e8  gzflt - ok
22:56:15.0539 0x34e8  [ 03909BDBFF0DCACCABF2B2D4ADEE44DC, 42E631B23BB004F5C2128BAD334C21AB20FAD08AFED9E8191AE9373531BC73DD ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
22:56:15.0540 0x34e8  HDAudBus - ok
22:56:15.0542 0x34e8  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
22:56:15.0543 0x34e8  HidBatt - ok
22:56:15.0547 0x34e8  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
22:56:15.0550 0x34e8  HidBth - ok
22:56:15.0553 0x34e8  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
22:56:15.0553 0x34e8  hidi2c - ok
22:56:15.0557 0x34e8  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
22:56:15.0558 0x34e8  HidIr - ok
22:56:15.0562 0x34e8  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\WINDOWS\system32\hidserv.dll
22:56:15.0563 0x34e8  hidserv - ok
22:56:15.0567 0x34e8  [ F31397220D9687E11EB448649AA6E038, 671ACEAA8E00E0D4ED7E33D06A4558121DA4F56EB94F1CBC16FEB2EF3852F7A5 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
22:56:15.0568 0x34e8  HidUsb - ok
22:56:15.0572 0x34e8  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
22:56:15.0574 0x34e8  hkmsvc - ok
22:56:15.0581 0x34e8  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
22:56:15.0585 0x34e8  HomeGroupListener - ok
22:56:15.0593 0x34e8  [ BE5F89BAFBD4272D5A0C0A37B97865ED, 2F80CE6D123FEED9FA7B00ACF7547FF77E0E6FDC5243942E83BE308C46D414C6 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
22:56:15.0600 0x34e8  HomeGroupProvider - ok
22:56:15.0604 0x34e8  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
22:56:15.0605 0x34e8  HpSAMD - ok
22:56:15.0620 0x34e8  [ 3502776E366C913D49C0DA928AE3E6CB, 3FB452F640B78AEDFBC09188F25C566949660163732A180331226A93DB08F26C ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
22:56:15.0633 0x34e8  HTTP - ok
22:56:15.0636 0x34e8  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
22:56:15.0636 0x34e8  hwpolicy - ok
22:56:15.0638 0x34e8  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
22:56:15.0639 0x34e8  hyperkbd - ok
22:56:15.0641 0x34e8  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
22:56:15.0641 0x34e8  HyperVideo - ok
22:56:15.0645 0x34e8  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
22:56:15.0647 0x34e8  i8042prt - ok
22:56:15.0648 0x34e8  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
22:56:15.0649 0x34e8  iaLPSSi_GPIO - ok
22:56:15.0652 0x34e8  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
22:56:15.0653 0x34e8  iaLPSSi_I2C - ok
22:56:15.0664 0x34e8  [ 7294C19965ED656DF7AD00FC54EAAC44, C3AF08E31C1CE94CDB50497EED86A0DD536E56BE7B1C26E7D18356D1B7EA5AE6 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
22:56:15.0671 0x34e8  iaStorA - ok
22:56:15.0685 0x34e8  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
22:56:15.0693 0x34e8  iaStorAV - ok
22:56:15.0696 0x34e8  [ 89CB56C80DF2DEA6315694CDF5B7C04E, 2260E48F72F4E17006CCC4C1691F84EF51D00DA2A8E402CAF006D342D54DD0C3 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:56:15.0697 0x34e8  IAStorDataMgrSvc - ok
22:56:15.0704 0x34e8  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
22:56:15.0709 0x34e8  iaStorV - ok
22:56:15.0713 0x34e8  [ D9A9FFC89F61CAD4AD9EF31FBB17E634, F81184889B30DA8947F22A9C9ED5C542295ED70F0A1C27D1C91BAC21F4BCD987 ] ICCS            C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
22:56:15.0715 0x34e8  ICCS - ok
22:56:15.0717 0x34e8  IEEtwCollectorService - ok
22:56:15.0733 0x34e8  [ B82255670D270B75D2D2F0F8747D1443, C40E151AC3FBF289456A4AD9E5744B314067ADA03FE729970410931904305F51 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
22:56:15.0747 0x34e8  IKEEXT - ok
22:56:15.0753 0x34e8  [ BAEEC35B40C6566AD8CB6F579F24078B, 066DF91442041491A9F46F942CC1B0AA21E6E54F017B815F55A22B01A49E7300 ] inspect         C:\WINDOWS\system32\DRIVERS\inspect.sys
22:56:15.0755 0x34e8  inspect - ok
22:56:15.0800 0x34e8  [ 46C58BFDE42460C5FD7222CD3BE11402, 40D74C81DDA5A18894A8D487C716D41849B22E390012184DFB5F2231A3687256 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
22:56:15.0835 0x34e8  IntcAzAudAddService - ok
22:56:15.0851 0x34e8  [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:56:15.0859 0x34e8  Intel® Capability Licensing Service Interface - ok
22:56:15.0875 0x34e8  [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
22:56:15.0887 0x34e8  Intel® Capability Licensing Service TCP IP Interface - ok
22:56:15.0897 0x34e8  [ EA83415296F905D11651B9AF26FB7EBD, 0A37449E8EF0190A088720EE727EA46B7E8BE376801C4EBC8173A012B2A476FD ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
22:56:15.0900 0x34e8  Intel® PROSet Monitoring Service - ok
22:56:15.0903 0x34e8  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
22:56:15.0904 0x34e8  intelide - ok
22:56:15.0910 0x34e8  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
22:56:15.0911 0x34e8  intelppm - ok
22:56:15.0915 0x34e8  IOMap - ok
22:56:15.0920 0x34e8  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:56:15.0922 0x34e8  IpFilterDriver - ok
22:56:15.0937 0x34e8  [ DFC4050D58565ADBEE793A8D4AEBDAE6, 89B900408F030CD45753A11D6AE6CBAB87E8B0E3F8401402D2D8713C045BF488 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
22:56:15.0950 0x34e8  iphlpsvc - ok
22:56:15.0955 0x34e8  [ 9949A3C7590B8C536C05312205079A82, 9276A09D5F910AE8358A96505AB3F66C514870944D58B63B71D5E96567D1E6BB ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
22:56:15.0958 0x34e8  IPMIDRV - ok
22:56:15.0962 0x34e8  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
22:56:15.0964 0x34e8  IPNAT - ok
22:56:15.0966 0x34e8  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
22:56:15.0967 0x34e8  IRENUM - ok
22:56:15.0969 0x34e8  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
22:56:15.0970 0x34e8  isapnp - ok
22:56:15.0981 0x34e8  [ 034D4BD9DC67C64F3A4C8A049B5173BF, C68AF5A5AD4092AA1C871BD38473AEF84EC3ECF4D06FBEB5F6C09972EF1B8A81 ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
22:56:15.0984 0x34e8  iScsiPrt - ok
22:56:15.0989 0x34e8  [ BF5D3A2624177C413680DEF19A465AF8, B9909D3E6CB6F9971293116387865AD15CB9D47513C7FAA9C36BE4D2847A41EB ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
22:56:15.0991 0x34e8  jhi_service - ok
22:56:15.0994 0x34e8  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
22:56:15.0995 0x34e8  kbdclass - ok
22:56:15.0998 0x34e8  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
22:56:15.0998 0x34e8  kbdhid - ok
22:56:16.0000 0x34e8  [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr        C:\WINDOWS\system32\drivers\kbldfltr.sys
22:56:16.0001 0x34e8  kbldfltr - ok
22:56:16.0003 0x34e8  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
22:56:16.0004 0x34e8  kdnic - ok
22:56:16.0006 0x34e8  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\WINDOWS\system32\lsass.exe
22:56:16.0008 0x34e8  KeyIso - ok
22:56:16.0013 0x34e8  [ 783BEB99743BACB9586CCB70356449C5, CEE63FC2E7937B181743D4CFE837FFB29E3BF94BBA5394A3B5FFAF5142EF0D48 ] KeyScrambler    C:\WINDOWS\system32\drivers\keyscrambler.sys
22:56:16.0015 0x34e8  KeyScrambler - ok
22:56:16.0019 0x34e8  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
22:56:16.0020 0x34e8  KSecDD - ok
22:56:16.0026 0x34e8  [ 7296EA420134EAC390798B3232D066A4, 1F5D51EEFD389706660DFB4DB4BF3EC570BEC7097CEB5CAE70EFFE35C3255346 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
22:56:16.0029 0x34e8  KSecPkg - ok
22:56:16.0032 0x34e8  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
22:56:16.0032 0x34e8  ksthunk - ok
22:56:16.0039 0x34e8  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
22:56:16.0045 0x34e8  KtmRm - ok
22:56:16.0052 0x34e8  [ 27B58E16CF895AC1F1A97C04814C2239, D4336155331DDBF91952CDC6C446C68FF524F979099BA8D9B3A578758F97B2BE ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
