Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something crappy, which is blocking DDS from runnink


  • This topic is locked This topic is locked
17 replies to this topic

#1 buczubuczu

buczubuczu

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland, Silesia
  • Local time:06:06 AM

Posted 18 September 2014 - 04:32 PM

Good day people!
As the title says - I've started to get weird kind of (anti-)activity on my PC some time ago. I cannot run MBAM, avast! or Outpost Firewall anymore. They doesn't seem to start from the Autostart registries (second and third one) and MBAM (even with Chameleon) doesn't fix the problem. Also - DDS is only starting and finishing his job after this message "generating attach.txt. Please wait...". As you might have guessed - no log or file were created. I've already checked for them in windows search - no data.
Each time I'm trying to run anti-malware stuff, I'm getting the pop-up, which says "this program is blocked by group policy". Funny thing is - I've never messed up with anything connected with AppLocker (I'm using Win7 ultimate x86).

So, is it a good place to look for help if DDS won't generate any logs? Or should I just get rid of any single byte on system partition and start it all over again?

More of my fighting could be founded here http://www.bleepingcomputer.com/forums/t/547693/infected-with-stuff-which-doesnt-allow-to-run-firewall-mbam-avast-etc/

 

Thanks for any kind of help You can provide!

Also - my terrible mistake in the topic name! I know it should be "running" - anyone know how to change it without making new topic?


Edited by buczubuczu, 18 September 2014 - 04:33 PM.


BC AdBot (Login to Remove)

 


m

#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:06 AM

Posted 22 September 2014 - 02:50 PM

Hi buczubuczu and Welcome to BleepingComputer !

As I am currently in training, I am awaiting my Mentor to review my post before I can post here. I will advice you on what to do in my next reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:06 AM

Posted 22 September 2014 - 03:58 PM

Hello buczubuczu

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
 

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed

Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Please Download Farbar Recovery Scan Tool 32-Bit and save it to your Desktop.

  • Double Click the Program to Run it.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log FRST.txt and Additional.txt which will open in Notepad. Please copy and paste it to your reply.

Edited by seedy21, 22 September 2014 - 03:58 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 buczubuczu

buczubuczu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland, Silesia
  • Local time:06:06 AM

Posted 22 September 2014 - 04:52 PM

Good to see reply in my topic. I've done what You said, here are the logs. Program actually spend some time getting system errors - not sure why, although I'm not the big brain here.

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2014 01
Ran by Rafau (administrator) on SUPERXTRFULLWYP on 22-09-2014 23:45:40
Running from C:\Users\Rafau\Desktop
Platform: Windows 7 Professional (X86) OS Language: Polski (Polska)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)



==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Razer Synapse] => C:\Program Files\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [DeathAdder] => C:\Program Files\Razer\DeathAdder\razerhid.exe [248832 2012-01-14] ()
HKLM\...\Run: [OutpostMonitor] => C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe [3547192 2014-07-23] (Agnitum Ltd.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Agnitum <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Agnitum <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\.DEFAULT\...\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\Policies\Explorer: []
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: {275e97bd-78e1-11e0-a3f0-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: {38663bfd-e7ab-11e2-bbc5-00158315a310} - G:\setup.exe -a
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: {5bb0de84-1c73-11e4-b202-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: {72256ed0-2e94-11e3-be24-00241d7511ca} - G:\LaunchU3.exe -a
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: {9eb394a1-981f-11e0-888b-00158315a310} - J:\SETUP.EXE /AUTORUN
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll => c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll [837304 2014-07-23] (Agnitum Ltd.)
Startup: C:\Users\Rafau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avast! Free Antivirus.lnk
ShortcutTarget: avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Startup: C:\Users\Rafau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Users\Rafau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Rafau\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Rafau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fraps.lnk
ShortcutTarget: fraps.lnk -> C:\Fraps\fraps.exe (Beepa P/L)
Startup: C:\Users\Rafau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outpost Firewall Pro.lnk
ShortcutTarget: Outpost Firewall Pro.lnk -> C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: Outpost -> {33C9E362-3EDA-4930-8AFE-5DA39A8BB77A} => C:\Program Files\Agnitum\Outpost Firewall Pro\op_shell.dll No File
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> C:\Users\Rafau\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
ShellExecuteHooks:  - {4F07DA45-8170-4859-9B5F-037EF2970034} -  No File [ ]
Winsock: Catalog9 000000000100 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000101 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000102 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000103 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000104 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000105 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000106 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000107 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000108 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000109 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000110 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000111 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000112 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000113 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000114 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000115 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000116 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000117 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000118 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Winsock: Catalog9 000000000119 %SystemRoot%\system32\mswsock.dll [232448] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63

FireFox:
========
FF ProfilePath: C:\Users\Rafau\AppData\Roaming\Mozilla\Firefox\Profiles\5lcb0le0.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "ftp", " 194.141.96.247"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", " 194.141.96.247"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", " 194.141.96.247"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", " 194.141.96.247"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 -> c:\program files\real player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 -> c:\program files\real player\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files\real player\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.19 -> C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Rafau\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Rafau\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin HKCU: @torrentstream.net/tsplugin,version=2.0.2 -> C:\Users\Rafau\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Users\Rafau\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Rafau\AppData\Roaming\Mozilla\Firefox\Profiles\5lcb0le0.default\searchplugins\s-amazon-byskipity-int.xml
FF SearchPlugin: C:\Users\Rafau\AppData\Roaming\Mozilla\Firefox\Profiles\5lcb0le0.default\searchplugins\s-amazon.xml
FF SearchPlugin: C:\Users\Rafau\AppData\Roaming\Mozilla\Firefox\Profiles\5lcb0le0.default\searchplugins\startpage-https---polski.xml
FF SearchPlugin: C:\Users\Rafau\AppData\Roaming\Mozilla\Firefox\Profiles\5lcb0le0.default\searchplugins\wyszukiwanie-filmw-wideo-w-youtube.xml
FF Extension: Windows Media Player Extension for Firefox - C:\Users\Rafau\AppData\Roaming\Mozilla\Firefox\Profiles\5lcb0le0.default\Extensions\jid0-nRwp7VvCqZcSRTppwWz2npqGEKw@jetpack [2012-07-07]
FF Extension: ColorfulTabs - C:\Users\Rafau\AppData\Roaming\Mozilla\Firefox\Profiles\5lcb0le0.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-05-12]
FF Extension: about:addons-memory - C:\Users\Rafau\AppData\Roaming\Mozilla\Firefox\Profiles\5lcb0le0.default\Extensions\about-addons-memory@tn123.org.xpi [2013-03-18]
FF Extension: Ctrl-Tab - C:\Users\Rafau\AppData\Roaming\Mozilla\Firefox\Profiles\5lcb0le0.default\Extensions\ctrl-tab@design-noir.de.xpi [2011-08-02]
FF Extension: Flagfox - C:\Users\Rafau\AppData\Roaming\Mozilla\Firefox\Profiles\5lcb0le0.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-05-12]
FF Extension: Showcase - C:\Users\Rafau\AppData\Roaming\Mozilla\Firefox\Profiles\5lcb0le0.default\Extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}.xpi [2011-08-02]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Rafau\AppData\Roaming\Mozilla\Firefox\Profiles\5lcb0le0.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-09-17]
FF Extension: RightToClick - C:\Users\Rafau\AppData\Roaming\Mozilla\Firefox\Profiles\5lcb0le0.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2013-03-18]
FF Extension: Adblock Plus - C:\Users\Rafau\AppData\Roaming\Mozilla\Firefox\Profiles\5lcb0le0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: Greasemonkey - C:\Users\Rafau\AppData\Roaming\Mozilla\Firefox\Profiles\5lcb0le0.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-26]
FF HKLM\...\Firefox\Extensions: [{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}] - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-10-26]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://google.pl/
CHR StartupUrls: Default -> "hxxp://google.pl/"
CHR NewTab: Default -> "chrome-extension://pelmeidfhdlhlbjimpabfcbnnojbboma/index.html"
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\Rafau\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bouncy Mouse) - C:\Users\Rafau\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb [2011-11-11]
CHR Extension: (AdBlock) - C:\Users\Rafau\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-25]
CHR Extension: (AT_Porsche) - C:\Users\Rafau\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2011-05-08]
CHR Extension: (avast! Online Security) - C:\Users\Rafau\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-28]
CHR Extension: (YouRepeat) - C:\Users\Rafau\AppData\Local\Google\Chrome\User Data\Default\Extensions\idpjonelgkpmoamjkigojeifadlhlbna [2013-06-24]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Rafau\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-08-14]
CHR Extension: (Google Wallet) - C:\Users\Rafau\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-01]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-10-26]
CHR StartMenuInternet: Google Chrome - C:\Users\Rafau\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acssrv; C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe [2379184 2014-07-23] (Agnitum Ltd.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-09-28] (Advanced Micro Devices, Inc.) [File not signed]
S2 AODService; C:\Program Files\AMD\OverDrive\AODAssist.exe [137096 2013-02-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-02-20] (Flexera Software, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () [File not signed]
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [1244936 2013-09-06] (Raxco Software, Inc.)
R3 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2117384 2013-09-06] (Raxco Software, Inc.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-09-11] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 afw; C:\Windows\System32\DRIVERS\afw.sys [33888 2012-10-16] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\drivers\afwcore.sys [340688 2014-06-26] (Agnitum Ltd.)
R2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys [49248 2013-02-06] (Advanced Micro Devices)
S3 ASWFilt; C:\Windows\system32\Filt\ASWFilt.dll [78656 2011-06-15] (Agnitum Ltd.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-01] ()
S3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20576 2013-10-08] (IVT Corporation.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-03-03] (Avanquest Software) [File not signed]
S3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [39936 2009-08-10] (Cypress Semiconductor)
S3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [9728 2010-04-19] (Razer (Asia-Pacific) Pte Ltd)
R2 DefragFS; C:\Windows\system32\Drivers\DefragFS.sys [138768 2013-09-06] (Raxco Software, Inc.)
S3 EL90x; C:\Windows\System32\DRIVERS\el90XND5.SYS [156020 2001-07-16] (3Com Corporation) [File not signed]
R3 Envy24HFS; C:\Windows\System32\drivers\Envy24HF.sys [684352 2011-11-07] (VIA - IC Ensemble, Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2011-07-01] (LogMeIn, Inc.)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [23288 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [27256 2012-12-24] (IVT Corporation.)
R3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-01-31] (Logitech Inc.)
R3 LycoFltr; C:\Windows\System32\Drivers\Lycosa.sys [23680 2010-09-08] (Razer USA Ltd.)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
R2 PDFSFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [66832 2013-09-06] (Raxco Software, Inc.)
R3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [211712 2005-01-31] (Logitech Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2011-05-06] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2011-05-06] ()
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [199528 2011-12-02] (Realtek Semiconductor Corp.)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [30248 2014-05-19] (Razer Inc)
R3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [35112 2014-05-19] (Razer Inc)
R3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [131368 2014-05-19] (Razer Inc)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [28456 2014-05-19] (Razer Inc)
R3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [28456 2014-05-19] (Razer Inc)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
R1 SandBox; C:\Windows\System32\drivers\SandBox.sys [802528 2013-12-20] (Agnitum Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2011-06-16] () [File not signed]
U3 akg00eig; C:\Windows\system32\Drivers\akg00eig.sys [0 ] (Microsoft Corporation)
R3 ALSysIO; \??\C:\Users\Rafau\AppData\Local\Temp\ALSysIO.sys [X]
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 androidusb; System32\Drivers\lgandadb.sys [X]
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 cmudaxp; system32\drivers\cmudaxp.sys [X]
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 23:45 - 2014-09-22 23:46 - 00026522 _____ () C:\Users\Rafau\Desktop\FRST.txt
2014-09-22 23:45 - 2014-09-22 23:45 - 00000000 ____D () C:\FRST
2014-09-22 23:44 - 2014-09-22 23:45 - 01097728 _____ (Farbar) C:\Users\Rafau\Desktop\FRST.exe
2014-09-20 02:42 - 2014-09-20 02:43 - 70869117 _____ () C:\Users\Rafau\Desktop\AVICII _ RICK ASTLEY 2014 - Never Gonna Wake You Up.mp4
2014-09-18 23:41 - 2014-09-18 23:41 - 00108748 _____ () C:\Users\Rafau\Desktop\OTL.Txt
2014-09-13 19:14 - 2014-09-13 19:14 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-13 19:06 - 2014-09-13 19:06 - 295040447 _____ () C:\Windows\MEMORY.DMP
2014-09-13 19:06 - 2014-09-13 19:06 - 00145320 _____ () C:\Windows\Minidump\091314-21512-01.dmp
2014-09-12 13:53 - 2014-09-12 13:53 - 00001011 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-09-12 13:53 - 2014-09-12 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-09-12 13:53 - 2014-09-12 13:53 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-12 13:53 - 2014-09-12 13:53 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-09-12 13:47 - 2014-09-12 13:47 - 00688992 ____R (Swearware) C:\Users\Rafau\Desktop\dds.com
2014-09-11 23:16 - 2014-09-11 23:16 - 00000000 ____D () C:\rsit
2014-09-11 23:16 - 2014-09-11 23:16 - 00000000 ____D () C:\Program Files\trend micro
2014-09-11 20:19 - 2014-09-11 20:19 - 00000000 ____D () C:\zzz
2014-09-11 19:54 - 2014-09-11 19:54 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Ustawienia lokalne
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Szablony
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Moje dokumenty
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Menu Start
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moje wideo
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moje obrazy
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moja muzyka
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Dane aplikacji
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Historia
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Dane aplikacji
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 ____D () C:\Users\Administrator
2014-09-11 19:54 - 2013-05-13 03:01 - 00000000 ____D () C:\Users\Administrator\Documents\Visual Studio 2008
2014-09-11 19:54 - 2011-05-15 21:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2014-09-11 19:54 - 2009-07-14 06:42 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-11 19:54 - 2009-07-14 06:37 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-11 18:50 - 2014-09-11 18:50 - 00001034 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-11 18:50 - 2014-09-11 18:50 - 00000000 ____D () C:\Users\Rafau\Desktop\mbam-chameleon-3.1.4.0
2014-09-11 18:50 - 2014-09-11 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-11 18:50 - 2014-09-11 18:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-11 18:50 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-11 18:50 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-11 18:46 - 2014-09-11 19:49 - 00007764 _____ () C:\Windows\PFRO.log
2014-09-11 18:38 - 2014-09-11 18:38 - 00602112 _____ (OldTimer Tools) C:\Users\Rafau\Desktop\OTL.exe
2014-09-11 18:36 - 2014-09-17 01:17 - 00000000 ____D () C:\AdwCleaner
2014-09-11 18:36 - 2014-09-11 18:36 - 01370467 _____ () C:\Users\Rafau\Desktop\AdwCleaner.exe
2014-09-11 12:27 - 2014-09-11 12:27 - 00000000 ___HD () C:\Windows\PIF
2014-09-11 12:24 - 2014-09-11 12:24 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Rafau\Desktop\rkill.com
2014-09-11 03:18 - 2014-09-11 03:18 - 00235882 _____ () C:\Users\Rafau\Desktop\chameleon.chm
2014-09-11 03:16 - 2014-09-21 11:07 - 00001392 _____ () C:\Users\Rafau\Desktop\Rkill.txt
2014-09-11 03:07 - 2014-09-19 15:44 - 00001663 _____ () C:\Windows\setupact.log
2014-09-11 03:07 - 2014-09-11 03:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-11 03:03 - 2014-09-11 03:03 - 00009578 _____ () C:\Users\Rafau\Desktop\safer.reg
2014-09-11 02:59 - 2014-09-11 02:59 - 04872677 _____ () C:\Users\Rafau\Desktop\mbam-chameleon-3.1.4.0.zip
2014-09-11 02:26 - 2014-09-11 02:59 - 00007426 __RSH () C:\ProgramData\ntuser.pol
2014-09-11 02:14 - 2014-09-11 02:14 - 00000000 ____D () C:\Users\Rafau\AppData\Local\Ubisoft Game Launcher
2014-09-11 02:13 - 2014-09-11 02:13 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-09-11 02:13 - 2014-09-11 02:13 - 00000000 ____D () C:\Program Files\Ubisoft
2014-08-28 14:48 - 2014-08-28 14:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motusbdevice_01007.Wdf
2014-08-28 14:37 - 2014-08-28 14:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motmodem_01007.Wdf
2014-08-28 14:31 - 2014-08-28 14:31 - 00000000 ____D () C:\Program Files\Motorola Mobility
2014-08-28 14:31 - 2014-08-28 14:31 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
2014-08-28 14:23 - 2014-08-28 14:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Motousbnet_01007.Wdf
2014-08-28 14:23 - 2014-08-28 14:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motfilt_01007.Wdf
2014-08-28 14:23 - 2014-08-28 14:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motccgpfl_01007.Wdf
2014-08-28 14:23 - 2014-08-28 14:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motccgp_01007.Wdf
2014-08-26 22:33 - 2014-08-26 22:33 - 00000000 ____D () C:\Users\Rafau\AppData\Local\Reflections
2014-08-24 13:07 - 2014-09-22 00:15 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\Mp3tag
2014-08-24 13:06 - 2014-08-24 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-08-24 13:06 - 2014-08-24 13:06 - 00000000 ____D () C:\Program Files\Mp3tag