22:56:16.0057 0x34e8  LanmanServer - ok
22:56:16.0063 0x34e8  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
22:56:16.0068 0x34e8  LanmanWorkstation - ok
22:56:16.0077 0x34e8  [ EE289BD147FDFF95EF1B9BD65D3B974A, EFD9D0F6C73E7D2D52DBE2E2A8D3009BFB6AB24776A100CA528A8365002C6105 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
22:56:16.0084 0x34e8  lfsvc - ok
22:56:16.0086 0x34e8  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\WINDOWS\system32\drivers\LGBusEnum.sys
22:56:16.0087 0x34e8  LGBusEnum - ok
22:56:16.0089 0x34e8  [ 94AF1384A67B9FCF5651E70BC9D4C526, 9C025F7BBB5BBE9DAF3DEF2F6385CE77C8F413912C4D16930814F6D19B62B367 ] LGSHidFilt      C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys
22:56:16.0090 0x34e8  LGSHidFilt - ok
22:56:16.0092 0x34e8  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\WINDOWS\system32\drivers\LGVirHid.sys
22:56:16.0093 0x34e8  LGVirHid - ok
22:56:16.0096 0x34e8  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
22:56:16.0097 0x34e8  lltdio - ok
22:56:16.0102 0x34e8  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
22:56:16.0106 0x34e8  lltdsvc - ok
22:56:16.0109 0x34e8  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
22:56:16.0110 0x34e8  lmhosts - ok
22:56:16.0116 0x34e8  [ 3EA307C51069BC72DD74A4964F2A30A9, EB8F9C936AE43B7E31CB6C46F76FB918509D529E897C0E82B865A2854458996A ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:56:16.0120 0x34e8  LMS - ok
22:56:16.0124 0x34e8  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
22:56:16.0126 0x34e8  LSI_SAS - ok
22:56:16.0129 0x34e8  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
22:56:16.0130 0x34e8  LSI_SAS2 - ok
22:56:16.0133 0x34e8  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
22:56:16.0134 0x34e8  LSI_SAS3 - ok
22:56:16.0137 0x34e8  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
22:56:16.0138 0x34e8  LSI_SSS - ok
22:56:16.0149 0x34e8  [ B6B69FF200F68888A7FAFDF204D00C91, 4C9BA7B8646C74AE1E49F513EF426930C09969F29F1533D84D020B414BB1609B ] LSM             C:\WINDOWS\System32\lsm.dll
22:56:16.0158 0x34e8  LSM - ok
22:56:16.0163 0x34e8  [ 5EF604B0698F4FA962778285E8C5F1F2, 0465BDAB7EFBE9CC648E7E736B0B8BE152BD2FAB0917F6306675B9039C77F454 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
22:56:16.0164 0x34e8  luafv - ok
22:56:16.0167 0x34e8  [ E5ECF40E5FD459141E5F6685FFD51804, A120A6184AB16864E8A5F1DFD0CD178FCA541DE463B5CEF946E18C34B9B6F716 ] Lycosa          C:\WINDOWS\system32\drivers\Lycosa.sys
22:56:16.0167 0x34e8  Lycosa - ok
22:56:16.0170 0x34e8  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
22:56:16.0170 0x34e8  MBAMProtector - ok
22:56:16.0177 0x34e8  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:56:16.0182 0x34e8  MBAMScheduler - ok
22:56:16.0193 0x34e8  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:56:16.0202 0x34e8  MBAMService - ok
22:56:16.0205 0x34e8  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
22:56:16.0206 0x34e8  megasas - ok
22:56:16.0215 0x34e8  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
22:56:16.0222 0x34e8  megasr - ok
22:56:16.0226 0x34e8  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
22:56:16.0227 0x34e8  MEIx64 - ok
22:56:16.0230 0x34e8  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\WINDOWS\system32\mmcss.dll
22:56:16.0232 0x34e8  MMCSS - ok
22:56:16.0234 0x34e8  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
22:56:16.0235 0x34e8  Modem - ok
22:56:16.0237 0x34e8  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
22:56:16.0238 0x34e8  monitor - ok
22:56:16.0241 0x34e8  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
22:56:16.0241 0x34e8  mouclass - ok
22:56:16.0244 0x34e8  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
22:56:16.0244 0x34e8  mouhid - ok
22:56:16.0247 0x34e8  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
22:56:16.0249 0x34e8  mountmgr - ok
22:56:16.0252 0x34e8  [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:56:16.0253 0x34e8  MozillaMaintenance - ok
22:56:16.0256 0x34e8  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
22:56:16.0257 0x34e8  mpsdrv - ok
22:56:16.0270 0x34e8  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
22:56:16.0282 0x34e8  MpsSvc - ok
22:56:16.0286 0x34e8  [ 59DCEC7499095DE5AED741358037AE2D, 60C4CEBCAE27C121E9D63BD2BC3E5863A91ABC77616C56C10618273A8F9B6F61 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
22:56:16.0288 0x34e8  MRxDAV - ok
22:56:16.0296 0x34e8  [ 79B6F3DF7CDFD12159871FF71464F0CE, E01CDD5296237FB60D426784E1142B1AF2CEABDD7CB0B43C4798402C812A94D5 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:56:16.0300 0x34e8  mrxsmb - ok
22:56:16.0305 0x34e8  [ AAF56E4E84D35411B4E446C445732DFE, 7AC41CAA0842AE4DA4EEF976202C58D7923DAA367F0D7E800D432323D5E7DE1A ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
22:56:16.0308 0x34e8  mrxsmb20 - ok
22:56:16.0311 0x34e8  [ 4E888019078AC363076A5433E89AA4F8, 3DEBDA290230B3E83F956C902C960E39463B7EFE86439199521356762769FD91 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
22:56:16.0313 0x34e8  MsBridge - ok
22:56:16.0317 0x34e8  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
22:56:16.0319 0x34e8  MSDTC - ok
22:56:16.0323 0x34e8  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
22:56:16.0324 0x34e8  Msfs - ok
22:56:16.0327 0x34e8  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
22:56:16.0328 0x34e8  msgpiowin32 - ok
22:56:16.0330 0x34e8  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
22:56:16.0330 0x34e8  mshidkmdf - ok
22:56:16.0332 0x34e8  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
22:56:16.0333 0x34e8  mshidumdf - ok
22:56:16.0335 0x34e8  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
22:56:16.0336 0x34e8  msisadrv - ok
22:56:16.0340 0x34e8  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
22:56:16.0342 0x34e8  MSiSCSI - ok
22:56:16.0344 0x34e8  msiserver - ok
22:56:16.0347 0x34e8  [ D22AE5313F6B7EFDDD8C117B5501F4A3, 1937EEE33BF9C4485F172B10FB17AEF3F3B8978371307F49C3338D74D96A8389 ] MsKeyboardFilter C:\WINDOWS\System32\KeyboardFilterSvc.dll
22:56:16.0349 0x34e8  MsKeyboardFilter - ok
22:56:16.0351 0x34e8  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:56:16.0351 0x34e8  MSKSSRV - ok
22:56:16.0354 0x34e8  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
22:56:16.0355 0x34e8  MsLldp - ok
22:56:16.0357 0x34e8  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:56:16.0358 0x34e8  MSPCLOCK - ok
22:56:16.0360 0x34e8  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
22:56:16.0360 0x34e8  MSPQM - ok
22:56:16.0367 0x34e8  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
22:56:16.0371 0x34e8  MsRPC - ok
22:56:16.0375 0x34e8  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
22:56:16.0376 0x34e8  mssmbios - ok
22:56:16.0378 0x34e8  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
22:56:16.0378 0x34e8  MSTEE - ok
22:56:16.0381 0x34e8  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
22:56:16.0381 0x34e8  MTConfig - ok
22:56:16.0384 0x34e8  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
22:56:16.0385 0x34e8  Mup - ok
22:56:16.0388 0x34e8  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
22:56:16.0389 0x34e8  mvumis - ok
22:56:16.0396 0x34e8  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\WINDOWS\system32\qagentRT.dll
22:56:16.0403 0x34e8  napagent - ok
22:56:16.0411 0x34e8  [ CF8B989D89D6807B887690F2CF24EFD9, 7A3ED124D8D7736F57CD687111C478A206422D117099B2F752B6D933D009BCAC ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
22:56:16.0415 0x34e8  NativeWifiP - ok
22:56:16.0420 0x34e8  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
22:56:16.0423 0x34e8  NcaSvc - ok
22:56:16.0427 0x34e8  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
22:56:16.0430 0x34e8  NcbService - ok
22:56:16.0433 0x34e8  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
22:56:16.0435 0x34e8  NcdAutoSetup - ok
22:56:16.0451 0x34e8  [ ED39D676080A1AEA755F1DEC1A8DF1A4, E413DA1113A51F3A68957147A50248AA98C0D365103D137D5AE8638C74E802D7 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
22:56:16.0463 0x34e8  NDIS - ok
22:56:16.0467 0x34e8  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
22:56:16.0468 0x34e8  NdisCap - ok
22:56:16.0471 0x34e8  [ 9F1DA20E943BE7AA4ED5F3E1EBA78B37, CCD99962917BBE256F64AE14CCC9FD12433C72B5DB98E0E57CA8F212A11B3C8F ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
22:56:16.0473 0x34e8  NdisImPlatform - ok
22:56:16.0475 0x34e8  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:56:16.0476 0x34e8  NdisTapi - ok
22:56:16.0478 0x34e8  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:56:16.0479 0x34e8  Ndisuio - ok
22:56:16.0481 0x34e8  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
22:56:16.0482 0x34e8  NdisVirtualBus - ok
22:56:16.0487 0x34e8  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:56:16.0490 0x34e8  NdisWan - ok
22:56:16.0494 0x34e8  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:56:16.0496 0x34e8  NdisWanLegacy - ok
22:56:16.0499 0x34e8  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
22:56:16.0501 0x34e8  NDProxy - ok
22:56:16.0504 0x34e8  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
22:56:16.0505 0x34e8  Ndu - ok
22:56:16.0508 0x34e8  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
22:56:16.0508 0x34e8  NetBIOS - ok
22:56:16.0514 0x34e8  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
22:56:16.0517 0x34e8  NetBT - ok
22:56:16.0520 0x34e8  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\WINDOWS\system32\lsass.exe
22:56:16.0521 0x34e8  Netlogon - ok
22:56:16.0526 0x34e8  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\WINDOWS\System32\netman.dll
22:56:16.0531 0x34e8  Netman - ok
22:56:16.0540 0x34e8  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
22:56:16.0547 0x34e8  netprofm - ok
22:56:16.0551 0x34e8  [ 500059CAF5B8A6C47D2E46B7BC2B27AE, EA6787B7CC119B32C3E16AE336D776C4EC5DD347E62983ADD754BD038BFC23E3 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:56:16.0552 0x34e8  NetTcpPortSharing - ok
22:56:16.0556 0x34e8  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\WINDOWS\system32\DRIVERS\netvsc63.sys
22:56:16.0557 0x34e8  netvsc - ok
22:56:16.0564 0x34e8  [ 3A280F3B3C7A46E29C404ACD46ECBF5E, 81C3367A2A212DBCC65B8A0166FD092E3205AB31A146B4B737061335CEC51F9D ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
22:56:16.0570 0x34e8  NlaSvc - ok
22:56:16.0573 0x34e8  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
22:56:16.0574 0x34e8  Npfs - ok
22:56:16.0577 0x34e8  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
22:56:16.0577 0x34e8  npsvctrig - ok
22:56:16.0580 0x34e8  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\WINDOWS\system32\nsisvc.dll
22:56:16.0581 0x34e8  nsi - ok
22:56:16.0584 0x34e8  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
22:56:16.0584 0x34e8  nsiproxy - ok
22:56:16.0612 0x34e8  [ 4412D565C0278C401575E11072C7DCE3, 82A0E9AA88750900EA0E9983157345456B418745C8BA62FAF339640E759C0418 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
22:56:16.0632 0x34e8  Ntfs - ok
22:56:16.0637 0x34e8  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
22:56:16.0638 0x34e8  Null - ok
22:56:16.0648 0x34e8  [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
22:56:16.0655 0x34e8  NVHDA - ok
22:56:16.0897 0x34e8  [ 52B33E12FF8C9E219CAEC1BB4A5F5E4C, 5272178B39FEDB3F001249FE7C852787EFD715FC49BBAAE58158A189AFB8A337 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
22:56:17.0024 0x34e8  nvlddmkm - ok
22:56:17.0055 0x34e8  [ CD75EF8F5EC7EA52A5C3B30F9222726B, AADD461D727F4358E5F8A9694CBCBC53D2A55DCE661D80B7B0F790E05E2714E4 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
22:56:17.0072 0x34e8  NvNetworkService - ok
22:56:17.0077 0x34e8  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
22:56:17.0079 0x34e8  nvraid - ok
22:56:17.0083 0x34e8  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
22:56:17.0085 0x34e8  nvstor - ok
22:56:17.0292 0x34e8  [ 705A457356DCE04C6E071FB9D2B22408, D16CA73F7F6412FE29CB5DA1232A2BFAB430B1B794975559EE83D46F9D668836 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
22:56:17.0462 0x34e8  NvStreamSvc - ok
22:56:17.0490 0x34e8  [ 2B47EDD27365F9F5D8E87648BECF52C4, CADA4B19791441373580919FFF89623489C7A1737857760B96CC3F0A08DB8D59 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
22:56:17.0502 0x34e8  nvsvc - ok
22:56:17.0506 0x34e8  [ 939C0FAE9CC0CDD69E6508BDE4C11FE5, 1E82FF4A8797A0EC5DF0E54DE7F358542C73FFFBECADDF86ED66839182E3B55D ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
22:56:17.0506 0x34e8  nvvad_WaveExtensible - ok
22:56:17.0510 0x34e8  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
22:56:17.0512 0x34e8  nv_agp - ok
22:56:17.0519 0x34e8  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
22:56:17.0525 0x34e8  p2pimsvc - ok
22:56:17.0533 0x34e8  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
22:56:17.0539 0x34e8  p2psvc - ok
22:56:17.0545 0x34e8  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
22:56:17.0546 0x34e8  Parport - ok
22:56:17.0549 0x34e8  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
22:56:17.0550 0x34e8  partmgr - ok
22:56:17.0558 0x34e8  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
22:56:17.0565 0x34e8  PcaSvc - ok
22:56:17.0572 0x34e8  [ C0D3F3BC1C84B4BA746D9847314C1164, 66FDF288ACAE021C5F63BCCC68D7534B4DB737E252AB16DFF746355D8BE7502D ] pci             C:\WINDOWS\system32\drivers\pci.sys
22:56:17.0576 0x34e8  pci - ok
22:56:17.0578 0x34e8  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
22:56:17.0579 0x34e8  pciide - ok
22:56:17.0583 0x34e8  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
22:56:17.0584 0x34e8  pcmcia - ok
22:56:17.0587 0x34e8  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
22:56:17.0588 0x34e8  pcw - ok
22:56:17.0591 0x34e8  [ B9D968D8E2B0F9C6301CEB39CFC9B9E4, 83F32831B0727F18B56DC3CAF37E45A3523D2BBCD54D1421F0DE5A0179D8A404 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
22:56:17.0592 0x34e8  pdc - ok
22:56:17.0603 0x34e8  [ BA50CC0BD19004AAB88BE37338B6FA0D, 34D4720A621CCB4707F2EB929F6F44C317DBC6F055F7F34F3FAC68DFDAA00DEF ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
22:56:17.0611 0x34e8  PEAUTH - ok
22:56:17.0641 0x34e8  [ 084DE525DFE82AE7453DD527390FA110, 8216AE63AE740D97204CDED6543B66FC1FB55DB86D42FBA0EC629361C40F9EC0 ] PeerDistSvc     C:\WINDOWS\system32\peerdistsvc.dll
22:56:17.0668 0x34e8  PeerDistSvc - ok
22:56:17.0680 0x34e8  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
22:56:17.0681 0x34e8  PerfHost - ok
22:56:17.0705 0x34e8  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\WINDOWS\system32\pla.dll
22:56:17.0724 0x34e8  pla - ok
22:56:17.0729 0x34e8  [ 752A457320A946E03C3AA86C3ACD735E, 63946150581532D862F4220606E74FFC479209E1A36CD57AA78AC4AE34A26F49 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
22:56:17.0732 0x34e8  PlugPlay - ok
22:56:17.0734 0x34e8  PnkBstrA - ok
22:56:17.0737 0x34e8  PnkBstrB - ok
22:56:17.0739 0x34e8  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
22:56:17.0741 0x34e8  PNRPAutoReg - ok
22:56:17.0748 0x34e8  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
22:56:17.0753 0x34e8  PNRPsvc - ok
22:56:17.0761 0x34e8  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
22:56:17.0766 0x34e8  PolicyAgent - ok