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 23:46 - 2014-09-22 23:45 - 00026522 _____ () C:\Users\Rafau\Desktop\FRST.txt
2014-09-22 23:46 - 2011-05-07 23:18 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\Skype
2014-09-22 23:45 - 2014-09-22 23:45 - 00000000 ____D () C:\FRST
2014-09-22 23:45 - 2014-09-22 23:44 - 01097728 _____ (Farbar) C:\Users\Rafau\Desktop\FRST.exe
2014-09-22 23:39 - 2012-06-04 13:50 - 00217679 _____ () C:\Windows\system32\config\rules.rdb
2014-09-22 23:16 - 2011-12-17 10:58 - 01463302 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 09:52 - 2009-07-14 06:34 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 09:52 - 2009-07-14 06:34 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 00:15 - 2014-08-24 13:07 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\Mp3tag
2014-09-21 20:36 - 2011-05-07 21:48 - 00006252 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-21 20:36 - 2009-07-19 13:48 - 24718594 _____ () C:\Windows\system32\perfh015.dat
2014-09-21 20:36 - 2009-07-19 13:48 - 08437630 _____ () C:\Windows\system32\perfc015.dat
2014-09-21 19:48 - 2011-10-02 18:52 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\foobar2000
2014-09-21 16:53 - 2009-07-14 04:04 - 00000631 _____ () C:\Windows\win.ini
2014-09-21 16:53 - 2009-07-14 04:04 - 00000245 _____ () C:\Windows\system.ini
2014-09-21 11:07 - 2014-09-11 03:16 - 00001392 _____ () C:\Users\Rafau\Desktop\Rkill.txt
2014-09-20 20:54 - 2013-10-24 16:17 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\Media Player Classic
2014-09-20 02:43 - 2014-09-20 02:42 - 70869117 _____ () C:\Users\Rafau\Desktop\AVICII _ RICK ASTLEY 2014 - Never Gonna Wake You Up.mp4
2014-09-19 15:52 - 2011-05-12 16:18 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-09-19 15:44 - 2014-09-11 03:07 - 00001663 _____ () C:\Windows\setupact.log
2014-09-19 11:41 - 2011-12-14 14:42 - 00000476 _____ () C:\Windows\wininit.ini
2014-09-19 11:40 - 2011-06-02 16:08 - 00000000 ___RD () C:\Users\Rafau\Dropbox
2014-09-19 11:40 - 2011-06-02 16:06 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\Dropbox
2014-09-19 11:40 - 2011-05-08 11:07 - 00000000 ____D () C:\Fraps
2014-09-19 11:39 - 2013-07-08 14:12 - 00000000 ____D () C:\Temp
2014-09-19 11:27 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-19 01:55 - 2012-06-05 00:55 - 00523846 _____ () C:\Windows\system32\config\afw_db.conf
2014-09-19 01:55 - 2012-06-05 00:55 - 00000752 _____ () C:\Windows\system32\config\afw_hm.conf
2014-09-18 23:41 - 2014-09-18 23:41 - 00108748 _____ () C:\Users\Rafau\Desktop\OTL.Txt
2014-09-18 13:12 - 2014-03-07 17:04 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\.purple
2014-09-17 21:21 - 2011-08-10 01:17 - 00935936 _____ () C:\Windows\system32\config\sscan.xas
2014-09-17 02:02 - 2011-05-07 23:10 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\IrfanView
2014-09-17 01:17 - 2014-09-11 18:36 - 00000000 ____D () C:\AdwCleaner
2014-09-15 14:49 - 2011-05-08 11:01 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\uTorrent
2014-09-15 10:57 - 2010-05-07 22:15 - 00000000 ____D () C:\Users\Rafau\Desktop\torrenty
2014-09-13 19:14 - 2014-09-13 19:14 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-13 19:14 - 2011-05-07 23:18 - 00000000 ____D () C:\ProgramData\Skype
2014-09-13 19:06 - 2014-09-13 19:06 - 295040447 _____ () C:\Windows\MEMORY.DMP
2014-09-13 19:06 - 2014-09-13 19:06 - 00145320 _____ () C:\Windows\Minidump\091314-21512-01.dmp
2014-09-13 19:06 - 2011-12-04 21:43 - 00000000 ____D () C:\Windows\Minidump
2014-09-13 05:36 - 2010-01-23 12:16 - 00000000 ____D () C:\Users\Rafau\Desktop\Gry
2014-09-12 13:55 - 2013-02-20 21:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-12 13:53 - 2014-09-12 13:53 - 00001011 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-09-12 13:53 - 2014-09-12 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-09-12 13:53 - 2014-09-12 13:53 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-12 13:53 - 2014-09-12 13:53 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-09-12 13:47 - 2014-09-12 13:47 - 00688992 ____R (Swearware) C:\Users\Rafau\Desktop\dds.com
2014-09-11 23:16 - 2014-09-11 23:16 - 00000000 ____D () C:\rsit
2014-09-11 23:16 - 2014-09-11 23:16 - 00000000 ____D () C:\Program Files\trend micro
2014-09-11 20:19 - 2014-09-11 20:19 - 00000000 ____D () C:\zzz
2014-09-11 19:54 - 2014-09-11 19:54 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Ustawienia lokalne
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Szablony
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Moje dokumenty
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Menu Start
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moje wideo
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moje obrazy
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moja muzyka
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\Dane aplikacji
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Historia
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Dane aplikacji
2014-09-11 19:54 - 2014-09-11 19:54 - 00000000 ____D () C:\Users\Administrator
2014-09-11 19:49 - 2014-09-11 18:46 - 00007764 _____ () C:\Windows\PFRO.log
2014-09-11 19:15 - 2012-09-29 16:22 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-09-11 19:14 - 2014-05-09 11:55 - 00000000 ____D () C:\Users\Rafau\AppData\Local\21624
2014-09-11 18:50 - 2014-09-11 18:50 - 00001034 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-11 18:50 - 2014-09-11 18:50 - 00000000 ____D () C:\Users\Rafau\Desktop\mbam-chameleon-3.1.4.0
2014-09-11 18:50 - 2014-09-11 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-11 18:50 - 2014-09-11 18:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-11 18:50 - 2011-05-12 16:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 18:41 - 2011-05-07 21:44 - 00000000 ____D () C:\Users\Rafau
2014-09-11 18:38 - 2014-09-11 18:38 - 00602112 _____ (OldTimer Tools) C:\Users\Rafau\Desktop\OTL.exe
2014-09-11 18:36 - 2014-09-11 18:36 - 01370467 _____ () C:\Users\Rafau\Desktop\AdwCleaner.exe
2014-09-11 14:54 - 2013-02-20 14:43 - 00000000 ____D () C:\Users\Rafau\AppData\Local\Downloaded Installations
2014-09-11 14:41 - 2010-09-22 20:30 - 00000000 ____D () C:\Users\Rafau\Desktop\rozne
2014-09-11 12:27 - 2014-09-11 12:27 - 00000000 ___HD () C:\Windows\PIF
2014-09-11 12:24 - 2014-09-11 12:24 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Rafau\Desktop\rkill.com
2014-09-11 03:18 - 2014-09-11 03:18 - 00235882 _____ () C:\Users\Rafau\Desktop\chameleon.chm
2014-09-11 03:10 - 2011-05-12 16:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-09-11 03:07 - 2014-09-11 03:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-11 03:03 - 2014-09-11 03:03 - 00009578 _____ () C:\Users\Rafau\Desktop\safer.reg
2014-09-11 02:59 - 2014-09-11 02:59 - 04872677 _____ () C:\Users\Rafau\Desktop\mbam-chameleon-3.1.4.0.zip
2014-09-11 02:59 - 2014-09-11 02:26 - 00007426 __RSH () C:\ProgramData\ntuser.pol
2014-09-11 02:14 - 2014-09-11 02:14 - 00000000 ____D () C:\Users\Rafau\AppData\Local\Ubisoft Game Launcher
2014-09-11 02:13 - 2014-09-11 02:13 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-09-11 02:13 - 2014-09-11 02:13 - 00000000 ____D () C:\Program Files\Ubisoft
2014-09-11 02:13 - 2014-05-29 01:14 - 00282512 _____ () C:\Windows\system32\PnkBstrB.exe
2014-09-11 02:13 - 2014-05-29 01:14 - 00076888 _____ () C:\Windows\system32\PnkBstrA.exe
2014-09-11 01:18 - 2012-09-14 18:12 - 00000345 _____ () C:\Users\Rafau\AppData\Roaming\Drives Meter_Settings.ini
2014-09-11 01:13 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-11 01:04 - 2012-01-22 02:34 - 00000000 ____D () C:\ProgramData\Origin
2014-09-11 00:42 - 2012-01-22 02:33 - 00000000 ____D () C:\Program Files\Origin
2014-09-11 00:32 - 2012-02-12 01:20 - 00000000 ____D () C:\Users\Rafau\Documents\My Games
2014-09-11 00:18 - 2011-06-16 16:55 - 00006073 _____ () C:\Windows\cdplayer.ini
2014-09-11 00:18 - 2011-06-16 16:52 - 00001534 _____ () C:\ProgramData\ss.ini
2014-09-11 00:17 - 2014-03-31 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-09-11 00:15 - 2014-03-31 20:05 - 00000000 ____D () C:\ProgramData\EPSON
2014-09-11 00:03 - 2014-05-01 21:44 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\.minecraft
2014-09-10 02:12 - 2014-06-02 23:10 - 00022931 _____ () C:\Users\Rafau\Desktop\nauka do sesji w pełni.xlsx
2014-09-10 01:54 - 2014-08-01 17:26 - 00021812 _____ () C:\Users\Rafau\Desktop\statystyki #2.xlsx
2014-08-28 14:48 - 2014-08-28 14:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motusbdevice_01007.Wdf
2014-08-28 14:37 - 2014-08-28 14:37 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motmodem_01007.Wdf
2014-08-28 14:32 - 2013-07-08 14:11 - 00000000 ____D () C:\Program Files\Motorola
2014-08-28 14:31 - 2014-08-28 14:31 - 00000000 ____D () C:\Program Files\Motorola Mobility
2014-08-28 14:31 - 2014-08-28 14:31 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
2014-08-28 14:28 - 2011-05-07 21:52 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-28 14:23 - 2014-08-28 14:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Motousbnet_01007.Wdf
2014-08-28 14:23 - 2014-08-28 14:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motfilt_01007.Wdf
2014-08-28 14:23 - 2014-08-28 14:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motccgpfl_01007.Wdf
2014-08-28 14:23 - 2014-08-28 14:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_motccgp_01007.Wdf
2014-08-28 14:23 - 2014-06-19 09:09 - 00001394 _____ () C:\Windows\system32\lvcoinst.log
2014-08-27 16:50 - 2010-01-31 22:09 - 00000000 ____D () C:\Users\Rafau\Documents\OpenTTD
2014-08-26 22:33 - 2014-08-26 22:33 - 00000000 ____D () C:\Users\Rafau\AppData\Local\Reflections
2014-08-25 06:53 - 2011-05-07 22:02 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-24 13:06 - 2014-08-24 13:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-08-24 13:06 - 2014-08-24 13:06 - 00000000 ____D () C:\Program Files\Mp3tag

Files to move or delete:
====================
C:\ProgramData\hpe5C3D.dll


Some content of TEMP:
====================
C:\Users\Rafau\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcjj6zq.dll
C:\Users\Rafau\AppData\Local\Temp\op_install.dll
C:\Users\Rafau\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2009-07-14 01:24] - [2009-07-14 03:16] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-07 13:44

==================== End Of Log ============================

Additional.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-09-2014 01
Ran by Rafau at 2014-09-22 23:46:51
Running from C:\Users\Rafau\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
2027 version 1.2.1 (HKLM\...\{999EDFF6-2F0E-41EE-8445-DB81404366B3}_is1) (Version: 1.2.1 - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.6.602.180 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Age of Empires® III: Complete Collection (HKLM\...\Steam App 105450) (Version:  - )
AIDA64 Extreme Edition v2.80 (HKLM\...\AIDA64 Extreme Edition_is1) (Version: 2.80 - FinalWire Ltd.)
Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version:  - Microsoft)
Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version:  - Microsoft)
Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version:  - Microsoft)
AMD Accelerated Video Transcoding (Version: 12.5.100.20928 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{A2EAE643-8804-9420-5DBE-2752D6957964}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2012.0928.1532.26058 - Nazwa firmy) Hidden
AMD Media Foundation Decoders (Version: 1.0.70928.1538 - Advanced Micro Devices, Inc.) Hidden
AMD OverDrive (HKLM\...\{973620A0-7EA9-4D9D-95B7-349B78664AC7}) (Version: 4.2.6.0638 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (Version: 2012.0928.1532.26058 - Nazwa firmy) Hidden
Android Commander version 0.7.9.8.2.01 (HKLM\...\Android Commander_is1) (Version: 0.7.9.8.2.01 - )
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audiosurf (HKLM\...\Steam App 12900) (Version:  - BestGameEver)
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 Language Pack - English (Version: 19.0.55.0 - Autodesk) Hidden
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Canon iP6210D (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP6210D) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.0928.1531.26058 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.0928.1532.26058 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
Cool Edit Pro 2.0 (HKLM\...\Cool Edit Pro 2.0) (Version:  - )
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Counter-Strike (HKLM\...\Steam App 10) (Version:  - Valve)
Deus Ex (HKLM\...\DeusEx_is1) (Version:  - )
Deus Ex: Human Revolution - The Missing Link (HKLM\...\Steam App 201280) (Version:  - Eidos Montreal)
Deus Ex: Human Revolution (HKLM\...\Steam App 28050) (Version:  - Eidos Montreal)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
Far Cry® 3 (HKLM\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
ffdshow (remove only) (HKLM\...\ffdshow) (Version:  - )
Flashtool (HKLM\...\Flashtool) (Version: 0.9.13.0 - Androxyde)
FMRTE 13.3.3.62 (HKLM\...\{13416834-B10B-4DD4-8213-C8D66A157D7E}_is1) (Version: 13.3.3.62 - Raul Bravo)
foobar2000 v1.1.14a (HKLM\...\foobar2000) (Version: 1.1.14a - Peter Pawlowski)
Football Manager 2012 (HKLM\...\Steam App 71270) (Version:  - SI Games)
Football Manager 2013 (HKLM\...\Steam App 207890) (Version:  - Sports Interactive)
Football Manager 2013 Editor (HKLM\...\Steam App 220600) (Version:  - Sports Interactive)
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
FreeRIP MP3 Converter 4.5.1 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.1 - GreenTree Applications SRL)
FTL: Faster Than Light (HKLM\...\Steam App 212680) (Version:  - )
Game Dev Tycoon (HKLM\...\Steam App 239820) (Version:  - Greenheart Games)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Team Garry)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM\...\Steam App 12210) (Version:  - Rockstar)
Grand Theft Auto IV (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (HKLM\...\Steam App 12220) (Version:  - Rockstar)
Half-Life (HKLM\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM\...\Steam App 420) (Version:  - Valve)
Hard Reset (HKLM\...\Steam App 98400) (Version:  - Flying Wild Hog)
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version:  - EFD Software)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Hotline Miami (HKLM\...\Steam App 219150) (Version:  - )
iFree Skype Recorder 4.0.9 (HKLM\...\iFree Skype Recorder) (Version: 4.0.9 - iFree Skype Recorder)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 9.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 9.1.0 - )
Left 4 Dead 2 (HKLM\...\Steam App 550) (Version:  - Valve)
Lone Survivor (HKLM\...\Steam App 209830) (Version:  - )
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware wersja 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Matrix-ks (HKLM\...\{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4}) (Version: 3.6 - KellySoftware)
Max Payne 3 (HKLM\...\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}) (Version: 1.0.0.0 - Rockstar Games)
MediaInfo 0.7.60 (HKLM\...\MediaInfo) (Version: 0.7.60 - MediaArea.net)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PLK Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended PLK Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Polish) 2007 (Version: 12.0.4518.1020 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Polish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 6.0 (HKLM\...\{067B277E-F94B-4F04-B380-BA967C00377C}_is1) (Version:  - MiniTool Solution Ltd.)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.9 - Motorola Mobility)
Motorola Device Software Update (Version: 13.02.1402 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.0.0 (Version: 6.0.0 - Motorola Inc.) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mp3tag v2.63 (HKLM\...\Mp3tag) (Version: v2.63 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyTomTom 3.2.0.906 (HKLM\...\MyTomTom) (Version: 3.2.0.906 - TomTom)
NapiProjekt 2.0.0 (build 1836) (HKLM\...\NapiProjekt_is1) (Version:  - )
Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version:  - )
New Star Soccer 3 (HKLM\...\New Star Soccer 3) (Version:  - )
Nowe Gadu-Gadu (HKLM\...\Nowe Gadu-Gadu) (Version:  - GG Network S.A.)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenAL (HKLM\...\OpenAL) (Version:  - )
OpenOffice.org 3.3 (HKLM\...\{EB87675F-5281-4767-A54B-31931794C23D}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Outpost Firewall Pro 9.1 (HKLM\...\Agnitum Outpost Firewall Pro_is1) (Version: 9.1 - Agnitum, Ltd.)
Pazera Free Audio Extractor 1.4 (HKLM\...\{6899C238-3E4A-4A04-B251-A0C9EDC7EDBC}_is1) (Version: 1.4 - Pazera Jacek)
Pazera Free MP4 to AVI Converter 1.6 (HKLM\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Jacek Pazera)
PDF To Excel Converter V3.0 (HKLM\...\PDF To Excel Converter_is1) (Version:  - http://www.PDFExcelConverter.com)
PerfectDisk 12 Professional (HKLM\...\{A3D5B54A-9792-404F-AE8B-BDA961EBA58E}) (Version: 12.00.290 - Raxco Software Inc.)
Pidgin (HKLM\...\Pidgin) (Version: 2.10.9 - )
Plants vs. Zombies: Game of the Year (HKLM\...\Steam App 3590) (Version:  - PopCap)
Platform (Version: 1.34 - VIA Technologies, Inc.) Hidden
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Portal (HKLM\...\Steam App 400) (Version:  - Valve)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Razer DeathAdder™ Mouse (HKLM\...\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}) (Version: 3.05 - Razer USA Ltd.)
Razer Synapse 2.0 (HKLM\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Real Alternative 2.0.2 (HKLM\...\RealAlt_is1) (Version: 2.0.2 - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6519 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6554 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
Rockstar Games Social Club (HKLM\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
S.T.A.L.K.E.R.: Clear Sky (HKLM\...\Steam App 20510) (Version:  - GSC Game World)
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM\...\Steam App 4500) (Version:  - GSC Game World)
Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
ScanSoft PDF Converter 3.0 (HKLM\...\{602A205F-8D02-48EE-8782-262B2103B984}) (Version: 3.00.0000 - ScanSoft, Inc)
Sims 3 - Nude Censor Remover (HKLM\...\xSIMS_Censor_Remover_TS3) (Version:  - )
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Sony Ericsson PC Suite 6.011.00 (HKLM\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 6.011.00 - Sony Ericsson)
SopCast 3.8.2 (HKLM\...\SopCast) (Version: 3.8.2 - www.sopcast.com)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steam Marines (HKLM\...\Steam App 253630) (Version:  - )
SUPER © v2013.build.57+Recorder (2013/07/13) wersja v2013.build (HKLM\...\{8E2A1F92-9B4F-4DF9-8459-B736B0831C69}_is1) (Version: v2013.build.57+Recorder - eRightSoft)
Super Hexagon (HKLM\...\Steam App 221640) (Version:  - Terry Cavanagh)
Surfer 9 (HKLM\...\Surfer 9) (Version:  - Golden Software)
Surfer 9 (Version: 9.8.669 - Golden Software, Inc.) Hidden
System Shock 2 (HKLM\...\Steam App 238210) (Version:  - Irrational Games)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
The Nameless Mod (HKLM\...\The Nameless Mod) (Version:  - )
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)
The Sims™ 3 Nowoczesny apartament Akcesoria (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts)
The Sims™ 3 Wymarzone Podróże (HKLM\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Walking Dead (HKLM\...\Steam App 207610) (Version:  - )
Torrent Stream 2.0.2 (HKCU\...\TorrentStream) (Version: 2.0.2 - Torrent Stream)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.0 - Ghisler Software GmbH)
TrackMania Nations Forever (HKLM\...\Steam App 11020) (Version:  - Nadeo)
UltraISO Premium V8.62 (HKLM\...\UltraISO_is1) (Version:  - )
Universe Sandbox (HKLM\...\Steam App 72200) (Version:  - Giant Army)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (HKLM\...\{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{34C79AF1-F9A4-43C6-91CA-03E4AB87CF81}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)
Update Service (HKLM\...\Update Service) (Version: 2.10.3.25 - Sony Ericsson Mobile Communications AB)
Uplay (HKLM\...\Uplay) (Version: 2.0 - Ubisoft)
Veetle TV (HKLM\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc)
VIA Platforma Menedżera urządzeń (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM\...\x264vfw) (Version:  - )
XCOM: Enemy Unknown (HKLM\...\Steam App 200510) (Version:  - Firaxis Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Rafau\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{010833F3-751A-402F-9FCC-C365B6A12E41}\localserver32 -> C:\Users\Rafau\Desktop\BESTPL~1.EXE (Karol Winnicki)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\ProgramData\Skype Extras\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\ProgramData\Skype Extras\ezPMUtils.dll (EasyBits Media)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{5b55a44a-d008-49aa-9234-86fb7709bc0a}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Rafau\AppData\Local\Google\Chrome\Application\33.0.1750.154\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rafau\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rafau\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rafau\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rafau\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rafau\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rafau\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rafau\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-232082853-2929556137-3554894394-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Rafau\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2011-05-08 00:52 - 00000921 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A8B224D-B8C5-4216-B5D4-3E203458C0B3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-01] (AVAST Software)
Task: {0E3D930C-6254-4737-AE5A-D03DA691F170} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {1637BDE9-693F-4767-B216-B73DE390BCC0} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2010-12-24] (Beepa P/L)
Task: {336AE352-B1B6-48D4-89A8-9A1CF4419503} - System32\Tasks\Core Temp Autostart Rafau => C:\Program Files\Core Temp\Core Temp.exe [2012-01-25] ()
Task: {44A7D481-054A-4D92-9AD2-21D5A1349EAC} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {46DFA03E-5006-4BF5-8A62-F5FAA8D6A7FC} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-232082853-2929556137-3554894394-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {561110EA-2093-46FE-B268-D97DEDE4E5BA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-232082853-2929556137-3554894394-1000Core => C:\Users\Rafau\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {5D7FD09C-4DBA-4BE3-87AB-A97F302E5ADD} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {725B9256-47F5-49DA-BB38-5C47EB73EF25} - System32\Tasks\{B0E6F8B1-B07C-4791-809B-C637E893D0BC} => Firefox.exe http://ui.skype.com/ui/0/5.5.0.124/en/abandoninstall?page=tsPlugin&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {78914833-EA08-47EE-B430-2114E763F885} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {817FE188-A8BC-44B3-BAE9-1C7D5AC302B0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8E13B138-2DAE-473B-82E6-6772F6631A71} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-232082853-2929556137-3554894394-1000UA => C:\Users\Rafau\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {ACEABC17-DDD0-4E95-AFAA-27C40AC1AA51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {AEF5A7F2-74B8-41E0-A119-1D6E82128880} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-232082853-2929556137-3554894394-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {B07BB5B3-98D6-4B7F-88B4-946FCE623C89} - System32\Tasks\{175ECA04-E906-4C63-B8CB-B3046B271C3B} => C:\Program Files\Skype\\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {B77AA4EF-5460-4857-8D1B-7D781A56D219} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232082853-2929556137-3554894394-1000Core.job => C:\Users\Rafau\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-232082853-2929556137-3554894394-1000UA.job => C:\Users\Rafau\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\acssrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acssrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Rafau^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gg.lnk => C:\Windows\pss\gg.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Rafau^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^pidgin.lnk => C:\Windows\pss\pidgin.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Rafau^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Steam.lnk => C:\Windows\pss\Steam.lnk.Startup
MSCONFIG\startupreg: EjislUzurq => regsvr32.exe "C:\ProgramData\EjislUzurq\EjislUzurq.dat"
MSCONFIG\startupreg: HDSoft => "C:\Program Files\iFree Skype Recorder\irecorder.exe"
MSCONFIG\startupreg: MyTomTomSA.exe => "C:\Program Files\MyTomTom 3\MyTomTomSA.exe"

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2014 08:36:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.