22:56:17.0770 0x34e8  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\WINDOWS\system32\umpo.dll
22:56:17.0773 0x34e8  Power - ok
22:56:17.0811 0x34e8  [ B7DB57A000D46D4DE75BC0C563E58072, 8183EB09DC4D44DFF027CA0AAA8C09921A14F088C1BC427B6ACA42340AAF69E6 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
22:56:17.0845 0x34e8  PrintNotify - ok
22:56:17.0852 0x34e8  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
22:56:17.0853 0x34e8  Processor - ok
22:56:17.0858 0x34e8  [ 8513A1E7AE4B9DC82C4B4F432C648A58, C0C629BF79722A12B35BDA6D5EF6FD2D96E013D80D8F17077E9137ED3988B452 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
22:56:17.0862 0x34e8  ProfSvc - ok
22:56:17.0866 0x34e8  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
22:56:17.0868 0x34e8  Psched - ok
22:56:17.0875 0x34e8  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\WINDOWS\system32\qwave.dll
22:56:17.0879 0x34e8  QWAVE - ok
22:56:17.0882 0x34e8  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
22:56:17.0883 0x34e8  QWAVEdrv - ok
22:56:17.0886 0x34e8  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:56:17.0886 0x34e8  RasAcd - ok
22:56:17.0890 0x34e8  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
22:56:17.0892 0x34e8  RasAuto - ok
22:56:17.0901 0x34e8  [ BF3B17016764F20F9D28CF1A8DC210C0, F64B410D444D4A3DFEE356EFC5B758781FA2612771EDCF72DB91D3120385D7DB ] RasMan          C:\WINDOWS\System32\rasmans.dll
22:56:17.0909 0x34e8  RasMan - ok
22:56:17.0912 0x34e8  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:56:17.0914 0x34e8  RasPppoe - ok
22:56:17.0921 0x34e8  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:56:17.0926 0x34e8  rdbss - ok
22:56:17.0930 0x34e8  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
22:56:17.0930 0x34e8  rdpbus - ok
22:56:17.0935 0x34e8  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
22:56:17.0938 0x34e8  RDPDR - ok
22:56:17.0943 0x34e8  [ 858776908AF838E3790F3261B799CDA6, 5BE4658540382D1B2F46E503CE175D74E3870FE492B8B8F37C3CFB34FF8E2DA8 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
22:56:17.0943 0x34e8  RdpVideoMiniport - ok
22:56:17.0949 0x34e8  [ 847C6A08912C3515807049C93E526D65, 74AFC58793B43E73614D2F49B19FB360091E208097696D9DF0B0354761E0B30F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
22:56:17.0952 0x34e8  rdyboost - ok
22:56:17.0966 0x34e8  [ 036746D54347FD2D0385668E2A4064E4, 7C670176176C86D6C3814367A6282A78F4E950F84DDEDA849829236C891F5BB9 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
22:56:17.0977 0x34e8  ReFS - ok
22:56:17.0984 0x34e8  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
22:56:17.0988 0x34e8  RemoteAccess - ok
22:56:17.0994 0x34e8  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
22:56:18.0001 0x34e8  RemoteRegistry - ok
22:56:18.0006 0x34e8  [ 02307C86CB24769306B0DFA0C751952E, 637D90161C477995925936E4807B57EA80BE11761B26F5FC1B4B0F3EB52FBA87 ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
22:56:18.0008 0x34e8  RFCOMM - ok
22:56:18.0011 0x34e8  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
22:56:18.0014 0x34e8  RpcEptMapper - ok
22:56:18.0016 0x34e8  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\WINDOWS\system32\locator.exe
22:56:18.0017 0x34e8  RpcLocator - ok
22:56:18.0029 0x34e8  [ 3FD5AE42EC87C6F532A931F96BE731DD, 8282823022391ACF65E23F461FCE5CAFFB5ADC077647FEF80B91BC4BC31EDFE2 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
22:56:18.0038 0x34e8  RpcSs - ok
22:56:18.0042 0x34e8  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
22:56:18.0044 0x34e8  rspndr - ok
22:56:18.0046 0x34e8  [ 2EF2E63F41BEFE2ED8B11F0D32BBCD01, 60B1879A05376B2A0F4F872DF32FA2B17F9C08EB0E3B10B7D7DD9F68D775D77F ] rzp1endpt       C:\WINDOWS\System32\drivers\rzp1endpt.sys
22:56:18.0047 0x34e8  rzp1endpt - ok
22:56:18.0051 0x34e8  [ 28556FF1ADEF121C23D343A7361A358F, CBC751CC09782982142B2B076EB49798F734BED6F35CD9A2F52B76294B435D06 ] rzudd           C:\WINDOWS\System32\drivers\rzudd.sys
22:56:18.0053 0x34e8  rzudd - ok
22:56:18.0056 0x34e8  [ CCDA988BD30C5DB7E94B7CE04BFC1FE7, 738A1BE9B09B5C42C7041202819E6F4D8D75ED6557AC650C261B53B39CD6C270 ] rzvmouse        C:\WINDOWS\System32\drivers\rzvmouse.sys
22:56:18.0056 0x34e8  rzvmouse - ok
22:56:18.0058 0x34e8  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
22:56:18.0059 0x34e8  s3cap - ok
22:56:18.0062 0x34e8  [ E228C336F195FA629D00B02F9FFC5667, 114F562882EF2A439EC4783029A977A53588F3870AED158B46F8DA51B4CB2715 ] SafeBox         C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
22:56:18.0064 0x34e8  SafeBox - ok
22:56:18.0066 0x34e8  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\WINDOWS\system32\lsass.exe
22:56:18.0068 0x34e8  SamSs - ok
22:56:18.0072 0x34e8  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
22:56:18.0073 0x34e8  sbp2port - ok
22:56:18.0078 0x34e8  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
22:56:18.0082 0x34e8  SCardSvr - ok
22:56:18.0086 0x34e8  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
22:56:18.0089 0x34e8  ScDeviceEnum - ok
22:56:18.0092 0x34e8  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
22:56:18.0092 0x34e8  scfilter - ok
22:56:18.0110 0x34e8  [ A95838FFFAEAA7500263D491575F7E0C, FEB79ECAE6D9AB0C29D9AFE12F60502A8357B3A382C0FACF4C6DA4852B6ECFA4 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
22:56:18.0127 0x34e8  Schedule - ok
22:56:18.0132 0x34e8  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
22:56:18.0134 0x34e8  SCPolicySvc - ok
22:56:18.0140 0x34e8  [ 2F9A3380B8C0380E5608E29C7AA66899, 56D1908437DD3791E54866819E39CC89586C5CD804F47B556416FA8642D88CBB ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
22:56:18.0144 0x34e8  sdbus - ok
22:56:18.0148 0x34e8  [ 4EAF4DCF9DBD9A56952A58F56D61C005, BCA42FD1553569D3603008CC97D88FD309E87F8A8B1522A4287A0E81CAE6C294 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
22:56:18.0149 0x34e8  sdstor - ok
22:56:18.0152 0x34e8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
22:56:18.0153 0x34e8  secdrv - ok
22:56:18.0155 0x34e8  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\WINDOWS\system32\seclogon.dll
22:56:18.0157 0x34e8  seclogon - ok
22:56:18.0160 0x34e8  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\WINDOWS\System32\sens.dll
22:56:18.0163 0x34e8  SENS - ok
22:56:18.0168 0x34e8  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
22:56:18.0172 0x34e8  SensrSvc - ok
22:56:18.0175 0x34e8  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
22:56:18.0176 0x34e8  SerCx - ok
22:56:18.0180 0x34e8  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
22:56:18.0182 0x34e8  SerCx2 - ok
22:56:18.0185 0x34e8  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
22:56:18.0185 0x34e8  Serenum - ok
22:56:18.0189 0x34e8  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
22:56:18.0191 0x34e8  Serial - ok
22:56:18.0193 0x34e8  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
22:56:18.0194 0x34e8  sermouse - ok
22:56:18.0204 0x34e8  [ 441E6FF1F34D7A942946DB42A15FB519, A16BA505B74C7A2ADD08BD5B50728C2AD55062E0ABABAD7E3EE0EB97F3725523 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
22:56:18.0209 0x34e8  SessionEnv - ok
22:56:18.0212 0x34e8  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
22:56:18.0213 0x34e8  sfloppy - ok
22:56:18.0221 0x34e8  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
22:56:18.0227 0x34e8  SharedAccess - ok
22:56:18.0237 0x34e8  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:56:18.0247 0x34e8  ShellHWDetection - ok
22:56:18.0250 0x34e8  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
22:56:18.0251 0x34e8  SiSRaid2 - ok
22:56:18.0254 0x34e8  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