Error: (09/21/2014 08:36:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error: (09/21/2014 08:36:31 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error: (09/21/2014 08:33:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.

Error: (09/21/2014 08:33:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error: (09/21/2014 08:33:51 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: ZARZĄDZANIE NT)
Description: Ciągi wydajności w wartości rejestru wydajności są uszkodzone, kiedy proces wykonuje następującą operację na dostawcy licznika rozszerzeń: Performance. Wartość BaseIndex z rejestru wydajności to pierwszy wpis DWORD w sekcji danych Data, wartość LastCounter to drugi wpis DWORD, a wartość LastHelp to trzeci wpis DWORD w sekcji Data.

Error: (09/21/2014 06:15:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: fm.exe, wersja: 13.3.3.31972, sygnatura czasowa: 0x514c8b4d
Nazwa modułu powodującego błąd: fm.exe, wersja: 13.3.3.31972, sygnatura czasowa: 0x514c8b4d
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x014dbcc0
Identyfikator procesu powodującego błąd: 0x1010
Godzina uruchomienia aplikacji powodującej błąd: 0xfm.exe0
Ścieżka aplikacji powodującej błąd: fm.exe1
Ścieżka modułu powodującego błąd: fm.exe2
Identyfikator raportu: fm.exe3

Error: (09/21/2014 01:00:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: fm.exe, wersja: 13.3.3.31972, sygnatura czasowa: 0x514c8b4d
Nazwa modułu powodującego błąd: fm.exe, wersja: 13.3.3.31972, sygnatura czasowa: 0x514c8b4d
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x014dbcc0
Identyfikator procesu powodującego błąd: 0x16e0
Godzina uruchomienia aplikacji powodującej błąd: 0xfm.exe0
Ścieżka aplikacji powodującej błąd: fm.exe1
Ścieżka modułu powodującego błąd: fm.exe2
Identyfikator raportu: fm.exe3

Error: (09/18/2014 11:12:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: MotoHelperAgent.exe, wersja: 2.3.4.0, sygnatura czasowa: 0x5150a833
Nazwa modułu powodującego błąd: MotoHelperAgent.exe, wersja: 2.3.4.0, sygnatura czasowa: 0x5150a833
Kod wyjątku: 0x40000015
Przesunięcie błędu: 0x000375bf
Identyfikator procesu powodującego błąd: 0x8ec
Godzina uruchomienia aplikacji powodującej błąd: 0xMotoHelperAgent.exe0
Ścieżka aplikacji powodującej błąd: MotoHelperAgent.exe1
Ścieżka modułu powodującego błąd: MotoHelperAgent.exe2
Identyfikator raportu: MotoHelperAgent.exe3

Error: (09/16/2014 11:51:26 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: ZARZĄDZANIE NT)
Description: Nie można usunąć z pamięci ciągów licznika wydajności dla usługi WmiApRpl (WmiApRpl). Pierwszy wpis DWORD w sekcji danych (Data) zawiera kod błędu.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/31/2014 11:55:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6679.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/04/2014 04:52:57 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6679.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 216 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (07/02/2014 04:41:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6679.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1610 seconds with 720 seconds of active time.  This session ended with a crash.

Error: (04/27/2014 09:36:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6679.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15052 seconds with 2400 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 73%
Total physical RAM: 3325.55 MB
Available physical RAM: 872.15 MB
Total Pagefile: 6649.39 MB
Available Pagefile: 2404.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1876.92 MB

==================== Drives ================================

Drive c: (Samsung System) (Fixed) (Total:199.99 GB) (Free:75.59 GB) NTFS
Drive d: (Samsung Inne) (Fixed) (Total:198.63 GB) (Free:102.58 GB) NTFS
Drive e: (Sims3SP01) (CDROM) (Total:4.52 GB) (Free:0 GB) UDF
Drive g: (SANSA CLIPP) (Removable) (Total:7.37 GB) (Free:0.61 GB) FAT32
Drive h: (16GB MP3) (Removable) (Total:14.83 GB) (Free:6.48 GB) FAT32
Drive v: (TRANSCEND 1) (Fixed) (Total:99.97 GB) (Free:46.39 GB) FAT32
Drive w: (TRANSCEND 2) (Fixed) (Total:598.64 GB) (Free:2.68 GB) NTFS
Drive z: (Samsung Gry) (Fixed) (Total:300 GB) (Free:24.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AB4D186A)
Partition 1: (Not Active) - (Size=200 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=300 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=198.6 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: CC0DB276)
Partition 1: (Active) - (Size=100 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=598.6 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 7 (Size: 14.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



Have a nice reading through all of this!
And - thanks for the help! ;)



#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:06 AM

Posted 23 September 2014 - 02:55 PM

Hello buczubuczu

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent ). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

I suggest you remove it via add/remove.



Step 1

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Agnitum <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Agnitum <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: {275e97bd-78e1-11e0-a3f0-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: {38663bfd-e7ab-11e2-bbc5-00158315a310} - G:\setup.exe -a
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: {5bb0de84-1c73-11e4-b202-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: {72256ed0-2e94-11e3-be24-00241d7511ca} - G:\LaunchU3.exe -a
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: {9eb394a1-981f-11e0-888b-00158315a310} - J:\SETUP.EXE /AUTORUN
ShellExecuteHooks:  - {4F07DA45-8170-4859-9B5F-037EF2970034} -  No File [ ]
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Rafau\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Rafau\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U3 akg00eig; C:\Windows\system32\Drivers\akg00eig.sys [0 ] (Microsoft Corporation)
C:\Windows\system32\Drivers\akg00eig.sys
C:\Users\Rafau\AppData\Roaming\uTorrent
C:\ProgramData\hpe5C3D.dll
C:\Users\Rafau\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcjj6zq.dll
C:\Users\Rafau\AppData\Local\Temp\op_install.dll
C:\Users\Rafau\AppData\Local\Temp\SkypeSetup.exe
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
Hosts:
EmptyTemp:

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 2

We need to do a quick check on a file.

  • Go to VirusTotal.
  • Click Choose File.
  • Copy and paste the exact file name in bold:
    • C:\ProgramData\EjislUzurq\EjislUzurq.dat
  • Click Send.
  • Copy and paste back the results once VirusTotal has finished scanning the file.

Step 3

  • Download TDSSKiller and save it to your Desktop.
  • Unzip the folder (Right Click > Extract to your Desktop).
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.in the style of "TDSSKiller.[Version]_[Date]_[Time]_log.txt"


Edited by seedy21, 23 September 2014 - 02:58 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 buczubuczu

buczubuczu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland, Silesia
  • Local time:06:06 AM

Posted 23 September 2014 - 04:32 PM

All right, I've done what U asked. About that uTorrent - since some time I'm using it mostly to get music or movies. I ain't even gonna try to download some cracked games - almost all of them are infected with some kind of crap. Also - many cracked programs, which I also avoid. I know it's quite hard to get, but is there a chance to get infected via mp3 file or jpg cover? Or avi/txt file? I'm just thinking ahead.

Also - when FRST was doing it's job, fixing, it freezes and closed after finishing. Is that normal? He generated log file, which I'm attaching, but it looked weird.

Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-09-2014 01
Ran by Rafau at 2014-09-23 22:50:25 Run:1
Running from C:\Users\Rafau\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Agnitum <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Agnitum <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: {275e97bd-78e1-11e0-a3f0-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: {38663bfd-e7ab-11e2-bbc5-00158315a310} - G:\setup.exe -a
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: {5bb0de84-1c73-11e4-b202-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: {72256ed0-2e94-11e3-be24-00241d7511ca} - G:\LaunchU3.exe -a
HKU\S-1-5-21-232082853-2929556137-3554894394-1000\...\MountPoints2: {9eb394a1-981f-11e0-888b-00158315a310} - J:\SETUP.EXE /AUTORUN
ShellExecuteHooks:  - {4F07DA45-8170-4859-9B5F-037EF2970034} -  No File [ ]
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Rafau\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Rafau\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
U3 akg00eig; C:\Windows\system32\Drivers\akg00eig.sys [0 ] (Microsoft Corporation)
C:\Windows\system32\Drivers\akg00eig.sys
C:\Users\Rafau\AppData\Roaming\uTorrent
C:\ProgramData\hpe5C3D.dll
C:\Users\Rafau\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcjj6zq.dll
C:\Users\Rafau\AppData\Local\Temp\op_install.dll
C:\Users\Rafau\AppData\Local\Temp\SkypeSetup.exe
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
Hosts:
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value could not be deleted.
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM => Unable to delete Group Policy Restriction on software
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => Value could not be deleted.
"HKU\S-1-5-21-232082853-2929556137-3554894394-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-232082853-2929556137-3554894394-1000" => Key not found.
"HKU\S-1-5-21-232082853-2929556137-3554894394-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{275e97bd-78e1-11e0-a3f0-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{275e97bd-78e1-11e0-a3f0-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-232082853-2929556137-3554894394-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38663bfd-e7ab-11e2-bbc5-00158315a310}" => Key deleted successfully.
"HKCR\CLSID\{38663bfd-e7ab-11e2-bbc5-00158315a310}" => Key not found.
"HKU\S-1-5-21-232082853-2929556137-3554894394-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5bb0de84-1c73-11e4-b202-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{5bb0de84-1c73-11e4-b202-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-232082853-2929556137-3554894394-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72256ed0-2e94-11e3-be24-00241d7511ca}" => Key deleted successfully.
"HKCR\CLSID\{72256ed0-2e94-11e3-be24-00241d7511ca}" => Key not found.
"HKU\S-1-5-21-232082853-2929556137-3554894394-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9eb394a1-981f-11e0-888b-00158315a310}" => Key deleted successfully.
"HKCR\CLSID\{9eb394a1-981f-11e0-888b-00158315a310}" => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{4F07DA45-8170-4859-9B5F-037EF2970034} => Value could not be deleted.
"HKCR\CLSID\{4F07DA45-8170-4859-9B5F-037EF2970034}" => Key not found.
"HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Users\Rafau\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll not found.
"HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Users\Rafau\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
akg00eig => Error deleting Service
Could not move "C:\Windows\system32\Drivers\akg00eig.sys" => Scheduled to move on reboot.
C:\Users\Rafau\AppData\Roaming\uTorrent => Moved successfully.
C:\ProgramData\hpe5C3D.dll => Moved successfully.
C:\Users\Rafau\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcjj6zq.dll => Moved successfully.
C:\Users\Rafau\AppData\Local\Temp\op_install.dll => Moved successfully.
C:\Users\Rafau\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-23 22:52:20)<=

==> ATTENTION: System is not rebooted.
"C:\Windows\system32\Drivers\akg00eig.sys" => File could not move.

==== End of Fixlog ====

Also - step 2 is impossible to finish. External link points this tread - either left or right mouse clicked. Few previously anti-bug scan shown that file as dangerous. Problem is - it keeps generating itself over and over. Even getting it rid of in safe mode doesn't change a thing, so it's reason, not a source of problem.

Step 3 is made here:
TDSSKillerlog.txt
23:29:46.0148 0x0adc  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
23:29:54.0387 0x0adc  ============================================================
23:29:54.0387 0x0adc  Current date / time: 2014/09/23 23:29:54.0387
23:29:54.0387 0x0adc  SystemInfo:
23:29:54.0387 0x0adc  
23:29:54.0387 0x0adc  OS Version: 6.1.7600 ServicePack: 0.0
23:29:54.0387 0x0adc  Product type: Workstation
23:29:54.0387 0x0adc  ComputerName: SUPERXTRFULLWYP
23:29:54.0388 0x0adc  UserName: Rafau
23:29:54.0388 0x0adc  Windows directory: C:\Windows
23:29:54.0388 0x0adc  System windows directory: C:\Windows
23:29:54.0388 0x0adc  Processor architecture: Intel x86
23:29:54.0388 0x0adc  Number of processors: 4
23:29:54.0388 0x0adc  Page size: 0x1000
23:29:54.0388 0x0adc  Boot type: Normal boot
23:29:54.0388 0x0adc  ============================================================
23:29:57.0361 0x0adc  KLMD registered as C:\Windows\system32\drivers\94011899.sys
23:29:57.0825 0x0adc  System UUID: {BA5852C0-0E4F-BB6D-9842-1372055DDF47}
23:29:58.0545 0x0adc  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8BD5E00 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:29:58.0611 0x0adc  Drive \Device\Harddisk5\DR5 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:29:58.0644 0x0adc  ============================================================
23:29:58.0644 0x0adc  \Device\Harddisk0\DR0:
23:29:58.0644 0x0adc  MBR partitions:
23:29:58.0654 0x0adc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x18FFABFC
23:29:58.0654 0x0adc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18FFEAFC, BlocksNum 0x257FE07A
23:29:58.0654 0x0adc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3E800800, BlocksNum 0x18D45000
23:29:58.0654 0x0adc  \Device\Harddisk5\DR5:
23:29:58.0656 0x0adc  MBR partitions:
23:29:58.0656 0x0adc  \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x40, BlocksNum 0xC7FF53E
23:29:58.0656 0x0adc  \Device\Harddisk5\DR5\Partition2: MBR, Type 0x7, StartLBA 0xC7FF57E, BlocksNum 0x4AD45D83
23:29:58.0656 0x0adc  ============================================================
23:29:58.0671 0x0adc  C: <-> \Device\Harddisk0\DR0\Partition1
23:29:58.0759 0x0adc  D: <-> \Device\Harddisk0\DR0\Partition3
23:29:58.0858 0x0adc  Z: <-> \Device\Harddisk0\DR0\Partition2
23:29:58.0921 0x0adc  V: <-> \Device\Harddisk5\DR5\Partition1
23:29:59.0045 0x0adc  W: <-> \Device\Harddisk5\DR5\Partition2
23:29:59.0168 0x0adc  ============================================================
23:29:59.0169 0x0adc  Initialize success
23:29:59.0169 0x0adc  ============================================================
23:30:06.0023 0x04b4  ============================================================
23:30:06.0023 0x04b4  Scan started
23:30:06.0023 0x04b4  Mode: Manual;
23:30:06.0023 0x04b4  ============================================================
23:30:06.0023 0x04b4  KSN ping started
23:30:19.0909 0x04b4  KSN ping finished: true
23:30:24.0763 0x04b4  ================ Scan system memory ========================
23:30:24.0763 0x04b4  System memory - ok
23:30:24.0764 0x04b4  ================ Scan services =============================
23:30:24.0939 0x04b4  [ 6D2ACA41739BFE8CB86EE8E85F29697D, 74A4F53C8309A8E5E94CDE4D440DD5308566185E6D8D98FD08E70A25BD728C91 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
23:30:24.0943 0x04b4  1394ohci - ok
23:30:24.0974 0x04b4  [ F0E07D144C8685B8774BC32FC8DA4DF0, 39816ED2623CA9ABE2B2EDCDB2F8481634742F00FEEF7E324F34D2BAAD668A67 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
23:30:24.0981 0x04b4  ACPI - ok
23:30:24.0999 0x04b4  [ 98D81CA942D19F7D9153B095162AC013, ACE5C073323176621F3312AA9B1EE1A3382F8CDD590D90DC57B34035FD6BC281 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
23:30:25.0001 0x04b4  AcpiPmi - ok
23:30:25.0146 0x04b4  [ 478417180F25718FEB52EB28F406F05F, BD31A4F074C7E898322B37DD0F04D3B55CA0A7898FE75C933F2AE80F5AFB3A84 ] acssrv          C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
23:30:25.0195 0x04b4  acssrv - ok
23:30:25.0272 0x04b4  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:30:25.0274 0x04b4  AdobeARMservice - ok
23:30:25.0294 0x04b4  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:30:25.0303 0x04b4  adp94xx - ok
23:30:25.0328 0x04b4  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:30:25.0335 0x04b4  adpahci - ok
23:30:25.0353 0x04b4  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:30:25.0357 0x04b4  adpu320 - ok
23:30:25.0379 0x04b4  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:30:25.0381 0x04b4  AeLookupSvc - ok
23:30:25.0427 0x04b4  [ 0DB7A48388D54D154EBEC120461A0FCD, 567B65F96ADE0E8252B7D8CE7F254CB8054C3AE4BC3577C394EFDEF8D8A61427 ] AFD             C:\Windows\system32\drivers\afd.sys
23:30:25.0435 0x04b4  AFD - ok
23:30:25.0440 0x04b4  [ 3AFCD039393283E724A95A6555E682CA, 418421B4DE1013EE272EEB0E6550465EECE0195DCED1275C8B32B06897446911 ] afw             C:\Windows\system32\DRIVERS\afw.sys
23:30:25.0442 0x04b4  afw - ok
23:30:25.0488 0x04b4  [ 601EA608CE19E8A818231DD60DBED59D, E3095E2B99C4B8436DC835D4EE137E86EBF8B88C598C70F3BE9B49922A9DC587 ] afwcore         C:\Windows\system32\drivers\afwcore.sys
23:30:25.0496 0x04b4  afwcore - ok
23:30:25.0506 0x04b4  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
23:30:25.0508 0x04b4  agp440 - ok
23:30:25.0538 0x04b4  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
23:30:25.0540 0x04b4  aic78xx - ok
23:30:25.0553 0x04b4  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
23:30:25.0555 0x04b4  ALG - ok
23:30:25.0566 0x04b4  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
23:30:25.0568 0x04b4  aliide - ok
23:30:25.0632 0x04b4  ALSysIO - ok
23:30:25.0685 0x04b4  [ E608D708EFE1F8AE7160DB7C0DE4D8E6, 0A84AC2B46069B086AFA3D10AE563C03ED343F9C9318220D813E12072A7B6012 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:30:25.0690 0x04b4  AMD External Events Utility - ok
23:30:25.0737 0x04b4  AMD FUEL Service - ok
23:30:25.0764 0x04b4  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
23:30:25.0776 0x04b4  amdagp - ok
23:30:25.0820 0x04b4  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
23:30:25.0821 0x04b4  amdide - ok
23:30:25.0934 0x04b4  amdiox86 - ok
23:30:25.0958 0x04b4  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:30:25.0960 0x04b4  AmdK8 - ok
23:30:26.0218 0x04b4  [ F611C341A8B0926D6C2D6417464BD11E, 5E9296B7A0AE9203CDCC170A7FA7F4B2E4D7EF20A53CC6AFE832029FEC3E93FF ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:30:26.0394 0x04b4  amdkmdag - ok
23:30:26.0442 0x04b4  [ C08F6E9987D2AACFF9653ADB30C4DA3D, 24DCB857C0A8179296BA8D00C403D3633BA2A548B6E1A4ADF4DB3D047ACDA84F ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:30:26.0451 0x04b4  amdkmdap - ok
23:30:26.0474 0x04b4  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:30:26.0476 0x04b4  AmdPPM - ok
23:30:26.0496 0x04b4  [ 19CE906B4CDC11FC4FEF5745F33A63B6, 27BF91DB1FDC81CFCF0E0DCFD3C4AD51FCFB778D36F1E83105C2AFCF6851A4DF ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
23:30:26.0499 0x04b4  amdsata - ok
23:30:26.0516 0x04b4  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:30:26.0520 0x04b4  amdsbs - ok
23:30:26.0532 0x04b4  [ 869E67D66BE326A5A9159FBA8746FA70, 8F493A340F19FB39B5BD24EF8603812BECE7770544AB91817FF67236448569CB ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
23:30:26.0534 0x04b4  amdxata - ok
23:30:26.0551 0x04b4  Andbus - ok
23:30:26.0560 0x04b4  AndDiag - ok
23:30:26.0563 0x04b4  AndGps - ok
23:30:26.0565 0x04b4  ANDModem - ok
23:30:26.0568 0x04b4  androidusb - ok
23:30:26.0597 0x04b4  [ 66F4DE5876DC1A47BA1ACE909FA9AEEF, 2194C4323081E30E93DCA3602F276CBD6BE25256094E62332FA03B397962CE28 ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
23:30:26.0600 0x04b4  AODDriver4.01 - ok
23:30:26.0612 0x04b4  [ 66F4DE5876DC1A47BA1ACE909FA9AEEF, 2194C4323081E30E93DCA3602F276CBD6BE25256094E62332FA03B397962CE28 ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
23:30:26.0614 0x04b4  AODDriver4.2 - ok
23:30:26.0662 0x04b4  [ 2FAA725DD9BB22B2100E3010F8A72182, 070FF602CCCAAEF9E2B094E03983FD7F1BF0C0326612EB76593EABBF1BDA9103 ] AODDriver4.2.0  C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys
23:30:26.0664 0x04b4  AODDriver4.2.0 - ok
23:30:26.0698 0x04b4  [ 0AC2C9E7EDABE22BF2A088F8627C93EA, 25EAADF51B437B13959E19987662AE298D8A8EBEE87B3D9C997C0326628A64C8 ] AODService      C:\Program Files\AMD\OverDrive\AODAssist.exe
23:30:26.0702 0x04b4  AODService - ok
23:30:26.0716 0x04b4  [ FEB834C02CE1E84B6A38F953CA067706, E5A7F8B632ABFBD1283C3D44FB02449814EDB653B204E1720DAA780A6D64FD01 ] AppID           C:\Windows\system32\drivers\appid.sys
23:30:26.0717 0x04b4  AppID - ok
23:30:26.0735 0x04b4  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:30:26.0737 0x04b4  AppIDSvc - ok
23:30:26.0749 0x04b4  [ 7DEAD9E3F65DCB2794F2711003BBF650, F541C30EEFD1BDB70F361B878B6E51DC728873695DD137148CE531FBACCDA21B ] Appinfo         C:\Windows\System32\appinfo.dll
23:30:26.0751 0x04b4  Appinfo - ok
23:30:26.0771 0x04b4  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
23:30:26.0775 0x04b4  AppMgmt - ok
23:30:26.0792 0x04b4  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:30:26.0794 0x04b4  arc - ok
23:30:26.0811 0x04b4  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:30:26.0814 0x04b4  arcsas - ok
23:30:26.0894 0x04b4  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:30:26.0902 0x04b4  aspnet_state - ok
23:30:26.0953 0x04b4  [ C178A6A50E66B7145B957C05229F0B8D, 6EF677C9948ECCB75A8DC55AD4C6368734E62B982F3802E6FE55965291330CCD ] ASWFilt         C:\Windows\system32\Filt\ASWFilt.dll
23:30:26.0956 0x04b4  ASWFilt - ok
23:30:27.0006 0x04b4  [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
23:30:27.0008 0x04b4  aswHwid - ok
23:30:27.0054 0x04b4  [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
23:30:27.0056 0x04b4  aswMonFlt - ok
23:30:27.0087 0x04b4  [ A4614218584E41C31C7D1CBFF0432ED5, C9632FDB13FB0DD73A5FA5E2DFA5EFF97A9CD719DC0D28097B765077AD0FB3E7 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
23:30:27.0090 0x04b4  aswRdr - ok
23:30:27.0114 0x04b4  [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
23:30:27.0116 0x04b4  aswRvrt - ok
23:30:27.0159 0x04b4  [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
23:30:27.0177 0x04b4  aswSnx - ok
23:30:27.0211 0x04b4  [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
23:30:27.0221 0x04b4  aswSP - ok
23:30:27.0244 0x04b4  [ 83378AE48209388D0F9BD16A44D19EEC, 0BEBD1E425077D81B5439E90B2C518EA8B94F590B551F52289842012BA3BAB2C ] aswStm          C:\Windows\system32\drivers\aswStm.sys
23:30:27.0247 0x04b4  aswStm - ok
23:30:27.0254 0x04b4  [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
23:30:27.0258 0x04b4  aswVmm - ok
23:30:27.0276 0x04b4  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:30:27.0278 0x04b4  AsyncMac - ok
23:30:27.0281 0x04b4  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
23:30:27.0282 0x04b4  atapi - ok
23:30:27.0315 0x04b4  [ 84FAF3D287D56D210F84DB7C1349D43B, BF5660AFCA58D853179BCF7CAAC469C525AEE07F60DA7F030D0AB585593FAAA5 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
23:30:27.0320 0x04b4  AtiHDAudioService - ok
23:30:27.0353 0x04b4  [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:30:27.0363 0x04b4  AudioEndpointBuilder - ok
23:30:27.0374 0x04b4  [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:30:27.0382 0x04b4  Audiosrv - ok
23:30:27.0429 0x04b4  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:30:27.0431 0x04b4  avast! Antivirus - ok
23:30:27.0450 0x04b4  [ DD6A431B43E34B91A767D1CE33728175, 8BFF6474C9DFBEC96FA7B2789EF9B17C7910B52DBCF70CDA1F0C698CFA5EFB6E ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:30:27.0453 0x04b4  AxInstSV - ok
23:30:27.0489 0x04b4  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
23:30:27.0499 0x04b4  b06bdrv - ok
23:30:27.0519 0x04b4  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:30:27.0524 0x04b4  b57nd60x - ok
23:30:27.0546 0x04b4  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
23:30:27.0549 0x04b4  BDESVC - ok
23:30:27.0560 0x04b4  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:30:27.0561 0x04b4  Beep - ok
23:30:27.0588 0x04b4  [ 85AC71C045CEB054ED48A7841AAE0C11, BA0C0CC50E5C49838116AC9A12A7CF1A683601FD08D3CF6EC06620C51C0806FF ] BFE             C:\Windows\System32\bfe.dll
23:30:27.0599 0x04b4  BFE - ok
23:30:27.0644 0x04b4  [ 53F476476F55A27F580661BDE09C4EC4, 90DFBF97F011CFF41D2CFA2E33978BC746A7E693AC75EED1436130C4F10B4E67 ] BITS            C:\Windows\System32\qmgr.dll
23:30:27.0693 0x04b4  BITS - ok
23:30:27.0718 0x04b4  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:30:27.0720 0x04b4  blbdrive - ok
23:30:27.0750 0x04b4  BlueletAudio - ok
23:30:27.0784 0x04b4  [ 9A5C671B7FBAE4865149BB11F59B91B2, BE1D5901CB8EF20E34F711D6451BDFBCA4BD65AFAD6028964C5CE1673D94FBAD ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:30:27.0787 0x04b4  bowser - ok
23:30:27.0806 0x04b4  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:30:27.0807 0x04b4  BrFiltLo - ok
23:30:27.0823 0x04b4  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:30:27.0825 0x04b4  BrFiltUp - ok
23:30:27.0850 0x04b4  [ A0E691DC6589D4D2CBE373171D1A49E5, 66BAED3EF7AFE0FB4304FC97ABE2BB106ADE1A956F89DCB52E70F30239461D05 ] Browser         C:\Windows\System32\browser.dll
23:30:27.0854 0x04b4  Browser - ok
23:30:27.0870 0x04b4  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:30:27.0877 0x04b4  Brserid - ok
23:30:27.0887 0x04b4  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:30:27.0889 0x04b4  BrSerWdm - ok
23:30:27.0902 0x04b4  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:30:27.0903 0x04b4  BrUsbMdm - ok
23:30:27.0918 0x04b4  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:30:27.0919 0x04b4  BrUsbSer - ok
23:30:27.0938 0x04b4  BT - ok
23:30:27.0962 0x04b4  [ 4813DF77EDE536A52E3737971F910BAA, 31BC0DEB6B4C0F3F54A651F0AA848E502A7D259448C823A4DB019F4FBB13C9E5 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
23:30:27.0964 0x04b4  BTCFilterService - ok
23:30:27.0971 0x04b4  BTCOM - ok
23:30:27.0975 0x04b4  Btcsrusb - ok
23:30:27.0990 0x04b4  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
23:30:27.0992 0x04b4  BthEnum - ok
23:30:28.0012 0x04b4  [ 23D8BE3DB4CC293479A39BE412AAFE68, 65714CD1E9504CEFEF6DAC09388E0874C30DB6F4CF663261876664555EE97661 ] BtHidBus        C:\Windows\system32\Drivers\BtHidBus.sys
23:30:28.0014 0x04b4  BtHidBus - ok
23:30:28.0017 0x04b4  BTHidEnum - ok
23:30:28.0034 0x04b4  BTHidMgr - ok
23:30:28.0051 0x04b4  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:30:28.0053 0x04b4  BTHMODEM - ok
23:30:28.0073 0x04b4  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:30:28.0076 0x04b4  BthPan - ok
23:30:28.0112 0x04b4  [ 04CEDA17A195924070B01174CB1F9AF8, 01095271F02B5C95F32C08812F2557CCFECBBC4EBAB56C91AFC9B367C717DF15 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
23:30:28.0121 0x04b4  BTHPORT - ok
23:30:28.0141 0x04b4  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
23:30:28.0144 0x04b4  bthserv - ok
23:30:28.0148 0x04b4  [ 80E6384BEEC03B8BD45EDEA29802D657, FBFCC6FE940AFD522D781B054AA24668B2C6DBFAAC0FC754FDBBC8230AAAE682 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
23:30:28.0150 0x04b4  BTHUSB - ok
23:30:28.0175 0x04b4  [ 248DFA5762DDE38DFDDBBD44149E9D7A, D696D5698B7B5B331A6ED39172015349685450D10F63B1E4D4112199198FA5C7 ] BVRPMPR5        C:\Windows\system32\drivers\BVRPMPR5.SYS
23:30:28.0197 0x04b4  BVRPMPR5 - ok
23:30:28.0208 0x04b4  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:30:28.0211 0x04b4  cdfs - ok
23:30:28.0222 0x04b4  [ BA6E70AA0E6091BC39DE29477D866A77, A17A68BDA46995F75FB1C2C593A81CD3B2BFE290CEAA45FA2380DDF5537A23C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:30:28.0225 0x04b4  cdrom - ok
23:30:28.0250 0x04b4  [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:30:28.0252 0x04b4  CertPropSvc - ok
23:30:28.0271 0x04b4  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:30:28.0273 0x04b4  circlass - ok
23:30:28.0329 0x04b4  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
23:30:28.0335 0x04b4  CLFS - ok
23:30:28.0378 0x04b4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:30:28.0381 0x04b4  clr_optimization_v2.0.50727_32 - ok
23:30:28.0402 0x04b4  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:30:28.0422 0x04b4  clr_optimization_v4.0.30319_32 - ok
23:30:28.0443 0x04b4  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:30:28.0445 0x04b4  CmBatt - ok
23:30:28.0456 0x04b4  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
23:30:28.0458 0x04b4  cmdide - ok
23:30:28.0470 0x04b4  cmudaxp - ok
23:30:28.0500 0x04b4  [ DB5E008B3744DD60C8498CBBF2A1CFA6, 1D851BF2433A953B32438A911D194C9DB42A52CD6E8DA296CA3C8DD2CCA83381 ] CNG             C:\Windows\system32\Drivers\cng.sys
23:30:28.0508 0x04b4  CNG - ok
23:30:28.0526 0x04b4  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:30:28.0528 0x04b4  Compbatt - ok
23:30:28.0544 0x04b4  [ F1724BA27E97D627F808FB0BA77A28A6, F7D69082EEFEC0FB8B309F6AEE282D4A5DFC1A40851ED65904AA9582C5DEA5AB ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:30:28.0546 0x04b4  CompositeBus - ok
23:30:28.0549 0x04b4  COMSysApp - ok
23:30:28.0575 0x04b4  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:30:28.0577 0x04b4  crcdisk - ok
23:30:28.0602 0x04b4  [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED, 579D206CF49FB78C2D9BA29A9C57489B7875242EB618019CB7B8D336C70A09E6 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:30:28.0607 0x04b4  CryptSvc - ok
23:30:28.0656 0x04b4  [ 27C9490BDD0AE48911AB8CF1932591ED, 751F576F797F8A7BA576C32598BD6FD2E60D4FACC7836CC5BA3F68C38D27CCCA ] CSC             C:\Windows\system32\drivers\csc.sys
23:30:28.0665 0x04b4  CSC - ok
23:30:28.0695 0x04b4  [ 56FB5F222EA30D3D3FC459879772CB73, 2C4646774575858E26DBA9C73853E06D0BD18CC8A4C73C633071FF5FE04CA0F4 ] CscService      C:\Windows\System32\cscsvc.dll
23:30:28.0706 0x04b4  CscService - ok
23:30:28.0747 0x04b4  [ EC0CC1AA9ABFE9A32DAA66832CB06271, 0AAFAFEE82CAD14F4B4651751851DE1147E45A3E63394EF8EC57EE4DAFF817BE ] CYUSB           C:\Windows\system32\Drivers\CYUSB.sys
23:30:28.0749 0x04b4  CYUSB - ok
23:30:28.0764 0x04b4  [ AEBC0EAB172328E28A44D979D5C57623, 229CD2C7F0C29C8A977B7C2DF93EBBEDDD925DFB4015C3DCF356470AD2EE7704 ] DAdderFltr      C:\Windows\system32\drivers\dadder.sys
23:30:28.0766 0x04b4  DAdderFltr - ok
23:30:28.0785 0x04b4  [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:30:28.0795 0x04b4  DcomLaunch - ok
23:30:28.0863 0x04b4  [ F33959A8E4A8B689E2194F9531528994, 6F4165C15BA672F6414DB7B8AECD66CE13F4905E0C3A7889AF71C33B1D49C859 ] DefragFS        C:\Windows\system32\drivers\DefragFS.sys
23:30:28.0867 0x04b4  DefragFS - ok
23:30:28.0904 0x04b4  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
23:30:28.0910 0x04b4  defragsvc - ok
23:30:28.0942 0x04b4  [ 83D1ECEA8FAAE75604C0FA49AC7AD996, 0EB4F374CB91AFF12ABC7EFC7858BDB6E58B50FCE0ADA1711F90FF592059DA40 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:30:28.0945 0x04b4  DfsC - ok
23:30:28.0985 0x04b4  [ C56495FBD770712367CAD35E5DE72DA6, 9D5456A2E208F542F0B6C951EFCABA2A10919777C4287D7298A28F543D5BAC32 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:30:28.0992 0x04b4  Dhcp - ok
23:30:29.0042 0x04b4  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
23:30:29.0044 0x04b4  discache - ok
23:30:29.0049 0x04b4  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:30:29.0051 0x04b4  Disk - ok
23:30:29.0084 0x04b4  [ B15BE77A2BACF9C3177D27518AFE26A9, FBF02038C2EC0262B401FCBD348C48DF184AD76E95643E3D6ED32C02E90D8FC9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:30:29.0089 0x04b4  Dnscache - ok
23:30:29.0103 0x04b4  [ 4408C85C21EEA48EB0CE486BAEEF0502, 67EA726F4053665D94D7790EC89616EA0698A7548073A9211E3F75937B4384BE ] dot3svc         C:\Windows\System32\dot3svc.dll
23:30:29.0109 0x04b4  dot3svc - ok
23:30:29.0119 0x04b4  [ 7FA81C6E11CAA594ADB52084DA73A1E5, 9ED1C585D9CA091E75E4A2A1E5B923B104EBDC5FC9D12154DE909C583E4D0CAE ] DPS             C:\Windows\system32\dps.dll
23:30:29.0124 0x04b4  DPS - ok
23:30:29.0140 0x04b4  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:30:29.0142 0x04b4  drmkaud - ok
23:30:29.0212 0x04b4  [ 1679A4669326CB1A67CC95658D273234, 57429EC10744956635CAE0742320D7C03B3EEA0CB1F5769AEF21C054C0B5E498 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:30:29.0227 0x04b4  DXGKrnl - ok
23:30:29.0256 0x04b4  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