22:56:18.0255 0x34e8  SiSRaid4 - ok
22:56:18.0258 0x34e8  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\WINDOWS\System32\smphost.dll
22:56:18.0260 0x34e8  smphost - ok
22:56:18.0265 0x34e8  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
22:56:18.0266 0x34e8  SNMPTRAP - ok
22:56:18.0269 0x34e8  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
22:56:18.0271 0x34e8  SpbCx - ok
22:56:18.0283 0x34e8  [ FE0CB40F36D3FCDD3A1B312EF72C38D5, 42EA50869752164764DFE8CE7E1C247BE8342A0C15F39158DC808E8A692C460F ] Spooler         C:\WINDOWS\System32\spoolsv.exe
22:56:18.0294 0x34e8  Spooler - ok
22:56:18.0378 0x34e8  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
22:56:18.0444 0x34e8  sppsvc - ok
22:56:18.0462 0x34e8  [ C1AE59C0B0817236EC083A91C396005A, 26F05ECB44C300DA8F333B115727C31C5C8252C83F37F0AE7DFF89B267599CDF ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
22:56:18.0472 0x34e8  srv2 - ok
22:56:18.0480 0x34e8  [ 77195C32175FC63D6054EBA5A066D727, 22F5D26809BC9288021620040FC7B7BB76708D434C863B3C0C20F73200C1C6A9 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
22:56:18.0483 0x34e8  srvnet - ok
22:56:18.0489 0x34e8  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
22:56:18.0493 0x34e8  SSDPSRV - ok
22:56:18.0498 0x34e8  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
22:56:18.0501 0x34e8  SstpSvc - ok
22:56:18.0511 0x34e8  [ 2F3B5A3567FFB343D8867C3D34C687F1, D01971412506746B2EA1CBB0ACF9472889ABBC23318C1332BEC9C8256011183E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
22:56:18.0518 0x34e8  Steam Client Service - ok
22:56:18.0526 0x34e8  [ B5D2F4BF587FD60AF75B09EFC1AD0E0A, 2033D6DFCA7A48E338D94427AEC82DA761618D5D3AEB22E5A64427D2C2DB0350 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:56:18.0530 0x34e8  Stereo Service - ok
22:56:18.0533 0x34e8  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
22:56:18.0534 0x34e8  stexstor - ok
22:56:18.0545 0x34e8  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
22:56:18.0554 0x34e8  stisvc - ok
22:56:18.0558 0x34e8  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
22:56:18.0560 0x34e8  storahci - ok
22:56:18.0562 0x34e8  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
22:56:18.0563 0x34e8  storflt - ok
22:56:18.0566 0x34e8  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
22:56:18.0567 0x34e8  stornvme - ok
22:56:18.0570 0x34e8  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
22:56:18.0572 0x34e8  StorSvc - ok
22:56:18.0575 0x34e8  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
22:56:18.0576 0x34e8  storvsc - ok
22:56:18.0579 0x34e8  [ 03618F935379614837F915D04C45FC0E, 9CC0CBA7AFC58E7F921C13FA3F5269714F1F827535A311E11EA48689C4D539DE ] storvsp         C:\WINDOWS\System32\drivers\storvsp.sys
22:56:18.0580 0x34e8  storvsp - ok
22:56:18.0583 0x34e8  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\WINDOWS\system32\svsvc.dll
22:56:18.0585 0x34e8  svsvc - ok
22:56:18.0587 0x34e8  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
22:56:18.0588 0x34e8  swenum - ok
22:56:18.0599 0x34e8  [ 99453C649DC4B0BE6D062B701CD2917F, 6E136BBF46E2E07635BEDC307A7F2E7C653DB45C055419DAB4878BF657B82058 ] swprv           C:\WINDOWS\System32\swprv.dll
22:56:18.0609 0x34e8  swprv - ok
22:56:18.0628 0x34e8  [ E45DA7CBBA34510C8B9473AD7D4FFD0B, 89C2AED757D86C276D78D29D94DCBF9C1B6A244A2153EC85CCB2E86C5F078387 ] SysMain         C:\WINDOWS\system32\sysmain.dll
22:56:18.0645 0x34e8  SysMain - ok
22:56:18.0652 0x34e8  [ D65B1C952AEB864C2BAC7A770B17ECCE, 3EFAAFFF73390D9CB660E0F42B305512396CF66ED06E4A20ED67E8722FB4355B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
22:56:18.0657 0x34e8  SystemEventsBroker - ok
22:56:18.0661 0x34e8  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
22:56:18.0664 0x34e8  TabletInputService - ok
22:56:18.0671 0x34e8  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
22:56:18.0676 0x34e8  TapiSrv - ok
22:56:18.0679 0x34e8  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD, 58F14DAA0EA21EA2F2A1D3D62C88BD8E5A0E0EF498B7B8D367BEEADE6A46843C ] tapoas          C:\WINDOWS\system32\DRIVERS\tapoas.sys
22:56:18.0680 0x34e8  tapoas - ok
22:56:18.0715 0x34e8  [ ECC68BD5347BDE9631EE68274858A41F, F5274400312C776C13BCBC333AF20C29163FEBC7879E9C6AD45774A0C39F8A52 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
22:56:18.0745 0x34e8  Tcpip - ok
22:56:18.0781 0x34e8  [ ECC68BD5347BDE9631EE68274858A41F, F5274400312C776C13BCBC333AF20C29163FEBC7879E9C6AD45774A0C39F8A52 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:56:18.0807 0x34e8  TCPIP6 - ok
22:56:18.0814 0x34e8  [ 33A7D83EEB15431773A6E186CFAABA21, AC5100A76CA44BFADF4A54FDB09FF5D2FF13B9F8482DC1AE86C8C27005F77B0F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
22:56:18.0815 0x34e8  tcpipreg - ok
22:56:18.0820 0x34e8  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
22:56:18.0822 0x34e8  tdx - ok
22:56:18.0825 0x34e8  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
22:56:18.0825 0x34e8  terminpt - ok
22:56:18.0841 0x34e8  [ 2C77831737491F4D684D315B95C62883, 90A2574A281F19646CFCDA5FDF40063220058290D2D5523AD91B7E709EC36D3D ] TermService     C:\WINDOWS\System32\termsrv.dll
22:56:18.0855 0x34e8  TermService - ok
22:56:18.0861 0x34e8  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\WINDOWS\system32\themeservice.dll
22:56:18.0863 0x34e8  Themes - ok
22:56:18.0866 0x34e8  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
22:56:18.0868 0x34e8  THREADORDER - ok
22:56:18.0873 0x34e8  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
22:56:18.0878 0x34e8  TimeBroker - ok
22:56:18.0883 0x34e8  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
22:56:18.0886 0x34e8  TPM - ok
22:56:18.0890 0x34e8  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
22:56:18.0893 0x34e8  TrkWks - ok
22:56:18.0900 0x34e8  [ 325A512F98BEB97B1FFBE88927B8090D, 2A0C10516E3506D63290345DFAC98D5A623584767E034EBF652B9DBE6CF70547 ] trufos          C:\WINDOWS\system32\DRIVERS\trufos.sys
22:56:18.0905 0x34e8  trufos - ok
22:56:18.0909 0x34e8  [ DA56FFA46030E6FEB215E3D5DAA65B11, 36B5EED8F9044475000362DBFC8A2A40B889ED46382CCEFB6BA04BE0442F98C2 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
22:56:18.0910 0x34e8  TrustedInstaller - ok
22:56:18.0915 0x34e8  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
22:56:18.0916 0x34e8  TsUsbFlt - ok
22:56:18.0919 0x34e8  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
22:56:18.0919 0x34e8  TsUsbGD - ok
22:56:18.0924 0x34e8  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
22:56:18.0926 0x34e8  tunnel - ok
22:56:18.0929 0x34e8  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
22:56:18.0930 0x34e8  uagp35 - ok
22:56:18.0934 0x34e8  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
22:56:18.0935 0x34e8  UASPStor - ok
22:56:18.0942 0x34e8  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
22:56:18.0945 0x34e8  udfs - ok
22:56:18.0948 0x34e8  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
22:56:18.0949 0x34e8  UEFI - ok
22:56:18.0955 0x34e8  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
22:56:18.0957 0x34e8  UI0Detect - ok
22:56:18.0960 0x34e8  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
22:56:18.0961 0x34e8  uliagpkx - ok
22:56:18.0964 0x34e8  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
22:56:18.0965 0x34e8  umbus - ok
22:56:18.0967 0x34e8  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
22:56:18.0968 0x34e8  UmPass - ok
22:56:18.0974 0x34e8  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
22:56:18.0979 0x34e8  UmRdpService - ok
22:56:18.0984 0x34e8  [ 612AACDDFF7EF81375927C2D7E4E810C, 63B446E7DB4C31CBBA244F858335DAD386AE302E6B0EE8EABDE399439BC93D82 ] UPDATESRV       C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