23:30:29.0260 0x04b4  EapHost - ok
23:30:29.0347 0x04b4  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
23:30:29.0408 0x04b4  ebdrv - ok
23:30:29.0438 0x04b4  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] EFS             C:\Windows\System32\lsass.exe
23:30:29.0441 0x04b4  EFS - ok
23:30:29.0489 0x04b4  [ 1697C39978CD69F6FBC15302EDCECE1F, E496FAE102EE33EBD35AC745E8647976DB9F91EF78E54EB962FF2D04D45B561A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:30:29.0500 0x04b4  ehRecvr - ok
23:30:29.0526 0x04b4  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
23:30:29.0529 0x04b4  ehSched - ok
23:30:29.0568 0x04b4  [ A32BDA91E09B6AB885DF7530EDA54FE1, 17A5C459E601FE4317FCFAAEDD50C91441FD0AE21AEE9F3931D91D8929FFE0EB ] EL90x           C:\Windows\system32\DRIVERS\el90XND5.SYS
23:30:29.0572 0x04b4  EL90x - ok
23:30:29.0590 0x04b4  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:30:29.0600 0x04b4  elxstor - ok
23:30:29.0664 0x04b4  [ E2682EF874C377D51E28263FECE701A1, 7369AA38714060D1A0F5668EF197A76E0AF2F65CAD0062368BD48835DC58EFBD ] Envy24HFS       C:\Windows\system32\drivers\Envy24HF.sys
23:30:29.0678 0x04b4  Envy24HFS - ok
23:30:29.0694 0x04b4  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
23:30:29.0695 0x04b4  ErrDev - ok
23:30:29.0733 0x04b4  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
23:30:29.0740 0x04b4  EventSystem - ok
23:30:29.0757 0x04b4  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:30:29.0761 0x04b4  exfat - ok
23:30:29.0785 0x04b4  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:30:29.0789 0x04b4  fastfat - ok
23:30:29.0814 0x04b4  [ F7EA23CC5E6BF2181F3F399D54F6EFC1, 4659A2EDC5D5171668FB20BED7B56466A674876888519D6F524F7456EBD11263 ] Fax             C:\Windows\system32\fxssvc.exe
23:30:29.0826 0x04b4  Fax - ok
23:30:29.0837 0x04b4  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:30:29.0839 0x04b4  fdc - ok
23:30:29.0853 0x04b4  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
23:30:29.0855 0x04b4  fdPHost - ok
23:30:29.0866 0x04b4  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:30:29.0868 0x04b4  FDResPub - ok
23:30:29.0882 0x04b4  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:30:29.0884 0x04b4  FileInfo - ok
23:30:29.0890 0x04b4  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:30:29.0892 0x04b4  Filetrace - ok
23:30:29.0980 0x04b4  [ ACEFEEA621DCA62EFB7A7EEA59F5E91B, 1D998E25B2C4C2DB51BF5E76BD0EFCA172CFC9BC16AFE7044BFC7A9FCF346154 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:30:30.0001 0x04b4  FLEXnet Licensing Service - ok
23:30:30.0017 0x04b4  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:30:30.0018 0x04b4  flpydisk - ok
23:30:30.0037 0x04b4  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:30:30.0043 0x04b4  FltMgr - ok
23:30:30.0077 0x04b4  [ 7FE4995528A7529A761875151EE3D512, 63F062A8E6AA9AEF39A46E94ADD548C72B4E21C1090DE9CBDCFB3F4489637BAF ] FontCache       C:\Windows\system32\FntCache.dll
23:30:30.0094 0x04b4  FontCache - ok
23:30:30.0150 0x04b4  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:30:30.0152 0x04b4  FontCache3.0.0.0 - ok
23:30:30.0170 0x04b4  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:30:30.0182 0x04b4  FsDepends - ok
23:30:30.0235 0x04b4  [ 500A9814FD9446A8126858A5A7F7D273, FB9607A43B8DDA87A449A3BFEBDC035F00BA7B5D9CC56AD5F310732A38F56A46 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:30:30.0237 0x04b4  Fs_Rec - ok
23:30:30.0262 0x04b4  [ 4732E596BB1C50D9F9188C5074EE7782, 465E47C6AFA53B7CAFED5C61A5D832E7B3A1A33F82E1F11A472B84CD24D2ED55 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:30:30.0268 0x04b4  fvevol - ok
23:30:30.0297 0x04b4  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:30:30.0299 0x04b4  gagp30kx - ok
23:30:30.0335 0x04b4  [ 007AEA2E06E7CEF7372E40C277163959, 805906ADC7C5473B767932A552FEC7500D0F3F7CB45D8DEFE6A1567F2038EF88 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
23:30:30.0338 0x04b4  ggflt - ok
23:30:30.0355 0x04b4  [ C73DE35960CA75C5AB4AE636B127C64E, 0C22EECD64CC06AB820ED6A2E76FBC7AB072379FD14837CF95BA3EF105ABB745 ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
23:30:30.0357 0x04b4  ggsemc - ok
23:30:30.0389 0x04b4  [ 8BA3C04702BF8F927AB36AE8313CA4EE, 3B6460C8134AA9D6E4FB978201B35FE9B67DD5BBB6C8D9625F3097DDA30C2893 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:30:30.0402 0x04b4  gpsvc - ok
23:30:30.0472 0x04b4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:30:30.0475 0x04b4  gupdate - ok
23:30:30.0479 0x04b4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:30:30.0481 0x04b4  gupdatem - ok
23:30:30.0515 0x04b4  [ 7929A161F9951D173CA9900FE7067391, 35F329B3476D34E02C31B8050E1AB8C74BA0F3114A6B48AFED8F98751EFF44AB ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
23:30:30.0517 0x04b4  hamachi - ok
23:30:30.0529 0x04b4  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:30:30.0531 0x04b4  hcw85cir - ok
23:30:30.0560 0x04b4  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F, 6706B8AD211A4B89B6571ACD227412026EAD87D71456B3EC6E7DD8FA15B997BE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:30:30.0567 0x04b4  HdAudAddService - ok
23:30:30.0595 0x04b4  [ 717A2207FD6F13AD3E664C7D5A43C7BF, BF28A6F00B64FA0E801493E3289CFFD5E313E724DF7B5AB521C9E37A20890DCF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:30:30.0598 0x04b4  HDAudBus - ok
23:30:30.0621 0x04b4  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:30:30.0622 0x04b4  HidBatt - ok
23:30:30.0638 0x04b4  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:30:30.0641 0x04b4  HidBth - ok
23:30:30.0669 0x04b4  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:30:30.0671 0x04b4  HidIr - ok
23:30:30.0687 0x04b4  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
23:30:30.0690 0x04b4  hidserv - ok
23:30:30.0704 0x04b4  [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:30:30.0705 0x04b4  HidUsb - ok
23:30:30.0723 0x04b4  [ 741C2A45CA8407E374AABA3E330B7872, FCF31C46297CFDF8240F0E783A61C8463FEDB1EF7A676AB89DFF0EAE9F3534B4 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:30:30.0742 0x04b4  hkmsvc - ok
23:30:30.0775 0x04b4  [ A768CA158BB06782A2835B907F4873C3, EFF736C6BA38FB8FC8807286AB273E7274F505E8E59D952E8563DF77C412C5AE ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:30:30.0781 0x04b4  HomeGroupListener - ok
23:30:30.0833 0x04b4  [ FB08DEC5EF43D0C66D83B8E9694E7549, 9C9ECE9E90F524791FC5DCE797BAE39605F966592126FF058BA3FA0BEFD07BEB ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:30:30.0839 0x04b4  HomeGroupProvider - ok
23:30:30.0855 0x04b4  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
23:30:30.0860 0x04b4  HpSAMD - ok
23:30:30.0898 0x04b4  [ C531C7FD9E8B62021112787C4E2C5A5A, 09205E2A5BFB6C623B312B8AC82F7F7CA8A922B1D9A0E3952BD3BA47BBE1F18C ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:30:30.0909 0x04b4  HTTP - ok
23:30:30.0969 0x04b4  [ 8305F33CDE89AD6C7A0763ED0B5A8D42, A7CA4978DC1FF6105EA39124DF854F0B1FD478476B871ED0E018AF3AE2165282 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:30:30.0971 0x04b4  hwpolicy - ok
23:30:30.0995 0x04b4  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:30:31.0012 0x04b4  i8042prt - ok
23:30:31.0033 0x04b4  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9, 3AF6B8220E5081C79951979FE59E980C0309C826E201AE286D3B42CD2BA8145F ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
23:30:31.0040 0x04b4  iaStorV - ok
23:30:31.0145 0x04b4  [ 5AF815EB5BC9802E5A064E2BA62BFC0C, DC8CED05F623D30C57E8A7A382A219B4266C9C766ABF8A8D71783EACB8607B82 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:30:31.0165 0x04b4  idsvc - ok
23:30:31.0185 0x04b4  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:30:31.0195 0x04b4  iirsp - ok
23:30:31.0246 0x04b4  [ FAC0EE6562B121B1399D6E855583F7A5, 034C9EE9232EB2CE64297EC4BCBEB5DA443ED9176C436CC754EF84FFB4AD4B08 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:30:31.0264 0x04b4  IKEEXT - ok
23:30:31.0412 0x04b4  [ 20A7EFCBC7C1B7492B1B8443E95F80C8, 817098257B63BF31E16F081FAE8ADDD8F3232E1D148E5F5327CC0653193B8107 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:30:31.0594 0x04b4  IntcAzAudAddService - ok
23:30:31.0615 0x04b4  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
23:30:31.0617 0x04b4  intelide - ok
23:30:31.0632 0x04b4  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:30:31.0635 0x04b4  intelppm - ok
23:30:31.0651 0x04b4  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:30:31.0655 0x04b4  IPBusEnum - ok
23:30:31.0668 0x04b4  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:30:31.0670 0x04b4  IpFilterDriver - ok
23:30:31.0698 0x04b4  [ 477397B432A256A50EE7E4339EB9EA14, 3722938E69D16962F773F39669E9B90279DC9527BBC63564B33C89DAFD283497 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:30:31.0709 0x04b4  iphlpsvc - ok
23:30:31.0716 0x04b4  [ E4454B6C37D7FFD5649611F6496308A7, 5B2AA8C06076C9A1FF944E5EA07C29BA7FABEBB38E6BFB388ED46933EAC465FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:30:31.0719 0x04b4  IPMIDRV - ok
23:30:31.0746 0x04b4  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:30:31.0749 0x04b4  IPNAT - ok
23:30:31.0758 0x04b4  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:30:31.0759 0x04b4  IRENUM - ok
23:30:31.0781 0x04b4  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
23:30:31.0783 0x04b4  isapnp - ok
23:30:31.0807 0x04b4  [ ED46C223AE46C6866AB77CDC41C404B7, 1B2A4A3FF0E5F8F02717F20983D57612D62DFF809064A7E524700E7254BB7DB3 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:30:31.0812 0x04b4  iScsiPrt - ok
23:30:31.0843 0x04b4  [ 9F837F81E589E8A5DB395F29C3D51305, 9824FCB156CE0AC1CFE6BA4E16E2610CA3C376C300CE86AA37F7472130A4A864 ] IvtAudioBusSrv  C:\Windows\system32\Drivers\IvtBtBus.sys
23:30:31.0845 0x04b4  IvtAudioBusSrv - ok
23:30:31.0862 0x04b4  IvtComBusSrv - ok
23:30:31.0876 0x04b4  [ D6C88ED83EEAF879B8E5CFFCDBD22B12, 5E459937D33256455BF44E53E8839A04425C51C1749438007428D04F4905D83F ] IvtPanBusSrv    C:\Windows\system32\Drivers\btnetBus.sys
23:30:31.0878 0x04b4  IvtPanBusSrv - ok
23:30:31.0906 0x04b4  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:30:31.0908 0x04b4  kbdclass - ok
23:30:31.0929 0x04b4  [ 3D9F0EBF350EDCFD6498057301455964, B3CB5F0C045B06C86E683F3C67DC0D4E37AF16E20B189B05C926A5A7011438FB ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:30:31.0930 0x04b4  kbdhid - ok
23:30:31.0943 0x04b4  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] KeyIso          C:\Windows\system32\lsass.exe
23:30:31.0945 0x04b4  KeyIso - ok
23:30:31.0983 0x04b4  [ 52FC17C8589F11747D01D3CF592673D0, 0D432F14DF6A0964947FADF4AFBCC195946A68230DC17FA610CC000BB0C921A7 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:30:31.0985 0x04b4  KSecDD - ok
23:30:32.0011 0x04b4  [ 3E5474B03568CFAB834DA3C38E8C9EFA, 1223B99AD86905C34BC95C61DA894F36567F4A23EA7E32E955133C5B2FD558DB ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:30:32.0014 0x04b4  KSecPkg - ok
23:30:32.0048 0x04b4  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:30:32.0057 0x04b4  KtmRm - ok
23:30:32.0102 0x04b4  [ 8F6BF790D3168224C16F2AF68A84438C, CEEA0E38B746163A4110E157DAB50CC35A689A5BBC9B3691F2B9D3AE49B0D95E ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:30:32.0109 0x04b4  LanmanServer - ok
23:30:32.0134 0x04b4  [ B9891F885DCF1F0513A51CB58493CB1F, C883D243E1E7B7AEA031FB90FE4FCEED631F835DC95F9D9D60BC554E6EC358C2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:30:32.0140 0x04b4  LanmanWorkstation - ok
23:30:32.0156 0x04b4  LgBttPort - ok
23:30:32.0159 0x04b4  lgbusenum - ok
23:30:32.0162 0x04b4  LGVMODEM - ok
23:30:32.0172 0x04b4  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:30:32.0186 0x04b4  lltdio - ok
23:30:32.0212 0x04b4  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:30:32.0218 0x04b4  lltdsvc - ok
23:30:32.0222 0x04b4  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:30:32.0225 0x04b4  lmhosts - ok
23:30:32.0251 0x04b4  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:30:32.0254 0x04b4  LSI_FC - ok
23:30:32.0278 0x04b4  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:30:32.0281 0x04b4  LSI_SAS - ok
23:30:32.0307 0x04b4  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:30:32.0310 0x04b4  LSI_SAS2 - ok
23:30:32.0320 0x04b4  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:30:32.0323 0x04b4  LSI_SCSI - ok
23:30:32.0341 0x04b4  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:30:32.0344 0x04b4  luafv - ok
23:30:32.0373 0x04b4  [ A730FC8671A60666D6E877C544DD7CD4, 6A94097509BC1A83097709FB3B4BE753733AA60D8D9A665C646D582270F369BE ] LVUSBSta        C:\Windows\system32\drivers\lvusbsta.sys
23:30:32.0375 0x04b4  LVUSBSta - ok
23:30:32.0397 0x04b4  [ FEE74A4398896793A62C6E8423EDBD41, D9B54ECD9CDF16B060EA3E3E3BECFB3CEFF955BC54F1CA96C3202BD87FA7C398 ] LycoFltr        C:\Windows\system32\Drivers\Lycosa.sys
23:30:32.0399 0x04b4  LycoFltr - ok
23:30:32.0434 0x04b4  [ E2B0887816ED336685954E3D8FDAA51D, 4DCB08ADC6A89DCA68D1285734B283B567888EF72249F6BBA73A63D1BD462466 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:30:32.0438 0x04b4  Mcx2Svc - ok
23:30:32.0517 0x04b4  [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
23:30:32.0525 0x04b4  MDM - ok
23:30:32.0547 0x04b4  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:30:32.0549 0x04b4  megasas - ok
23:30:32.0565 0x04b4  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:30:32.0570 0x04b4  MegaSR - ok
23:30:32.0588 0x04b4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
23:30:32.0592 0x04b4  MMCSS - ok
23:30:32.0617 0x04b4  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
23:30:32.0619 0x04b4  Modem - ok
23:30:32.0644 0x04b4  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:30:32.0646 0x04b4  monitor - ok
23:30:32.0687 0x04b4  [ 0A43169E115B5E9346A4BA1EFFCB04CB, 34188FD835373EFB402F5F90545B78434CBB3D66CA2CAF34A63E9C993BD4C229 ] motandroidusb   C:\Windows\system32\Drivers\motoandroid.sys
23:30:32.0689 0x04b4  motandroidusb - ok
23:30:32.0730 0x04b4  [ F55572B150DB90CDBD95038ED287EB50, 2A8B136BC9BEA63C3D7C414C799E15DB1CB80A4F3511AC4EEF78B8F1C8716D4A ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
23:30:32.0733 0x04b4  motccgp - ok
23:30:32.0764 0x04b4  [ 1B3720C4D16904756D49EF306706B978, F94F55598B711A84B50DB3AC57050042CE89C03EA2838B7278C0A52EDB688022 ] motccgpfl       C:\Windows\system32\DRIVERS\motccgpfl.sys
23:30:32.0765 0x04b4  motccgpfl - ok
23:30:32.0797 0x04b4  [ B5DF98B8FD04204F4571FE0161288B98, 7B8E28ECECFD2EC15ACD8C35F3BA42C8C003D4C5387137E14152D033009EF620 ] motmodem        C:\Windows\system32\DRIVERS\motmodem.sys
23:30:32.0799 0x04b4  motmodem - ok
23:30:32.0844 0x04b4  [ FDF0D78147DA8B2A93FE42D9A14C1B0B, F5855E691938BBFAC4A16BFAC8029BD20E1FA5A260ECD256BE2CBC0E24CDC2CD ] Motorola Device Manager C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
23:30:32.0847 0x04b4  Motorola Device Manager - ok
23:30:32.0868 0x04b4  [ 140176B235722B6B92B56910ACDF3CC0, B8CA65949ED9755D7A15A8656FA4677EBAFB1FF2EB99A37B3D750D816008E981 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
23:30:32.0870 0x04b4  MotoSwitchService - ok
23:30:32.0893 0x04b4  [ 28938D6403C55289B7670798C075EF02, 78C5B093CAF1542E092FC8C49B1F1948B98F1467AFEA47BEBF1A6FCFBF68989A ] Motousbnet      C:\Windows\system32\DRIVERS\Motousbnet.sys
23:30:32.0895 0x04b4  Motousbnet - ok
23:30:32.0922 0x04b4  [ F780C53D98A0AAD28F5B7403B184AEA1, EAAF04744820F03AC7D7EB42642B3EBA07DDF7C6761622A68823B608A0D3A071 ] motusbdevice    C:\Windows\system32\DRIVERS\motusbdevice.sys
23:30:32.0924 0x04b4  motusbdevice - ok
23:30:32.0935 0x04b4  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:30:32.0937 0x04b4  mouclass - ok
23:30:32.0951 0x04b4  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:30:32.0953 0x04b4  mouhid - ok
23:30:32.0959 0x04b4  [ 921C18727C5920D6C0300736646931C2, 19ACE502982E9C5B0134676102EAEE96675C9CA237E410DB36C389D6B4078301 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:30:32.0962 0x04b4  mountmgr - ok
23:30:32.0978 0x04b4  [ 2AF5997438C55FB79D33D015C30E1974, E8F048A02FEB400C133D0BFC1659921E73B59549E3F7D2A13929901B87A1901F ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
23:30:32.0982 0x04b4  mpio - ok
23:30:33.0006 0x04b4  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:30:33.0009 0x04b4  mpsdrv - ok
23:30:33.0051 0x04b4  [ 5CD996CECF45CBC3E8D109C86B82D69E, ABE40DA4DA555D3D5054BE28BF82E775D90DCB9E31409DC95FABF2F016B17700 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:30:33.0065 0x04b4  MpsSvc - ok
23:30:33.0085 0x04b4  [ B1BE47008D20E43DA3ADC37C24CDB89D, 6E8555E84B42E5098227B35EA5ABADF2CD3AC247B37CB9E9304FF67064EBE59B ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:30:33.0088 0x04b4  MRxDAV - ok
23:30:33.0133 0x04b4  [ CA7570E42522E24324A12161DB14EC02, E4DA5EDC7CBCC9E601543071A49347A0AA3EB4EAC205E342A1F2768FD785D08F ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:30:33.0137 0x04b4  mrxsmb - ok
23:30:33.0195 0x04b4  [ F965C3AB2B2AE5C378F4562486E35051, 5FFDD5531B98FF0EA19A901C4EE1CE6043C245A4BE5533A495E331B5834D696B ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:30:33.0207 0x04b4  mrxsmb10 - ok
23:30:33.0254 0x04b4  [ 25C38264A3C72594DD21D355D70D7A5D, DCEF2DEBB1859FED6FC7A19D13A841B6B6CA10577E12F116D0EB2D2B8C72A4A1 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:30:33.0257 0x04b4  mrxsmb20 - ok
23:30:33.0279 0x04b4  [ 4326D168944123F38DD3B2D9C37A0B12, 322AE93418BE3BA6B3E11C86431EC3F4B23CADC3B968B92978A08A7C0D0D8902 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
23:30:33.0281 0x04b4  msahci - ok
23:30:33.0301 0x04b4  [ 455029C7174A2DBB03DBA8A0D8BDDD9A, 614D71978B024109ADD9A7A74F74ABD5FAA1C36A2E859AF288398EAE7CD76DF2 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
23:30:33.0305 0x04b4  msdsm - ok
23:30:33.0327 0x04b4  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
23:30:33.0333 0x04b4  MSDTC - ok
23:30:33.0370 0x04b4  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:30:33.0372 0x04b4  Msfs - ok
23:30:33.0402 0x04b4  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:30:33.0404 0x04b4  mshidkmdf - ok
23:30:33.0416 0x04b4  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
23:30:33.0417 0x04b4  msisadrv - ok
23:30:33.0446 0x04b4  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:30:33.0450 0x04b4  MSiSCSI - ok
23:30:33.0453 0x04b4  msiserver - ok
23:30:33.0480 0x04b4  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:30:33.0481 0x04b4  MSKSSRV - ok
23:30:33.0498 0x04b4  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:30:33.0500 0x04b4  MSPCLOCK - ok
23:30:33.0511 0x04b4  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:30:33.0512 0x04b4  MSPQM - ok
23:30:33.0519 0x04b4  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:30:33.0523 0x04b4  MsRPC - ok
23:30:33.0567 0x04b4  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:30:33.0569 0x04b4  mssmbios - ok
23:30:33.0580 0x04b4  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:30:33.0599 0x04b4  MSTEE - ok
23:30:33.0613 0x04b4  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:30:33.0614 0x04b4  MTConfig - ok
23:30:33.0650 0x04b4  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:30:33.0652 0x04b4  Mup - ok
23:30:33.0685 0x04b4  [ 80284F1985C70C86F0B5F86DA2DFE1DF, 424A5BBC28C72DA0DBABEB9E423B8C409754CD1BA3DFC9E174BF22D8BCE1BE63 ] napagent        C:\Windows\system32\qagentRT.dll
23:30:33.0694 0x04b4  napagent - ok
23:30:33.0712 0x04b4  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:30:33.0719 0x04b4  NativeWifiP - ok
23:30:33.0751 0x04b4  [ 23759D175A0A9BAAF04D05047BC135A8, 2C8C553B4E1ED3A644F619F16BCEDD5A3C6D74A17E6E75A3E740E06B1D636348 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:30:33.0765 0x04b4  NDIS - ok
23:30:33.0779 0x04b4  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:30:33.0787 0x04b4  NdisCap - ok
23:30:33.0836 0x04b4  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:30:33.0847 0x04b4  NdisTapi - ok
23:30:33.0888 0x04b4  [ B30AE7F2B6D7E343B0DF32E6C08FCE75, 39BBBF7AF886732CB9ED3E6C06DA4318554089F3BEA74C74328FE1C6EF68E70B ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:30:33.0896 0x04b4  Ndisuio - ok
23:30:33.0980 0x04b4  [ 267C415EADCBE53C9CA873DEE39CF3A4, BAA8626BDA7B68176B19A99FBBD40FB2A774C8F44B56F9FFB99A1F5C16A1C555 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:30:33.0990 0x04b4  NdisWan - ok
23:30:34.0013 0x04b4  [ AF7E7C63DCEF3F8772726F86039D6EB4, 1CFDED48E8844138864786DBF9D5519162A6DB28F885A781934E8AFBD52EAC50 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:30:34.0023 0x04b4  NDProxy - ok