22:56:18.0985 0x34e8  UPDATESRV - ok
22:56:18.0994 0x34e8  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\WINDOWS\System32\upnphost.dll
22:56:19.0000 0x34e8  upnphost - ok
22:56:19.0053 0x34e8  [ 2F8AB74A6BB3040F4972F77F4B4EF623, 3EE892530419759B6A9A0A27B6EE9771820941B5B0C2A78A6E2606F6C8779ED4 ] USBADVAU        C:\WINDOWS\system32\drivers\cm11264.sys
22:56:19.0095 0x34e8  USBADVAU - ok
22:56:19.0103 0x34e8  [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
22:56:19.0105 0x34e8  usbaudio - ok
22:56:19.0111 0x34e8  [ 433ECDE01A52691FA7ACA51C10C09B70, B896296A3F8EF2AF3AC5F0091B9848156608586F1E10A95D70700BAB51E8062A ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
22:56:19.0113 0x34e8  usbccgp - ok
22:56:19.0117 0x34e8  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
22:56:19.0119 0x34e8  usbcir - ok
22:56:19.0123 0x34e8  [ 5477D6E27C7D266EF8C152B9A25ADE5E, FEE81677D284A78A0C0FB60F887A952CFC759AE78B01206D73F59FE33612C519 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
22:56:19.0124 0x34e8  usbehci - ok
22:56:19.0134 0x34e8  [ DF56C2C04EFA328D7A66B69007130266, 719316EB25A8C7B82C7941D1C5B964CC4EDA4A997732F481526DE7356F6FC0D8 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
22:56:19.0138 0x34e8  usbhub - ok
22:56:19.0149 0x34e8  [ C0E33820326199CE3CFD3B9F27F81D99, C67F55E7DD6F7FC4A96256A14A805D39C5CE8725FD86675C6C860B3DE8E4DBC3 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
22:56:19.0154 0x34e8  USBHUB3 - ok
22:56:19.0157 0x34e8  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
22:56:19.0158 0x34e8  usbohci - ok
22:56:19.0161 0x34e8  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
22:56:19.0161 0x34e8  usbprint - ok
22:56:19.0166 0x34e8  [ 4628B415A84EA9D4D396A56F1D0CB6C6, 430F4C819BF958430FD0DEEFD5BA07F210E0541634811993090C039CB602622F ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
22:56:19.0169 0x34e8  USBSTOR - ok
22:56:19.0172 0x34e8  [ BA4FA655E0FC577DB7436FC963932CE4, 3336FDECD4AEC6B316D4C0803E22A12719EBEDD1A9427C0DF5D3B263BE600EE6 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
22:56:19.0173 0x34e8  usbuhci - ok
22:56:19.0176 0x34e8  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
22:56:19.0178 0x34e8  VaultSvc - ok
22:56:19.0181 0x34e8  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
22:56:19.0181 0x34e8  vdrvroot - ok
22:56:19.0200 0x34e8  [ CFBAD6B48EDFAA0828A52646B7C4C08D, DDC7D607E784CE6FB5BC62E53E6309EB583D74425E6D3FC8F3D3EC705D69C075 ] vds             C:\WINDOWS\System32\vds.exe
22:56:19.0217 0x34e8  vds - ok
22:56:19.0223 0x34e8  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
22:56:19.0225 0x34e8  VerifierExt - ok
22:56:19.0237 0x34e8  [ 041D3EF364E624DBB2703A64A5AADF89, 94A52A35AFDD09EBCC4266BD6D44014AAB4BBDFD3F6E8C997A1CA49DFB48F60D ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
22:56:19.0243 0x34e8  vhdmp - ok
22:56:19.0246 0x34e8  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
22:56:19.0247 0x34e8  viaide - ok
22:56:19.0252 0x34e8  [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid             C:\WINDOWS\System32\drivers\Vid.sys
22:56:19.0255 0x34e8  Vid - ok
22:56:19.0259 0x34e8  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
22:56:19.0260 0x34e8  vmbus - ok
22:56:19.0263 0x34e8  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
22:56:19.0264 0x34e8  VMBusHID - ok
22:56:19.0268 0x34e8  [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr          C:\WINDOWS\System32\drivers\vmbusr.sys
22:56:19.0270 0x34e8  vmbusr - ok
22:56:19.0279 0x34e8  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
22:56:19.0286 0x34e8  vmicguestinterface - ok
22:56:19.0294 0x34e8  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
22:56:19.0300 0x34e8  vmicheartbeat - ok
22:56:19.0309 0x34e8  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
22:56:19.0315 0x34e8  vmickvpexchange - ok
22:56:19.0324 0x34e8  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
22:56:19.0330 0x34e8  vmicrdv - ok
22:56:19.0338 0x34e8  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
22:56:19.0344 0x34e8  vmicshutdown - ok
22:56:19.0353 0x34e8  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
22:56:19.0359 0x34e8  vmictimesync - ok
22:56:19.0378 0x34e8  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
22:56:19.0384 0x34e8  vmicvss - ok
22:56:19.0399 0x34e8  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
22:56:19.0400 0x34e8  volmgr - ok
22:56:19.0415 0x34e8  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
22:56:19.0419 0x34e8  volmgrx - ok
22:56:19.0437 0x34e8  [ C85C075DE5B6D0FE116043054DE8EE02, 8BB01DA3D63562F51BCCB5CC996F99A5CB0A8F89900045BBCF4115FD521A9706 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
22:56:19.0440 0x34e8  volsnap - ok
22:56:19.0444 0x34e8  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
22:56:19.0446 0x34e8  vpci - ok
22:56:19.0449 0x34e8  [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp         C:\WINDOWS\System32\drivers\vpcivsp.sys
22:56:19.0451 0x34e8  vpcivsp - ok
22:56:19.0459 0x34e8  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
22:56:19.0462 0x34e8  vsmraid - ok
22:56:19.0488 0x34e8  [ D51D7EF1EA5ED2BB01E9D07E6E0533BC, E31118F42B316C9B6C9072D9628AA2801FC2519F1A46C9ED167843CD67183C19 ] VSS             C:\WINDOWS\system32\vssvc.exe
22:56:19.0505 0x34e8  VSS - ok
22:56:19.0534 0x34e8  [ 1D5CFF9D5751F9916DE9906472BF1E3D, E2E52485F00E93BEDD9C1930824494C00A19BA3CB16D7740FF28D5E83EC8139B ] VSSERV          C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
22:56:19.0550 0x34e8  VSSERV - ok
22:56:19.0557 0x34e8  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
22:56:19.0561 0x34e8  VSTXRAID - ok
22:56:19.0564 0x34e8  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
22:56:19.0565 0x34e8  vwifibus - ok
22:56:19.0568 0x34e8  [ 6B26AD573CCDD5209DF4397438B76354, 2C8AC314EC471F6D8B0B12D49D621360A10DCADA7C52E73596730C954FF89FCF ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
22:56:19.0569 0x34e8  vwififlt - ok
22:56:19.0572 0x34e8  [ 0B48E0DFB44EE475F4FD8A8EE599AF30, 28271D4CA0C642304CD8826A3D514F44E3391F9D6D07A1595BB30CE65E7E3494 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
22:56:19.0573 0x34e8  vwifimp - ok
22:56:19.0581 0x34e8  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\WINDOWS\system32\w32time.dll
22:56:19.0588 0x34e8  W32Time - ok
22:56:19.0591 0x34e8  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
22:56:19.0592 0x34e8  WacomPen - ok
22:56:19.0614 0x34e8  [ 92BF4B3EBD6F163B94B7A20C65E7B698, 293E6FEFA862690A7B75443D6495144313D759971B98B495A99AAB0D2CF1F350 ] wbengine        C:\WINDOWS\system32\wbengine.exe
22:56:19.0634 0x34e8  wbengine - ok
22:56:19.0644 0x34e8  [ 58F28103889817C93E5B5AFABC87E709, 547381B10DAC8A3CC16FB5DE6DF2FDA3CCD8F45DF581959FFF6E30875419B011 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
22:56:19.0651 0x34e8  WbioSrvc - ok
22:56:19.0658 0x34e8  [ 772365894F14652D376B2E5030179DC9, 3D917CED040456EB269BE2B82315CEAE3589FEC016DAE37FC5BC1C3D66DE3140 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
22:56:19.0663 0x34e8  Wcmsvc - ok
22:56:19.0672 0x34e8  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
22:56:19.0679 0x34e8  wcncsvc - ok
22:56:19.0682 0x34e8  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
22:56:19.0684 0x34e8  WcsPlugInService - ok
22:56:19.0687 0x34e8  [ 241895E8A9C158DF86E12FDD21033A32, 46D4BF6319271AC33EC1C7283053B91D38A3D5443F3F749E640253FDC2819679 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
22:56:19.0688 0x34e8  WdBoot - ok
22:56:19.0701 0x34e8  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