23:30:34.0072 0x04b4  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:30:34.0126 0x04b4  NetBIOS - ok
23:30:34.0206 0x04b4  [ DD52A733BF4CA5AF84562A5E2F963B91, 5CEB9664CED3D120F5408A12035748728710D41090A289CF66023CED4C838A1F ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:30:34.0259 0x04b4  NetBT - ok
23:30:34.0298 0x04b4  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] Netlogon        C:\Windows\system32\lsass.exe
23:30:34.0360 0x04b4  Netlogon - ok
23:30:34.0504 0x04b4  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
23:30:34.0538 0x04b4  Netman - ok
23:30:34.0773 0x04b4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:30:34.0859 0x04b4  NetMsmqActivator - ok
23:30:34.0952 0x04b4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:30:34.0955 0x04b4  NetPipeActivator - ok
23:30:35.0070 0x04b4  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
23:30:35.0117 0x04b4  netprofm - ok
23:30:35.0219 0x04b4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:30:35.0222 0x04b4  NetTcpActivator - ok
23:30:35.0253 0x04b4  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:30:35.0256 0x04b4  NetTcpPortSharing - ok
23:30:35.0334 0x04b4  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:30:35.0395 0x04b4  nfrd960 - ok
23:30:35.0501 0x04b4  [ 2226496E34BD40734946A054B1CD657F, 98392D98C9213822268971432BB55047ABD8B4EBD42483FA69BF50FB8FAD64A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:30:35.0541 0x04b4  NlaSvc - ok
23:30:35.0669 0x04b4  [ B48DC6ABCD3AEFF8618350CCBDC6B09A, 824D8B03E061DDD0D33EF9F03C669B13E7B6E339684009BD44D69178C45E2DE1 ] npf             C:\Windows\system32\drivers\npf.sys
23:30:35.0737 0x04b4  npf - ok
23:30:35.0963 0x04b4  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:30:35.0990 0x04b4  Npfs - ok
23:30:36.0067 0x04b4  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
23:30:36.0120 0x04b4  nsi - ok
23:30:36.0222 0x04b4  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:30:36.0265 0x04b4  nsiproxy - ok
23:30:36.0783 0x04b4  [ A8F59428E9F361C7AC42A94AC1560BC9, 5B056375C8D21E7AE9E2EAC2EF62F5A2D6D0DBB52DD2FC34F9CC35F55C6766A6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:30:36.0808 0x04b4  Ntfs - ok
23:30:36.0845 0x04b4  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
23:30:36.0846 0x04b4  Null - ok
23:30:36.0865 0x04b4  [ F1B0BED906F97E16F6D0C3629D2F21C6, 563DE1AF0BE884264FD0D17AAA92EA32A2EACDF1E6C56D038773919D731E110C ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
23:30:36.0868 0x04b4  nvraid - ok
23:30:36.0907 0x04b4  [ 4520B63899E867F354EE012D34E11536, BDFF1033609834F44B0EDBE8B360FD7977D027034C469862385736AEFE8832B7 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
23:30:36.0912 0x04b4  nvstor - ok
23:30:36.0941 0x04b4  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
23:30:36.0945 0x04b4  nv_agp - ok
23:30:37.0010 0x04b4  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:30:37.0020 0x04b4  odserv - ok
23:30:37.0044 0x04b4  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
23:30:37.0047 0x04b4  ohci1394 - ok
23:30:37.0098 0x04b4  [ DA345DE3B450E9E1691E7B9956D8FFC3, 23115188E82F7D2681D697D306F64B3CC4AF43F0AFDFAB73E1BB570115B9D84E ] OMSI download service C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
23:30:37.0101 0x04b4  OMSI download service - ok
23:30:37.0133 0x04b4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:30:37.0138 0x04b4  ose - ok
23:30:37.0192 0x04b4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:30:37.0200 0x04b4  p2pimsvc - ok
23:30:37.0229 0x04b4  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:30:37.0239 0x04b4  p2psvc - ok
23:30:37.0262 0x04b4  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:30:37.0264 0x04b4  Parport - ok
23:30:37.0291 0x04b4  [ 66D3415C159741ADE7038A277EFFF99F, D9853845FE495A546328986718074373EAB0F59538CFE7E604B1A94C8CBE7140 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:30:37.0294 0x04b4  partmgr - ok
23:30:37.0314 0x04b4  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
23:30:37.0316 0x04b4  Parvdm - ok
23:30:37.0337 0x04b4  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:30:37.0343 0x04b4  PcaSvc - ok
23:30:37.0380 0x04b4  [ C858CB77C577780ECC456A892E7E7D0F, 21AE545B736739DE5A7B02CF227516BA6D02B1AAAECD8CC516CCF9F1FD710BCF ] pci             C:\Windows\system32\DRIVERS\pci.sys
23:30:37.0385 0x04b4  pci - ok
23:30:37.0409 0x04b4  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
23:30:37.0411 0x04b4  pciide - ok
23:30:37.0447 0x04b4  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:30:37.0452 0x04b4  pcmcia - ok
23:30:37.0500 0x04b4  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:30:37.0502 0x04b4  pcw - ok
23:30:37.0566 0x04b4  [ 5BA9502A644FAFCC95DF4DE98C61B498, 4232446A2A8A75583E88D025F5E6A2DC2F8FFFF1E55F602B3FA4855C0218918E ] PDAgent         C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
23:30:37.0590 0x04b4  PDAgent - ok
23:30:37.0687 0x04b4  [ 0CE9FA01E53840E7BF8AE481EDC35411, A5135C6F9031BECFBCE0125BEDE86602D2772F50923290006C1B67057733E0DF ] PDEngine        C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
23:30:37.0728 0x04b4  PDEngine - ok
23:30:37.0991 0x04b4  [ B7064E3CE97323573F447E596B515466, AF09EAACD1358605357EB2F997CCA5E31F67A2EB9097B61CC6BC0A60E8C02DD5 ] PDFSFilter      C:\Windows\system32\DRIVERS\PDFsFilter.sys
23:30:38.0005 0x04b4  PDFSFilter - ok
23:30:38.0040 0x04b4  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:30:38.0058 0x04b4  PEAUTH - ok
23:30:38.0109 0x04b4  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
23:30:38.0131 0x04b4  PeerDistSvc - ok
23:30:38.0220 0x04b4  [ 5BD2C6D982481D548107C602E7CCFBBC, EAC1E25680021558ED067158AC1FC6E51F7FF8921B264604863E6D817CC5E1DC ] PID_0928        C:\Windows\system32\DRIVERS\LV561AV.SYS
23:30:38.0225 0x04b4  PID_0928 - ok
23:30:38.0288 0x04b4  [ 9C1BFF7910C89A1D12E57343475840CB, 62E00E1278BD263B2AC8CB803C31F2818C54DB143C49470FAD07731E04BD2DE3 ] pla             C:\Windows\system32\pla.dll
23:30:38.0329 0x04b4  pla - ok
23:30:38.0628 0x04b4  [ 71DEF5EC79774C798342D0EA16E41780, 5B5A365E57A7ACE3C4EDA1D891BD613879B284831E8253FDE498E40B2091E3B6 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:30:38.0638 0x04b4  PlugPlay - ok
23:30:38.0683 0x04b4  [ 3A2E85F7D90D15460C337CE80C2E3B29, EECAA20359FD2D75D6A564A3BAADACAA2CB69D061E455AA3F75055A3EAB54168 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
23:30:38.0688 0x04b4  PnkBstrA - ok
23:30:38.0717 0x04b4  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:30:38.0721 0x04b4  PNRPAutoReg - ok
23:30:38.0730 0x04b4  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:30:38.0742 0x04b4  PNRPsvc - ok
23:30:38.0776 0x04b4  [ 48E1B75C6DC0232FD92BAAE4BD344721, 5BA4EB5A60725836D8085EABF87F51160BA57E318A0C4378410217911A393CE7 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:30:38.0785 0x04b4  PolicyAgent - ok
23:30:38.0821 0x04b4  [ DBFF83F709A91049621C1D35DD45C92C, 0A722A44F431CAB5EA77FF5F25EB6975C2111B605564FF9FB59751067E7CD3A7 ] Power           C:\Windows\system32\umpo.dll
23:30:38.0829 0x04b4  Power - ok
23:30:38.0847 0x04b4  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:30:38.0853 0x04b4  PptpMiniport - ok
23:30:38.0878 0x04b4  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:30:38.0881 0x04b4  Processor - ok
23:30:38.0910 0x04b4  [ AEA3BDBDBA667AA6F678CB38907E4F5E, AB698DCA117F8D5F22F9CD8D7884147BAB4E0C055B8A487BC035C18ED1634752 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:30:38.0917 0x04b4  ProfSvc - ok
23:30:38.0927 0x04b4  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] ProtectedStorage C:\Windows\system32\lsass.exe
23:30:38.0930 0x04b4  ProtectedStorage - ok
23:30:38.0949 0x04b4  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:30:38.0952 0x04b4  Psched - ok
23:30:38.0976 0x04b4  [ 31C396331F61990CE235B046A03BE0A1, D0F954DB43200A1AD3963F8584185E56109454E029DCBD0FF252BD0E6DB79B26 ] pwdrvio         C:\Windows\system32\pwdrvio.sys
23:30:38.0980 0x04b4  pwdrvio - ok
23:30:39.0007 0x04b4  [ CEE974EF297015B9600DCD16A82821B4, 8B2C4554DF43847596BB7BF4EF331A9DBCD81857C0E1939EFBCA754AE7557100 ] pwdspio         C:\Windows\system32\pwdspio.sys
23:30:39.0011 0x04b4  pwdspio - ok
23:30:39.0057 0x04b4  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:30:39.0085 0x04b4  ql2300 - ok
23:30:39.0100 0x04b4  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:30:39.0103 0x04b4  ql40xx - ok
23:30:39.0123 0x04b4  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
23:30:39.0130 0x04b4  QWAVE - ok
23:30:39.0142 0x04b4  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:30:39.0144 0x04b4  QWAVEdrv - ok
23:30:39.0158 0x04b4  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:30:39.0160 0x04b4  RasAcd - ok
23:30:39.0198 0x04b4  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:30:39.0202 0x04b4  RasAgileVpn - ok
23:30:39.0215 0x04b4  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
23:30:39.0220 0x04b4  RasAuto - ok
23:30:39.0242 0x04b4  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:30:39.0246 0x04b4  Rasl2tp - ok
23:30:39.0265 0x04b4  [ 0CE66EC736B7FC526D78F7624C7D2A94, D70B45AA413691CF84B24E966EBA1689955E54BDDA206380CAB7CD50F56D5CEB ] RasMan          C:\Windows\System32\rasmans.dll
23:30:39.0278 0x04b4  RasMan - ok
23:30:39.0296 0x04b4  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:30:39.0299 0x04b4  RasPppoe - ok
23:30:39.0308 0x04b4  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:30:39.0311 0x04b4  RasSstp - ok
23:30:39.0334 0x04b4  [ 835D7E81BF517A3B72384BDCC85E1CE6, DC855AF17150C1B27926293115C01B5E1FD00FABCE18AFAEAB3DC68BDE4C908B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:30:39.0340 0x04b4  rdbss - ok
23:30:39.0360 0x04b4  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:30:39.0362 0x04b4  rdpbus - ok
23:30:39.0376 0x04b4  [ 1E016846895B15A99F9A176A05029075, 78AE674B6E7D3A69099B24AC07E06563A4C867F9DCD8548E4DAAE6FC5ACA4E29 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:30:39.0377 0x04b4  RDPCDD - ok
23:30:39.0407 0x04b4  [ C5FF95883FFEF704D50C40D21CFB3AB5, 26CC53DDE126A6BD99F606695F063BB7FDC4BBABB9F75F7AD7A84B58C837EEAA ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
23:30:39.0411 0x04b4  RDPDR - ok
23:30:39.0421 0x04b4  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:30:39.0423 0x04b4  RDPENCDD - ok
23:30:39.0428 0x04b4  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:30:39.0430 0x04b4  RDPREFMP - ok
23:30:39.0456 0x04b4  [ C5B8D47A4688DE9D335204EA757C2240, 2F646466120911B0CA0E331B4959A470E18DFD51C8FAAB69BE0461C31D52DBBE ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:30:39.0461 0x04b4  RDPWD - ok
23:30:39.0481 0x04b4  [ 4EA225BF1CF05E158853F30A99CA29A7, F211480F13E2FE36C31110AE67ABE74E9D572D3A36BEEDE29E14ECBD8C246878 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:30:39.0486 0x04b4  rdyboost - ok
23:30:39.0512 0x04b4  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:30:39.0516 0x04b4  RemoteAccess - ok
23:30:39.0537 0x04b4  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:30:39.0542 0x04b4  RemoteRegistry - ok
23:30:39.0584 0x04b4  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:30:39.0588 0x04b4  RFCOMM - ok
23:30:39.0607 0x04b4  [ B4090006A82EEB608C358AB5D37DE85A, 355028040E509AB831C6FF4E93B489567FCD1792311782F2BFE837D7CC895F49 ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
23:30:39.0611 0x04b4  RMCAST - ok
23:30:39.0633 0x04b4  [ 564297827D213F52C7A3A2FF749568CA, B09A78D3B3F0BF47818BBEEDEF73BD6ACB9C5E367592BB90C85FD262BE521876 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
23:30:39.0634 0x04b4  ROOTMODEM - ok
23:30:39.0649 0x04b4  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:30:39.0654 0x04b4  RpcEptMapper - ok
23:30:39.0662 0x04b4  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
23:30:39.0665 0x04b4  RpcLocator - ok
23:30:39.0691 0x04b4  [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] RpcSs           C:\Windows\system32\rpcss.dll
23:30:39.0700 0x04b4  RpcSs - ok
23:30:39.0709 0x04b4  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:30:39.0712 0x04b4  rspndr - ok
23:30:39.0766 0x04b4  [ 99FFD5BBB261203FDA695C84FA8BE9F6, 4F54A5807C221B2A2245A36F1359E386380978109FBE44A434D5C1DDCA19B051 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
23:30:39.0772 0x04b4  RTHDMIAzAudService - ok
23:30:39.0800 0x04b4  [ 7DFD48E24479B68B258D8770121155A0, 3B5F7309403C46855DB888CF2058B07C9029690DBC7FB3224BAC7BE5547D2D57 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
23:30:39.0804 0x04b4  RTL8167 - ok
23:30:39.0835 0x04b4  [ F390551D04F8C6B1C723480AFE14BB24, E348A8D14C8B82540073E680AF731D587816FD2A199CED7A2481EBAAEBF84F30 ] rzdaendpt       C:\Windows\system32\DRIVERS\rzdaendpt.sys
23:30:39.0837 0x04b4  rzdaendpt - ok
23:30:39.0910 0x04b4  [ FD2C595CBBF8B7D87A7D00FA219EF120, D3DE60E22BBC40655BD434E696601DEFEECB839E22CF0B07F76B750EAE7A16BF ] rzp1endpt       C:\Windows\system32\DRIVERS\rzp1endpt.sys
23:30:39.0912 0x04b4  rzp1endpt - ok
23:30:39.0937 0x04b4  [ F8B8E895C1CCD6AF2BC6E53379895180, 20E0367BE8661DD2C44FB0D682E864ABC0E5FE434D2B3ED55972F6F342743B41 ] rzudd           C:\Windows\system32\DRIVERS\rzudd.sys
23:30:39.0942 0x04b4  rzudd - ok
23:30:39.0967 0x04b4  [ 22E4FE2E2DDBC32CF30B8C6ACEFE4AC1, 2A99A1618ED58FD3CE70F217DA74ED9FF3C9E70ECABAD233CE365AEFA1922439 ] rzvkeyboard     C:\Windows\system32\DRIVERS\rzvkeyboard.sys
23:30:39.0975 0x04b4  rzvkeyboard - ok
23:30:39.0985 0x04b4  [ D723E99B0D86C9B09A47B44532086BEC, 6339B872B0254D589CDD032FB89174D518D006B0435A058974CAF858E3321BF4 ] rzvmouse        C:\Windows\system32\DRIVERS\rzvmouse.sys
23:30:39.0987 0x04b4  rzvmouse - ok
23:30:40.0049 0x04b4  [ 59509AD6CBC28F2C73056268985B3E48, 116B2F7C3AA3AF2E1E9380780D24A33B9DD169C2D5DDD4EE182A3BDFBA081436 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
23:30:40.0052 0x04b4  s0016bus - ok
23:30:40.0095 0x04b4  [ B98C3A6F91F4FBA285AF9606A240C6B4, 21AF9324116BB87A8B26F218AC7707882D10D6ADD7E1D01A9C1E9B0BFCAEE708 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
23:30:40.0097 0x04b4  s0016mdfl - ok
23:30:40.0140 0x04b4  [ 8A83426F4FB7B5212825D9DE76368B1A, 990A3CF48CA6CAE7DE10CBE06A75085E0186DD4735B3F64FE151B1727DC118A2 ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
23:30:40.0144 0x04b4  s0016mdm - ok
23:30:40.0159 0x04b4  [ 7A78BBA97FEB5E6D24C49E93A3BF7287, 99A447242968050940647A52C2191CAB57B7D293636FFA38300E89D872C60876 ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
23:30:40.0163 0x04b4  s0016mgmt - ok
23:30:40.0206 0x04b4  [ 34EF7B5F611957B73E7219DD5A222AD1, FA9EA663184FF9E2F7386789B613E29A5464566055E6D0EF22A743928155A6D3 ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
23:30:40.0218 0x04b4  s0016nd5 - ok
23:30:40.0239 0x04b4  [ 36792935847143E4A3CDA0DC87248487, F23B477925078ADB2BC1CD8CFE690623BD8ABD7B9F88C62DD56766D1BDD90783 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
23:30:40.0243 0x04b4  s0016obex - ok
23:30:40.0261 0x04b4  [ 927208754FB27FC3E7A659E77500C5D1, DD5FBC7151D9C2785BBC54D033771FD06C822CA2254C3C8A5D2FEDF6EA8B3DC6 ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
23:30:40.0265 0x04b4  s0016unic - ok
23:30:40.0288 0x04b4  [ 5423D8437051E89DD34749F242C98648, 28FD190E13676B0FD452A73C3069B72206E2938DB2240BAA9BDB56687C748A2B ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
23:30:40.0291 0x04b4  s3cap - ok
23:30:40.0304 0x04b4  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] SamSs           C:\Windows\system32\lsass.exe
23:30:40.0306 0x04b4  SamSs - ok
23:30:40.0354 0x04b4  [ BD2EA76B82EDB93C7DFDF986273935E3, 7F5BC26A2C370837CA75EF3839A0C1D48981419BA9FF763DC4E120E4A16E5E1E ] SandBox         C:\Windows\system32\drivers\SandBox.sys
23:30:40.0371 0x04b4  SandBox - ok
23:30:40.0417 0x04b4  [ 34EE0C44B724E3E4CE2EFF29126DE5B5, D27AAF77CB8830893558A600E19CDBF9A6AA7D69DE4B34F317ED4AFD38E8CAFB ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
23:30:40.0421 0x04b4  sbp2port - ok
23:30:40.0455 0x04b4  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:30:40.0462 0x04b4  SCardSvr - ok
23:30:40.0485 0x04b4  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51, 8C0189A6AF9AEC46CBA4DA422C52B2D3E4858B2F2658DB6CA7996B5F368D2503 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:30:40.0487 0x04b4  scfilter - ok
23:30:40.0519 0x04b4  [ DF1E5C82E4D09CF8105CC644980C4803, 36BB8402B29466CF1AE5BD56ED6CF6FE47DE162ADF04D44E2BCEA168CB0BD4D4 ] Schedule        C:\Windows\system32\schedsvc.dll
23:30:40.0537 0x04b4  Schedule - ok
23:30:40.0575 0x04b4  [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:30:40.0578 0x04b4  SCPolicySvc - ok
23:30:40.0595 0x04b4  [ 5FD90ABDBFAEE85986802622CBB03446, 0A8D9DC09C2ACA9EAABED04737E9EBF6EFB92BB2B9E5F37F10BFDF47CBF7DEDB ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:30:40.0601 0x04b4  SDRSVC - ok
23:30:40.0647 0x04b4  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:30:40.0648 0x04b4  secdrv - ok
23:30:40.0658 0x04b4  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
23:30:40.0662 0x04b4  seclogon - ok
23:30:40.0695 0x04b4  [ E5B56569A9F79B70314FEDE6C953641E, 41B088CD3AE5A342D44F2FDCB63975E15D79155F56DFC75631663D9C31D98634 ] seehcri         C:\Windows\system32\DRIVERS\seehcri.sys
23:30:40.0697 0x04b4  seehcri - ok
23:30:40.0709 0x04b4  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
23:30:40.0714 0x04b4  SENS - ok
23:30:40.0732 0x04b4  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:30:40.0737 0x04b4  SensrSvc - ok
23:30:40.0770 0x04b4  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:30:40.0772 0x04b4  Serenum - ok
23:30:40.0791 0x04b4  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:30:40.0794 0x04b4  Serial - ok
23:30:40.0808 0x04b4  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:30:40.0810 0x04b4  sermouse - ok
23:30:40.0847 0x04b4  [ 8F55CE568C543D5ADF45C409D16718FC, 64D45854A91B656C1AF36EB272FDC54E9B5FB0200CB93E20F7D997DDA109EF7F ] SessionEnv      C:\Windows\system32\sessenv.dll
23:30:40.0852 0x04b4  SessionEnv - ok
23:30:40.0874 0x04b4  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
23:30:40.0876 0x04b4  sffdisk - ok
23:30:40.0893 0x04b4  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:30:40.0896 0x04b4  sffp_mmc - ok
23:30:40.0903 0x04b4  [ A0708BBD07D245C06FF9DE549CA47185, 6A95ACD63A3E7CE6065D0A8B5C182C5B3F4540B8345AB5DCCBD3AC77E9D6CEAC ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
23:30:40.0904 0x04b4  sffp_sd - ok
23:30:40.0920 0x04b4  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:30:40.0922 0x04b4  sfloppy - ok
23:30:40.0961 0x04b4  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:30:40.0969 0x04b4  SharedAccess - ok
23:30:40.0990 0x04b4  [ CD2E48FA5B29EE2B3B5858056D246EF2, B743F92D0121CF3D827753C85F1F5A14C2DAA1CAFD42C7810C3BECB853DB6175 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:30:41.0001 0x04b4  ShellHWDetection - ok
23:30:41.0016 0x04b4  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
23:30:41.0018 0x04b4  sisagp - ok
23:30:41.0028 0x04b4  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:30:41.0030 0x04b4  SiSRaid2 - ok
23:30:41.0040 0x04b4  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:30:41.0043 0x04b4  SiSRaid4 - ok
23:30:41.0084 0x04b4  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
23:30:41.0088 0x04b4  SkypeUpdate - ok
23:30:41.0114 0x04b4  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:30:41.0116 0x04b4  Smb - ok
23:30:41.0152 0x04b4  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:30:41.0157 0x04b4  SNMPTRAP - ok
23:30:41.0214 0x04b4  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:30:41.0218 0x04b4  spldr - ok
23:30:41.0246 0x04b4  [ E17323B0AA9FB3FF9945731D736EDA2F, 65837FC6329A4B2B042B0CDB04F139CA14C2BD1EE0CDB2C7705431E9D97D0597 ] Spooler         C:\Windows\System32\spoolsv.exe
23:30:41.0256 0x04b4  Spooler - ok
23:30:41.0356 0x04b4  [ 4C287F9069FEDBD791178876EE9DE536, 6099E76FF6FBA002EBA2BA7BE4E3238D91332E077524D1DD402E0C9ADA22E852 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:30:41.0422 0x04b4  sppsvc - ok
23:30:41.0452 0x04b4  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7, E7A8A5774C62DC12B56DC3E0A385ACA9069F3A5E6AC664AD0C383EF44DCF81B3 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:30:41.0457 0x04b4  sppuinotify - ok
23:30:41.0509 0x04b4  [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd            C:\Windows\system32\Drivers\sptd.sys