22:56:19.0714 0x34e8  Wdf01000 - ok
22:56:19.0721 0x34e8  [ C52148456E0F6EAD9E903020A79207FC, 7DEB2D7D09FB005A79E88FA8766B7EBE0396F0CA084D72269156874C727FBFF4 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
22:56:19.0724 0x34e8  WdFilter - ok
22:56:19.0728 0x34e8  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
22:56:19.0730 0x34e8  WdiServiceHost - ok
22:56:19.0734 0x34e8  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
22:56:19.0736 0x34e8  WdiSystemHost - ok
22:56:19.0740 0x34e8  [ 57F22324FAAF92ADF957B281E88F1743, 46CFBA6529E28756D73A00A211C3D72E9854E035EE6F2520066E074697A9745E ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
22:56:19.0742 0x34e8  WdNisDrv - ok
22:56:19.0745 0x34e8  WdNisSvc - ok
22:56:19.0751 0x34e8  [ 6588A957873326361AB1CAC4E76F8394, BE17880CEDCAE5ED3B983443E3777842646A3E48B661422A717656E11F6DBA94 ] WebClient       C:\WINDOWS\System32\webclnt.dll
22:56:19.0755 0x34e8  WebClient - ok
22:56:19.0761 0x34e8  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
22:56:19.0765 0x34e8  Wecsvc - ok
22:56:19.0768 0x34e8  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
22:56:19.0770 0x34e8  WEPHOSTSVC - ok
22:56:19.0774 0x34e8  [ AA1315B87D9B2E39584165318A59F15D, CD19608BE1F6B7AECF802F8D2DD4FCBDAA29450ED37F7D040DC6453924C7B0FE ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
22:56:19.0776 0x34e8  wercplsupport - ok
22:56:19.0780 0x34e8  [ 22B4C24AB921BFF7827FFBCA1F4E1BB3, B634F7018097A8E4EECDD9F032DF6A0FB6817FC3DEB92BCE6A0965B5D71D8DFA ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
22:56:19.0783 0x34e8  WerSvc - ok
22:56:19.0787 0x34e8  [ 2E3E82D7B1076B90F4E228A8EF17B261, 0492F8E0BE09DAD9922E85CCA7BCB1548CB9DC5841F46174A0657FDC59AAC3CE ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
22:56:19.0789 0x34e8  WFPLWFS - ok
22:56:19.0793 0x34e8  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
22:56:19.0795 0x34e8  WiaRpc - ok
22:56:19.0798 0x34e8  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
22:56:19.0798 0x34e8  WIMMount - ok
22:56:19.0800 0x34e8  WinDefend - ok
22:56:19.0816 0x34e8  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
22:56:19.0826 0x34e8  WinHttpAutoProxySvc - ok
22:56:19.0833 0x34e8  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
22:56:19.0836 0x34e8  Winmgmt - ok
22:56:19.0838 0x34e8  WinRing0_1_2_0 - ok
22:56:19.0873 0x34e8  [ 690C3FC5C9DBD6B9AEDF8341EC720E41, 0E4412BB6DEB5761F7A889FD90821FAFD7C6E173F449EAB3A0446BA653D6AD0C ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
22:56:19.0906 0x34e8  WinRM - ok
22:56:19.0933 0x34e8  [ 728D3349FAB251B0265EFA55C67DCA2D, 676D2C9CF16DD333BF99FD5EC31B8F53E5295553E19BED5CF94620EE59345777 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
22:56:19.0951 0x34e8  WlanSvc - ok
22:56:19.0974 0x34e8  [ C2838466CCC44FAEF2C3D4C1E5971ECB, 4CA5B1632302E59E754CEA5B3CA3977D8CE9DC7B2E8673B450BBF0D646AD7AD8 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
22:56:19.0994 0x34e8  wlidsvc - ok
22:56:19.0999 0x34e8  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
22:56:19.0999 0x34e8  WmiAcpi - ok
22:56:20.0006 0x34e8  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
22:56:20.0009 0x34e8  wmiApSrv - ok
22:56:20.0014 0x34e8  [ E746BCDBA2E02CF6B8D6B26FB167FBE0, 8875BBE444A33E0C477EF1A3899955501B7E0A9479CA8AA20DD8E6AA0D9A71E6 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
22:56:20.0015 0x34e8  wpcfltr - ok
22:56:20.0018 0x34e8  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
22:56:20.0019 0x34e8  WPCSvc - ok
22:56:20.0023 0x34e8  [ D27491CFCE452C154CECFA155AD0EBC8, 1F3F74C253E3B07DE7EFE27C34DD9AF08617C7B03BB44C2902F69BA9DA3F21F2 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
22:56:20.0026 0x34e8  WPDBusEnum - ok
22:56:20.0029 0x34e8  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
22:56:20.0030 0x34e8  WpdUpFltr - ok
22:56:20.0033 0x34e8  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
22:56:20.0033 0x34e8  ws2ifsl - ok
22:56:20.0038 0x34e8  [ 5CFA46C4ACB2FD70572017052378DAE5, F09134C4433A9E174889A16F29EA6628045B21BE4FA85275ACFD24D5DFB0D937 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
22:56:20.0041 0x34e8  wscsvc - ok
22:56:20.0045 0x34e8  WSearch - ok
22:56:20.0092 0x34e8  [ D8E3A4701376CCFD0BE542D745FA4809, CF267B5507BD02EEB6BF051534E900D592682D11159A6A13C38AE70B3CCC081F ] WSService       C:\WINDOWS\System32\WSService.dll
22:56:20.0134 0x34e8  WSService - ok
22:56:20.0184 0x34e8  [ 86D0BF4F792053A50D6EE43DFA5837A5, 5705DAB9C5896F10757630439AC8FEAB5754251C6C90E9E8449220A65D1E95D5 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
22:56:20.0222 0x34e8  wuauserv - ok
22:56:20.0229 0x34e8  [ 2FEAE33E9B2B56104596E1BA444405A9, 0A142F50E06F6224B9CB36B3CE62BE0B36DE8B8DB9F9E05D287DFB884CC7826E ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
22:56:20.0230 0x34e8  WudfPf - ok
22:56:20.0236 0x34e8  [ 19240C13F526125554B5370566F21A0A, 1DD88B092451CEC309A390319342BB4D36CE938BBE6D09127BBAA53960DD8E94 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
22:56:20.0239 0x34e8  WUDFRd - ok
22:56:20.0243 0x34e8  [ BB73CBC65AABC4EA0A5C6A1474A0A743, D644B3C6A7202CADDADB3B68FE1B2A7C76B023FE58F667EED4D538C1F4A65D64 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
22:56:20.0246 0x34e8  wudfsvc - ok
22:56:20.0255 0x34e8  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
22:56:20.0263 0x34e8  WwanSvc - ok
22:56:20.0273 0x34e8  ================ Scan global ===============================
22:56:20.0275 0x34e8  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\WINDOWS\system32\basesrv.dll
22:56:20.0283 0x34e8  [ 599F1244C60E3D6C28A8DA7FBA7A2C13, 992E5EB5E3ED6172DC986085532224A148A09A4E9A4DED9556F34533EE98E4D0 ] C:\WINDOWS\system32\winsrv.dll
22:56:20.0299 0x34e8  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\WINDOWS\system32\sxssrv.dll
22:56:20.0322 0x34e8  [ B4B610BBCB002EC478C6FD80CF915697, CE22B87A7C7C0D325CE66FB97E7318B4A41EE0BD14D902A410126A1EBBEAA6FB ] C:\WINDOWS\system32\services.exe
22:56:20.0328 0x34e8  [ Global ] - ok
22:56:20.0328 0x34e8  ================ Scan MBR ==================================
22:56:20.0329 0x34e8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:56:20.0355 0x34e8  \Device\Harddisk0\DR0 - ok
22:56:20.0355 0x34e8  ================ Scan VBR ==================================
22:56:20.0356 0x34e8  [ 4447EB48EC0E403F66ADD7B87FB4D2E0 ] \Device\Harddisk0\DR0\Partition1
22:56:20.0357 0x34e8  \Device\Harddisk0\DR0\Partition1 - ok
22:56:20.0358 0x34e8  [ D00A27D10E3BB5E1BE0F24B6403082FB ] \Device\Harddisk0\DR0\Partition2
22:56:20.0359 0x34e8  \Device\Harddisk0\DR0\Partition2 - ok
22:56:20.0359 0x34e8  Waiting for KSN requests completion. In queue: 95
22:56:21.0360 0x34e8  Waiting for KSN requests completion. In queue: 95
22:56:22.0370 0x34e8  AV detected via SS2: Bitdefender Antivirus, C:\Program Files\Bitdefender\Bitdefender\wscfix.exe ( 17.20.0.873 ), 0x41000 ( enabled : updated )
22:56:22.0370 0x34e8  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.4.304.0 ), 0x60100 ( disabled : updated )
22:56:22.0371 0x34e8  FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 7.0.53315.4132 ), 0x61010 ( enabled )
22:56:22.0371 0x34e8  FW detected via SS2: Bitdefender Firewall, C:\Program Files\Bitdefender\Bitdefender\wscfix.exe ( 17.20.0.873 ), 0x41010 ( enabled )
22:56:23.0528 0x34e8  ============================================================
22:56:23.0528 0x34e8  Scan finished
22:56:23.0528 0x34e8  ============================================================
22:56:23.0533 0x2cbc  Detected object count: 0
22:56:23.0533 0x2cbc  Actual detected object count: 0
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:52 PM