23:30:41.0509 0x04b4  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505, sha256: B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB
23:30:41.0510 0x04b4  sptd - detected LockedFile.Multi.Generic ( 1 )
23:30:44.0040 0x04b4  Detect skipped due to KSN trusted
23:30:44.0040 0x04b4  sptd - ok
23:30:44.0080 0x04b4  [ C4A027B8C0BD3FC0699F41FA5E9E0C87, A709BD7DDF0ACA5CF65B5A541FC6013FF86181138B86D1BF631E4BF5F4F2E266 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:30:44.0087 0x04b4  srv - ok
23:30:44.0112 0x04b4  [ 414BB592CAD8A79649D01F9D94318FB3, 093F52568B48E94B6C53F2E7F229416B8643DD9CEBB3E41601C64E932E3098F3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:30:44.0119 0x04b4  srv2 - ok
23:30:44.0138 0x04b4  [ FF207D67700AA18242AAF985D3E7D8F4, CFB36B6AA3D6915D23654FB11E848EC47DA8346F47151BE66967E51101FD4222 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:30:44.0142 0x04b4  srvnet - ok
23:30:44.0172 0x04b4  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:30:44.0183 0x04b4  SSDPSRV - ok
23:30:44.0200 0x04b4  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:30:44.0206 0x04b4  SstpSvc - ok
23:30:44.0242 0x04b4  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:30:44.0244 0x04b4  stexstor - ok
23:30:44.0272 0x04b4  [ A22825E7BB7018E8AF3E229A5AF17221, 5C97557F8BC6ABBB5BE624AE41AAC22C3D845F76C3E930337A4C07B2381086D7 ] StiSvc          C:\Windows\System32\wiaservc.dll
23:30:44.0286 0x04b4  StiSvc - ok
23:30:44.0330 0x04b4  [ 957E346CA948668F2496A6CCF6FF82CC, 5C0E0F0E0F2D36E3213885C60BC3B075AFD2257FEB4B8186FC1FE253E0C218AF ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
23:30:44.0333 0x04b4  storflt - ok
23:30:44.0353 0x04b4  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
23:30:44.0358 0x04b4  StorSvc - ok
23:30:44.0377 0x04b4  [ D5751969DC3E4B88BF482AC8EC9FE019, DAEB50C0045364C75965B0E94744C6E2E1E85C8D00F1E8A5593F3EC780BDD7D9 ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
23:30:44.0380 0x04b4  storvsc - ok
23:30:44.0399 0x04b4  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:30:44.0402 0x04b4  swenum - ok
23:30:44.0428 0x04b4  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
23:30:44.0438 0x04b4  swprv - ok
23:30:44.0507 0x04b4  [ 04105C8DA62353589C29BDAEB8D88BD8, CC7A3A779A143E09FE5C0AA6795A7B13496C4E121347949CB23F7946EE5E2DED ] SysMain         C:\Windows\system32\sysmain.dll
23:30:44.0533 0x04b4  SysMain - ok
23:30:44.0565 0x04b4  [ FCFB6C552FBC0DA299799CBD50AD9FD4, A2A90829087B1A7F9B57D6F184EB4AE38D10B2986B0DC8D2ACA5EE9412CA3976 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:30:44.0571 0x04b4  TabletInputService - ok
23:30:44.0579 0x04b4  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF, FF66CBA014F3F8B721088F5AB3D004C1711E7F587CC8D4AC3DCFB45CDB746800 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:30:44.0587 0x04b4  TapiSrv - ok
23:30:44.0601 0x04b4  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
23:30:44.0606 0x04b4  TBS - ok
23:30:44.0671 0x04b4  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:30:44.0697 0x04b4  Tcpip - ok
23:30:44.0729 0x04b4  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD, D06B2B340BFF9AB71E2EC1B808079A43A09358495CB583840D79454D4BB1654E ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:30:44.0749 0x04b4  TCPIP6 - ok
23:30:44.0775 0x04b4  [ E64444523ADD154F86567C469BC0B17F, FBE8A1DC28C102068183754F6BF0D03F5D18FD24BEB7E4B57D1CFCEBB13B381F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:30:44.0777 0x04b4  tcpipreg - ok
23:30:44.0802 0x04b4  [ 1875C1490D99E70E449E3AFAE9FCBADF, FFDF03826DAB748D51B53B648B632E79B3CD6238F684FDEA749B4D0F93BE5A77 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:30:44.0804 0x04b4  TDPIPE - ok
23:30:44.0829 0x04b4  [ 7156308896D34EA75A582F9A09E50C17, B5663B4035EE4D7957D2EDB4F9D3342806CB0E094D9661C6BD6AFC031160F176 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:30:44.0831 0x04b4  TDTCP - ok
23:30:44.0837 0x04b4  [ CB39E896A2A83702D1737BFD402B3542, FA77D98EA3606CA2FCEF0E0949FDE2C32A080B47CAFDE46CE903CA3CBFC5DF35 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:30:44.0840 0x04b4  tdx - ok
23:30:44.0844 0x04b4  [ C36F41EE20E6999DBF4B0425963268A5, 9DB789A17DF2C283D6E803EEA15F2BDFC56EE3BE342A5606DD5C179C3550ECA6 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:30:44.0847 0x04b4  TermDD - ok
23:30:44.0875 0x04b4  [ A01E50A04D7B1960B33E92B9080E6A94, 0512BF11F2FD62BDBD2B1AA34D509BE82AC374C37B925C8C0ED119C6331930FD ] TermService     C:\Windows\System32\termsrv.dll
23:30:44.0890 0x04b4  TermService - ok
23:30:44.0915 0x04b4  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
23:30:44.0920 0x04b4  Themes - ok
23:30:44.0947 0x04b4  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
23:30:44.0951 0x04b4  THREADORDER - ok
23:30:44.0977 0x04b4  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
23:30:44.0983 0x04b4  TrkWks - ok
23:30:45.0032 0x04b4  [ 41A4C781D2286208D397D72099304133, 447CAAD5589AA499EEE49FBA2CB53210359DB76AFF1DF2F0BD4D92A397037C1D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:30:45.0064 0x04b4  TrustedInstaller - ok
23:30:45.0080 0x04b4  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242, 9606DACB8CBDAF520282BE8C8F064535767405F138D9E9A215D2C59183E93CC1 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:30:45.0087 0x04b4  tssecsrv - ok
23:30:45.0121 0x04b4  [ 3E461D890A97F9D4C168F5FDA36E1D00, 82A8778F404F7AC5102802CF46F279F1E58AC74244665D06FD0C68A8BD887536 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:30:45.0153 0x04b4  tunnel - ok
23:30:45.0197 0x04b4  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:30:45.0207 0x04b4  uagp35 - ok
23:30:45.0250 0x04b4  [ 09CC3E16F8E5EE7168E01CF8FCBE061A, 81EEAC72A7C4D72666C743DEFF8096FDB465AA1FA8076C60D19CC192846F01CA ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:30:45.0258 0x04b4  udfs - ok
23:30:45.0283 0x04b4  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:30:45.0330 0x04b4  UI0Detect - ok
23:30:45.0346 0x04b4  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
23:30:45.0349 0x04b4  uliagpkx - ok
23:30:45.0362 0x04b4  [ 049B3A50B3D646BAEEEE9EEC9B0668DC, 5774438BBD0976424C20559E14BA2AC158D9FF5D4E1FDC1C9C9F4D7A5CE8C377 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:30:45.0364 0x04b4  umbus - ok
23:30:45.0383 0x04b4  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:30:45.0385 0x04b4  UmPass - ok
23:30:45.0416 0x04b4  [ 8ECACA5454844F66386F7BE4AE0D7CD1, F3B02A9F598C6A9EFA019F5833959DD1A86FDFDB9FDDF99A8687BBB6211AAD00 ] UmRdpService    C:\Windows\System32\umrdp.dll
23:30:45.0427 0x04b4  UmRdpService - ok
23:30:45.0443 0x04b4  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
23:30:45.0453 0x04b4  upnphost - ok
23:30:45.0481 0x04b4  [ C31AE588E403042632DC796CF09E30B0, 3EA64F9637D6F0AFC9DA70775AC6598828CB289BC1F7B028B3CC22878A443F30 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:30:45.0488 0x04b4  usbccgp - ok
23:30:45.0505 0x04b4  [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
23:30:45.0512 0x04b4  usbcir - ok
23:30:45.0531 0x04b4  [ E4C436D914768CE965D5E659BA7EEBD8, 4FE0B360D2FE4C8B1D3FA5BD9A0E24CA6C186CD99B72EA58F6B669FABB0B1269 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:30:45.0534 0x04b4  usbehci - ok
23:30:45.0561 0x04b4  [ BDCD7156EC37448F08633FD899823620, 557A6E8B1CD43213FCCB247DEC9EEBC12F263DA13CFF72DEE724E830F7F22C33 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:30:45.0568 0x04b4  usbhub - ok
23:30:45.0572 0x04b4  [ EB2D819A639015253C871CDA09D91D58, E65757F3D162F26012BF9E16ECA0688BBCAE633AFFD1CE07083A3306376A4E82 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
23:30:45.0574 0x04b4  usbohci - ok
23:30:45.0590 0x04b4  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:30:45.0592 0x04b4  usbprint - ok
23:30:45.0634 0x04b4  [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:30:45.0637 0x04b4  usbscan - ok
23:30:45.0642 0x04b4  [ 1C4287739A93594E57E2A9E6A3ED7353, FCA7D01D7A699B2C3514FD30D534C9ABA975D4AC2543546D94BEB224834BCA54 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:30:45.0646 0x04b4  USBSTOR - ok
23:30:45.0656 0x04b4  [ 22480BF4E5A09192E5E30BA4DDE79FA4, E5CB29CD419009AC0F641E50E8B0E0B7FF6AD68ADB48A959FFD07A37FCF7B9BE ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:30:45.0658 0x04b4  usbuhci - ok
23:30:45.0699 0x04b4  [ 53CD7AEC95054E585457D27D1D255D73, 32D86EFE4C5BD471FEB8981D55C7896128B3FAC937CA8188F8E6947579195491 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
23:30:45.0713 0x04b4  usb_rndisx - ok
23:30:45.0741 0x04b4  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
23:30:45.0746 0x04b4  UxSms - ok
23:30:45.0761 0x04b4  [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] VaultSvc        C:\Windows\system32\lsass.exe
23:30:45.0768 0x04b4  VaultSvc - ok
23:30:45.0790 0x04b4  VComm - ok
23:30:45.0797 0x04b4  VcommMgr - ok
23:30:45.0801 0x04b4  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
23:30:45.0803 0x04b4  vdrvroot - ok
23:30:45.0834 0x04b4  [ 8C4E7C49D3641BC9E299E466A7F8867D, 4F2E742EFE2DE47EE187B3BCDFDCB525FE484B74700A226D7894F9633F957AFA ] vds             C:\Windows\System32\vds.exe
23:30:45.0847 0x04b4  vds - ok
23:30:45.0860 0x04b4  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:30:45.0863 0x04b4  vga - ok
23:30:45.0879 0x04b4  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:30:45.0882 0x04b4  VgaSave - ok
23:30:45.0898 0x04b4  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583, 33DF8F7C9A3176175113CA10D69FAF17A5412C055943F14DDC9923531FADB82D ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
23:30:45.0903 0x04b4  vhdmp - ok
23:30:45.0918 0x04b4  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
23:30:45.0920 0x04b4  viaagp - ok
23:30:45.0939 0x04b4  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
23:30:45.0942 0x04b4  ViaC7 - ok
23:30:45.0959 0x04b4  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
23:30:45.0960 0x04b4  viaide - ok
23:30:45.0984 0x04b4  [ 07C20E596A0838809BC5FF5DE5A65973, 1BDB2B5C3253AC2A8FD98199DB41101ECA7933D9EECCA598572EAF6D3686C83D ] VKbms           C:\Windows\system32\DRIVERS\VKbms.sys
23:30:45.0986 0x04b4  VKbms - ok
23:30:46.0008 0x04b4  [ 379B349F65F453D2A6E75EA6B7448E49, F52B1B3AE9F5D38B45C889A7B1EBE59533C17E73678D355D1466B5EF3338BF16 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
23:30:46.0013 0x04b4  vmbus - ok
23:30:46.0028 0x04b4  [ EC2BBAB4B84D0738C6C83D2234DC36FE, 8BA2FA187DAC6994D5A29897AE5F46E6424FB53C827553E0BB148E31825D6676 ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
23:30:46.0031 0x04b4  VMBusHID - ok
23:30:46.0042 0x04b4  [ 384E5A2AA49934295171E499F86BA6F3, C79271F98506392422325C075144F45436F9979FE1E002B57F9426F3DA96CEF0 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
23:30:46.0045 0x04b4  volmgr - ok
23:30:46.0075 0x04b4  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:30:46.0082 0x04b4  volmgrx - ok
23:30:46.0095 0x04b4  [ 58DF9D2481A56EDDE167E51B334D44FD, C77D7BE83CF1C0DEC80429C5A519E794FD2E8C1E6DAD6F5C92B5EB5694CEB8EA ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
23:30:46.0101 0x04b4  volsnap - ok
23:30:46.0120 0x04b4  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:30:46.0125 0x04b4  vsmraid - ok
23:30:46.0161 0x04b4  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C, 7CD6637BE0A08E3B0F9991D79751DCA8AEC9224B83301821DAA29C9F42B7A9E3 ] VSS             C:\Windows\system32\vssvc.exe
23:30:46.0188 0x04b4  VSS - ok
23:30:46.0211 0x04b4  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:30:46.0213 0x04b4  vwifibus - ok
23:30:46.0226 0x04b4  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
23:30:46.0236 0x04b4  W32Time - ok
23:30:46.0257 0x04b4  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:30:46.0259 0x04b4  WacomPen - ok
23:30:46.0271 0x04b4  [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:30:46.0274 0x04b4  WANARP - ok
23:30:46.0278 0x04b4  [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:30:46.0280 0x04b4  Wanarpv6 - ok
23:30:46.0346 0x04b4  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:30:46.0372 0x04b4  WatAdminSvc - ok
23:30:46.0400 0x04b4  [ 7790B77FE1E5EE47DCC66247095BB4C9, FFB541F83CDE32E65007D41217C2F46CDDF68121E2846B638EAB620ACA940B05 ] wbengine        C:\Windows\system32\wbengine.exe
23:30:46.0428 0x04b4  wbengine - ok
23:30:46.0454 0x04b4  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:30:46.0461 0x04b4  WbioSrvc - ok
23:30:46.0494 0x04b4  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6, 0805471A57DDF1974F3F7B36B0DD843731C608D10A1C00B01E6E9D0460098E1A ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:30:46.0504 0x04b4  wcncsvc - ok
23:30:46.0522 0x04b4  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:30:46.0527 0x04b4  WcsPlugInService - ok
23:30:46.0554 0x04b4  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:30:46.0556 0x04b4  Wd - ok
23:30:46.0573 0x04b4  [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:30:46.0584 0x04b4  Wdf01000 - ok
23:30:46.0597 0x04b4  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:30:46.0603 0x04b4  WdiServiceHost - ok
23:30:46.0607 0x04b4  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:30:46.0612 0x04b4  WdiSystemHost - ok
23:30:46.0636 0x04b4  [ BB5EC38F8D4600119B4720BC5D4211F1, F04F823A9FE77704F38D773C7350C71727C5E3309CD1EC754519C826A4599476 ] WebClient       C:\Windows\System32\webclnt.dll
23:30:46.0645 0x04b4  WebClient - ok
23:30:46.0652 0x04b4  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:30:46.0659 0x04b4  Wecsvc - ok
23:30:46.0676 0x04b4  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:30:46.0682 0x04b4  wercplsupport - ok
23:30:46.0711 0x04b4  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
23:30:46.0716 0x04b4  WerSvc - ok
23:30:46.0741 0x04b4  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:30:46.0743 0x04b4  WfpLwf - ok
23:30:46.0755 0x04b4  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:30:46.0757 0x04b4  WIMMount - ok
23:30:46.0814 0x04b4  [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:30:46.0828 0x04b4  WinDefend - ok
23:30:46.0836 0x04b4  WinHttpAutoProxySvc - ok
23:30:46.0874 0x04b4  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:30:46.0879 0x04b4  Winmgmt - ok
23:30:46.0941 0x04b4  [ C4F5D3901D1B41D602DDC196E0B95B51, 20FF2A9DEE3ECBFB163DFA62A407E30ED49F609EF46936F286C2A08A24EA3E7C ] WinRM           C:\Windows\system32\WsmSvc.dll
23:30:46.0969 0x04b4  WinRM - ok
23:30:47.0024 0x04b4  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:30:47.0027 0x04b4  WinUsb - ok
23:30:47.0075 0x04b4  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:30:47.0095 0x04b4  Wlansvc - ok
23:30:47.0178 0x04b4  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:30:47.0209 0x04b4  wlidsvc - ok
23:30:47.0228 0x04b4  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:30:47.0229 0x04b4  WmiAcpi - ok
23:30:47.0253 0x04b4  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:30:47.0256 0x04b4  wmiApSrv - ok
23:30:47.0305 0x04b4  [ 77FBD400984CF72BA0FC4B3489D65F74, 9AA404F17177FEB43A9EA1A86061B452E7C4A93C873E61B68269047519CD433E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:30:47.0328 0x04b4  WMPNetworkSvc - ok
23:30:47.0357 0x04b4  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:30:47.0362 0x04b4  WPCSvc - ok
23:30:47.0375 0x04b4  [ B7F658A2EBC07129538AD9AB35212637, 86774A760189E4B126C972A778F890C00C1C30EDD28044DD43B40644A8778B4D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:30:47.0381 0x04b4  WPDBusEnum - ok
23:30:47.0407 0x04b4  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:30:47.0409 0x04b4  ws2ifsl - ok
23:30:47.0429 0x04b4  [ A661A76333057B383A06E65F0073222F, B25AEC2B668C61F2E1C6F7AD27706EE10F8B04F09B5D069784131A6B8B5DF570 ] wscsvc          C:\Windows\System32\wscsvc.dll
23:30:47.0435 0x04b4  wscsvc - ok
23:30:47.0438 0x04b4  WSearch - ok
23:30:47.0495 0x04b4  [ A33408CC036F9C08142B11BE5E93F0A1, A6CE3681EE4DE3C9A8B8B5DA4E8E46DB4443A32D1339F7D0893F1F2153635D86 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:30:47.0561 0x04b4  wuauserv - ok
23:30:47.0597 0x04b4  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E, C685A458951820ED0F09E6197251CE6FC55AAB75D4FBEFF2992805309239A47A ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:30:47.0600 0x04b4  WudfPf - ok
23:30:47.0635 0x04b4  [ F91FF1E51FCA30B3C3981DB7D5924252, D7052B58F22638CA8B59C6FD7408D6D6DD1C33910912CACC05C133472CE0DDCE ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:30:47.0639 0x04b4  WUDFRd - ok
23:30:47.0649 0x04b4  [ DDEE3682FE97037C45F4D7AB467CB8B6, D5A8F07AF4EDD9D7E17FEC6222D187E2981C177A479511E407756E0E5CB8D387 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:30:47.0654 0x04b4  wudfsvc - ok
23:30:47.0678 0x04b4  [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:30:47.0686 0x04b4  WwanSvc - ok
23:30:47.0803 0x04b4  ================ Scan global ===============================
23:30:47.0853 0x04b4  [ 9A595DF601070DA78C40481120DD2C06, 4C2D6216F212DE9346339ED29152962A39E4435E70F18DD655156727E70818F6 ] C:\Windows\system32\basesrv.dll
23:30:47.0879 0x04b4  [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
23:30:47.0891 0x04b4  [ 8531AAF69394EFB93BC653916C46D245, 0DD9319AB0E4A714EB51989B2458E46D77F4776DBAD9F65CFA55662BAFB82CD9 ] C:\Windows\system32\winsrv.dll
23:30:47.0919 0x04b4  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
23:30:47.0944 0x04b4  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
23:30:47.0952 0x04b4  [ Global ] - ok
23:30:47.0953 0x04b4  ================ Scan MBR ==================================
23:30:47.0961 0x04b4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:30:48.0406 0x04b4  \Device\Harddisk0\DR0 - ok
23:30:48.0411 0x04b4  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5
23:30:48.0470 0x04b4  \Device\Harddisk5\DR5 - ok
23:30:48.0470 0x04b4  ================ Scan VBR ==================================
23:30:48.0484 0x04b4  [ 1A5AD2C81D2678CA05E72776559925EC ] \Device\Harddisk0\DR0\Partition1
23:30:48.0486 0x04b4  \Device\Harddisk0\DR0\Partition1 - ok
23:30:48.0488 0x04b4  [ 67DF49B0E40421BCA2A20C527B3690C5 ] \Device\Harddisk0\DR0\Partition2
23:30:48.0489 0x04b4  \Device\Harddisk0\DR0\Partition2 - ok
23:30:48.0491 0x04b4  [ 82B0390A4489C47B3C435601C0BB7931 ] \Device\Harddisk0\DR0\Partition3
23:30:48.0508 0x04b4  \Device\Harddisk0\DR0\Partition3 - ok
23:30:48.0512 0x04b4  [ 08F06D9EC61E9BFA0BA04878F53FCDD8 ] \Device\Harddisk5\DR5\Partition1
23:30:48.0513 0x04b4  \Device\Harddisk5\DR5\Partition1 - ok
23:30:48.0516 0x04b4  [ CF258ACAAF66AFDA64EE5D4BEEE99D6F ] \Device\Harddisk5\DR5\Partition2
23:30:48.0580 0x04b4  \Device\Harddisk5\DR5\Partition2 - ok
23:30:48.0580 0x04b4  ================ Scan generic autorun ======================
23:30:48.0726 0x04b4  [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
23:30:48.0802 0x04b4  AvastUI.exe - ok
23:30:48.0872 0x04b4  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:30:48.0893 0x04b4  Sidebar - ok
23:30:48.0917 0x04b4  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
23:30:48.0921 0x04b4  mctadmin - ok
23:30:48.0945 0x04b4  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:30:48.0962 0x04b4  Sidebar - ok
23:30:48.0967 0x04b4  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
23:30:48.0971 0x04b4  mctadmin - ok
23:30:48.0992 0x04b4  Skype - ok
23:30:49.0017 0x04b4  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\sidebar.exe
23:30:49.0034 0x04b4  Sidebar - ok
23:30:49.0060 0x04b4  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:30:49.0077 0x04b4  Sidebar - ok
23:30:49.0082 0x04b4  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
23:30:49.0086 0x04b4  mctadmin - ok
23:30:49.0087 0x04b4  Waiting for KSN requests completion. In queue: 85
23:30:50.0087 0x04b4  Waiting for KSN requests completion. In queue: 85
23:30:51.0087 0x04b4  Waiting for KSN requests completion. In queue: 85
23:30:52.0201 0x04b4  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x41000 ( enabled : updated )
23:30:52.0231 0x04b4  FW detected via SS2: Outpost Firewall Pro, C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe ( 9.10.4652.16323 ), 0x41010 ( enabled )
23:30:54.0645 0x04b4  ============================================================
23:30:54.0645 0x04b4  Scan finished
23:30:54.0645 0x04b4  ============================================================
23:30:54.0654 0x1144  Detected object count: 0
23:30:54.0654 0x1144  Actual detected object count: 0