Posted 09 April 2014 - 03:02 AM

Nothing to see...

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Adiga88

Adiga88
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 09 April 2014 - 03:58 AM

Malewarebytes didn't find anything here is the log anyway

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.09.02

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16521
Muhannad :: MUHANNAD-PEESEA [limited]

09/04/2014 11:25:52
mbam-log-2014-04-09 (11-25-52).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 414709
Time elapsed: 16 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

And here is ESET log, it only found 3 potionally unwanted applicatiions

 

C:\Users\Muhannad\Downloads\cbsidlm-cbsi183-Pandora_Recovery-BP-10694796.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Muhannad\Downloads\ccsetup411.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Muhannad\Downloads\zafwSetupWeb_120_121_000.exe    Win32/Toolbar.Conduit potentially unwanted application



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:52 PM

Posted 09 April 2014 - 04:06 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Adiga88

Adiga88
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 09 April 2014 - 05:03 AM

Adwcleaner log

 

# AdwCleaner v3.023 - Report created 09/04/2014 at 12:14:29
# Updated 01/04/2014 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : Muhannad - MUHANNAD-PEESEA
# Running from : C:\Users\Muhannad\Downloads\adwcleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\hotspot shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hotspot shield
Folder Deleted : C:\Users\Muhannad\AppData\Roaming\hotspot shield
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\Users\Muhannad\AppData\Roaming\Mozilla\Firefox\Profiles\jmlp8w5v.default\searchplugins\zonealarm.xml
File Deleted : C:\Users\Muhannad\AppData\Roaming\Mozilla\Firefox\Profiles\jmlp8w5v.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Muhannad\AppData\Roaming\Mozilla\Firefox\Profiles\jmlp8w5v.default\prefs.js ]


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Muhannad\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2098 octets] - [09/04/2014 12:11:11]
AdwCleaner[S0].txt - [2055 octets] - [09/04/2014 12:14:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2115 octets] ##########
 

JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8.1 Pro x64
Ran by Muhannad on 09/04/2014 at 12:26:49.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Muhannad\AppData\Roaming\mozilla\firefox\profiles\jmlp8w5v.default\minidumps [18 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09/04/2014 at 12:49:49.26
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

SecurityCheck Log

 

 Results of screen317's Security Check version 0.99.81  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Bitdefender Antivirus   
Windows Defender        
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player     12.0.0.77  
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Comodo Firewall cmdagent.exe
 Bitdefender Bitdefender bdagent.exe  
 Bitdefender Bitdefender pmbxag.exe  
 Bitdefender Bitdefender pwdmanui.exe  
 Bitdefender Bitdefender antispam32 bdapppassmgr.exe
 Bitdefender Bitdefender seccenter.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:52 PM

Posted 09 April 2014 - 05:53 AM

Your system is clean! :)

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Adiga88

Adiga88
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 09 April 2014 - 04:03 PM

Thank you alot for the help really appreciate it :)



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:52 PM

Posted 10 April 2014 - 06:22 AM

You´re welcome! :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:52 PM

Posted 10 April 2014 - 06:22 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users