What should I do next?



#7 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:06 AM

Posted 24 September 2014 - 03:05 PM

Hi buczubuczu
 

Download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc.
    If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#8 buczubuczu

buczubuczu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland, Silesia
  • Local time:06:06 AM

Posted 24 September 2014 - 04:13 PM

Allright. More logs appears on the screen.

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014
Ran by SYSTEM on MININT-CDAGSMI on 24-09-2014 23:03:27
Running from l:\
Platform: Windows 7 Professional (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Razer Synapse] => C:\Program Files\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [DeathAdder] => C:\Program Files\Razer\DeathAdder\razerhid.exe [248832 2012-01-14] ()
HKLM\...\Run: [OutpostMonitor] => C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe [3547192 2014-07-23] (Agnitum Ltd.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Agnitum <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Agnitum <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\Rafau\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\Rafau\...\Policies\Explorer: []
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll => c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll [837304 2014-07-23] (Agnitum Ltd.)
Startup: C:\Users\Rafau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avast! Free Antivirus.lnk
ShortcutTarget: avast! Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Startup: C:\Users\Rafau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk
ShortcutTarget: CCC.lnk -> C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Startup: C:\Users\Rafau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Rafau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fraps.lnk
ShortcutTarget: fraps.lnk -> C:\Fraps\fraps.exe (Beepa P/L)
Startup: C:\Users\Rafau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outpost Firewall Pro.lnk
ShortcutTarget: Outpost Firewall Pro.lnk -> C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
BootExecute: PDBoot.exeautocheck autochk *

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 acssrv; C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe [2379184 2014-07-23] (Agnitum Ltd.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-09-28] (Advanced Micro Devices, Inc.)
S2 AODService; C:\Program Files\AMD\OverDrive\AODAssist.exe [137096 2013-02-05] ()
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-01] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2013-02-20] (Flexera Software, Inc.)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
S2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
S2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [1244936 2013-09-06] (Raxco Software, Inc.)
S3 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2117384 2013-09-06] (Raxco Software, Inc.)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-09-10] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 afw; C:\Windows\System32\DRIVERS\afw.sys [33888 2012-10-16] (Agnitum Ltd.)
S3 afwcore; C:\Windows\System32\drivers\afwcore.sys [340688 2014-06-26] (Agnitum Ltd.)
S2 AODDriver4.01; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files\AMD\OverDrive\i386\AODDriver2.sys [49248 2013-02-05] (Advanced Micro Devices)
S3 ASWFilt; C:\Windows\system32\Filt\ASWFilt.dll [78656 2011-06-15] (Agnitum Ltd.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-01] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-01] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-01] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-01] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-01] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-01] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-01] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-01] ()
S3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20576 2013-10-08] (IVT Corporation.)
S3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [39936 2009-08-10] (Cypress Semiconductor)
S3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [9728 2010-04-19] (Razer (Asia-Pacific) Pte Ltd)
S2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [138768 2013-09-06] (Raxco Software, Inc.)
S3 EL90x; C:\Windows\System32\DRIVERS\el90XND5.SYS [156020 2001-07-16] (3Com Corporation)
S3 Envy24HFS; C:\Windows\System32\drivers\Envy24HF.sys [684352 2011-11-07] (VIA - IC Ensemble, Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [25280 2011-07-01] (LogMeIn, Inc.)
S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [23288 2012-12-24] (IVT Corporation.)
S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [27256 2012-12-24] (IVT Corporation.)
S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-01-31] (Logitech Inc.)
S3 LycoFltr; C:\Windows\System32\Drivers\Lycosa.sys [23680 2010-09-08] (Razer USA Ltd.)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
S2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S2 PDFSFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [66832 2013-09-06] (Raxco Software, Inc.)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [211712 2005-01-31] (Logitech Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2011-05-06] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2011-05-06] ()
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [199528 2011-12-02] (Realtek Semiconductor Corp.)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [30248 2014-05-18] (Razer Inc)
S3 rzp1endpt; C:\Windows\System32\DRIVERS\rzp1endpt.sys [35112 2014-05-18] (Razer Inc)
S3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [131368 2014-05-18] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [28456 2014-05-18] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\DRIVERS\rzvmouse.sys [28456 2014-05-18] (Razer Inc)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S1 SandBox; C:\Windows\System32\drivers\SandBox.sys [802528 2013-12-20] (Agnitum Ltd.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2011-06-16] (Duplex Secure Ltd.)
S3 ALSysIO; \??\C:\Users\Rafau\AppData\Local\Temp\ALSysIO.sys [X]
S3 amdiox86; system32\DRIVERS\amdiox86.sys [X]
S3 Andbus; system32\DRIVERS\lgandbus.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem.sys [X]
S3 androidusb; System32\Drivers\lgandadb.sys [X]
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 cmudaxp; system32\drivers\cmudaxp.sys [X]
S3 IvtComBusSrv; System32\Drivers\btcombus.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtport.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbus.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmodem.sys [X]
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 06:18 - 2014-09-24 06:18 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-09-24 06:17 - 2014-09-24 06:17 - 00028160 _____ () C:\Users\Rafau\Desktop\moduły_IŚ.xls
2014-09-23 13:29 - 2014-09-23 13:29 - 00000000 ____D () C:\Users\Rafau\Desktop\tdsskiller
2014-09-23 13:27 - 2014-09-23 13:27 - 04161313 _____ () C:\Users\Rafau\Desktop\tdsskiller.zip
2014-09-23 12:49 - 2014-09-23 12:49 - 00002907 _____ () C:\Users\Rafau\Desktop\fixlist.txt
2014-09-22 13:46 - 2014-09-22 13:50 - 00042979 _____ () C:\Users\Rafau\Desktop\Addition.txt
2014-09-22 13:45 - 2014-09-24 23:03 - 00000000 ____D () C:\FRST
2014-09-22 13:45 - 2014-09-22 13:50 - 00045931 _____ () C:\Users\Rafau\Desktop\FRST.txt
2014-09-22 13:44 - 2014-09-22 13:45 - 01097728 _____ (Farbar) C:\Users\Rafau\Desktop\FRST.exe
2014-09-19 16:42 - 2014-09-19 16:43 - 70869117 _____ () C:\Users\Rafau\Desktop\AVICII _ RICK ASTLEY 2014 - Never Gonna Wake You Up.mp4
2014-09-18 13:41 - 2014-09-18 13:41 - 00108748 _____ () C:\Users\Rafau\Desktop\OTL.Txt
2014-09-13 09:14 - 2014-09-13 09:14 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-13 09:06 - 2014-09-13 09:06 - 295040447 _____ () C:\Windows\MEMORY.DMP
2014-09-13 09:06 - 2014-09-13 09:06 - 00145320 _____ () C:\Windows\Minidump\091314-21512-01.dmp
2014-09-12 03:53 - 2014-09-12 03:53 - 00001011 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-09-12 03:53 - 2014-09-12 03:53 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-12 03:53 - 2014-09-12 03:53 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-09-12 03:47 - 2014-09-12 03:47 - 00688992 ____R (Swearware) C:\Users\Rafau\Desktop\dds.com
2014-09-11 13:16 - 2014-09-11 13:16 - 00000000 ____D () C:\rsit
2014-09-11 13:16 - 2014-09-11 13:16 - 00000000 ____D () C:\Program Files\trend micro
2014-09-11 10:19 - 2014-09-11 10:19 - 00000000 ____D () C:\zzz
2014-09-11 09:54 - 2014-09-11 09:54 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Ustawienia lokalne
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Szablony
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Moje dokumenty
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Menu Start
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moje wideo
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moje obrazy
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moja muzyka
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Dane aplikacji
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Historia
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Dane aplikacji
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 ____D () C:\users\Administrator
2014-09-11 09:54 - 2013-05-12 17:01 - 00000000 ____D () C:\Users\Administrator\Documents\Visual Studio 2008
2014-09-11 09:54 - 2011-05-15 11:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2014-09-11 08:50 - 2014-09-11 08:50 - 00001034 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-11 08:50 - 2014-09-11 08:50 - 00000000 ____D () C:\Users\Rafau\Desktop\mbam-chameleon-3.1.4.0
2014-09-11 08:50 - 2014-09-11 08:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-11 08:50 - 2014-05-11 21:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2014-09-11 08:50 - 2014-05-11 21:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-09-11 08:46 - 2014-09-11 09:49 - 00007764 _____ () C:\Windows\PFRO.log
2014-09-11 08:38 - 2014-09-11 08:38 - 00602112 _____ (OldTimer Tools) C:\Users\Rafau\Desktop\OTL.exe
2014-09-11 08:36 - 2014-09-16 15:17 - 00000000 ____D () C:\AdwCleaner
2014-09-11 08:36 - 2014-09-11 08:36 - 01370467 _____ () C:\Users\Rafau\Desktop\AdwCleaner.exe
2014-09-11 02:27 - 2014-09-11 02:27 - 00000000 ___HD () C:\Windows\PIF
2014-09-11 02:24 - 2014-09-11 02:24 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Rafau\Desktop\rkill.com
2014-09-10 17:18 - 2014-09-10 17:18 - 00235882 _____ () C:\Users\Rafau\Desktop\chameleon.chm
2014-09-10 17:16 - 2014-09-21 01:07 - 00001392 _____ () C:\Users\Rafau\Desktop\Rkill.txt
2014-09-10 17:07 - 2014-09-19 05:44 - 00001663 _____ () C:\Windows\setupact.log
2014-09-10 17:07 - 2014-09-10 17:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-10 17:03 - 2014-09-10 17:03 - 00009578 _____ () C:\Users\Rafau\Desktop\safer.reg
2014-09-10 16:59 - 2014-09-10 16:59 - 04872677 _____ () C:\Users\Rafau\Desktop\mbam-chameleon-3.1.4.0.zip
2014-09-10 16:26 - 2014-09-10 16:59 - 00007426 __RSH () C:\ProgramData\ntuser.pol
2014-09-10 16:14 - 2014-09-10 16:14 - 00000000 ____D () C:\Users\Rafau\AppData\Local\Ubisoft Game Launcher
2014-09-10 16:13 - 2014-09-10 16:13 - 00000000 ____D () C:\Program Files\Ubisoft
2014-08-28 04:48 - 2014-08-28 04:48 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_motusbdevice_01007.Wdf
2014-08-28 04:37 - 2014-08-28 04:37 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_motmodem_01007.Wdf
2014-08-28 04:31 - 2014-08-28 04:31 - 00000000 ____D () C:\Program Files\Motorola Mobility
2014-08-28 04:31 - 2014-08-28 04:31 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
2014-08-28 04:23 - 2014-08-28 04:23 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_Motousbnet_01007.Wdf
2014-08-28 04:23 - 2014-08-28 04:23 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_motfilt_01007.Wdf
2014-08-28 04:23 - 2014-08-28 04:23 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_motccgpfl_01007.Wdf
2014-08-28 04:23 - 2014-08-28 04:23 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_motccgp_01007.Wdf
2014-08-26 12:33 - 2014-08-26 12:33 - 00000000 ____D () C:\Users\Rafau\AppData\Local\Reflections

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 23:03 - 2014-09-22 13:45 - 00000000 ____D () C:\FRST
2014-09-24 13:00 - 2012-06-04 14:55 - 00523794 _____ () C:\Windows\System32\config\afw_db.conf
2014-09-24 13:00 - 2012-06-04 14:55 - 00000752 _____ () C:\Windows\System32\config\afw_hm.conf
2014-09-24 13:00 - 2011-12-17 00:58 - 01512285 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 12:59 - 2012-06-04 03:50 - 00218001 _____ () C:\Windows\System32\config\rules.rdb
2014-09-24 12:59 - 2011-10-02 08:52 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\foobar2000
2014-09-24 12:56 - 2011-05-07 13:18 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\Skype
2014-09-24 12:56 - 2011-05-07 11:48 - 00006252 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-09-24 12:56 - 2009-07-19 03:48 - 24743726 _____ () C:\Windows\System32\perfh015.dat
2014-09-24 12:56 - 2009-07-19 03:48 - 08446370 _____ () C:\Windows\System32\perfc015.dat
2014-09-24 06:18 - 2014-09-24 06:18 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-09-24 06:17 - 2014-09-24 06:17 - 00028160 _____ () C:\Users\Rafau\Desktop\moduły_IŚ.xls
2014-09-24 03:30 - 2009-07-13 18:04 - 00000631 _____ () C:\Windows\win.ini
2014-09-24 03:30 - 2009-07-13 18:04 - 00000245 _____ () C:\Windows\system.ini
2014-09-23 14:30 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\NDF
2014-09-23 13:29 - 2014-09-23 13:29 - 00000000 ____D () C:\Users\Rafau\Desktop\tdsskiller
2014-09-23 13:27 - 2014-09-23 13:27 - 04161313 _____ () C:\Users\Rafau\Desktop\tdsskiller.zip
2014-09-23 12:52 - 2011-08-09 15:17 - 00940032 _____ () C:\Windows\System32\config\sscan.xas
2014-09-23 12:49 - 2014-09-23 12:49 - 00002907 _____ () C:\Users\Rafau\Desktop\fixlist.txt
2014-09-23 06:40 - 2010-01-23 02:16 - 00000000 ____D () C:\Users\Rafau\Desktop\Gry
2014-09-22 13:50 - 2014-09-22 13:46 - 00042979 _____ () C:\Users\Rafau\Desktop\Addition.txt
2014-09-22 13:50 - 2014-09-22 13:45 - 00045931 _____ () C:\Users\Rafau\Desktop\FRST.txt
2014-09-22 13:45 - 2014-09-22 13:44 - 01097728 _____ (Farbar) C:\Users\Rafau\Desktop\FRST.exe
2014-09-21 23:52 - 2009-07-13 20:34 - 00018544 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 23:52 - 2009-07-13 20:34 - 00018544 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 14:15 - 2014-08-24 03:07 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\Mp3tag
2014-09-21 01:07 - 2014-09-10 17:16 - 00001392 _____ () C:\Users\Rafau\Desktop\Rkill.txt
2014-09-20 10:54 - 2013-10-24 06:17 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\Media Player Classic
2014-09-19 16:43 - 2014-09-19 16:42 - 70869117 _____ () C:\Users\Rafau\Desktop\AVICII _ RICK ASTLEY 2014 - Never Gonna Wake You Up.mp4
2014-09-19 05:52 - 2011-05-12 06:18 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2014-09-19 05:44 - 2014-09-10 17:07 - 00001663 _____ () C:\Windows\setupact.log
2014-09-19 01:41 - 2011-12-14 04:42 - 00000476 _____ () C:\Windows\wininit.ini
2014-09-19 01:40 - 2011-06-02 06:08 - 00000000 ___RD () C:\Users\Rafau\Dropbox
2014-09-19 01:40 - 2011-06-02 06:06 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\Dropbox
2014-09-19 01:40 - 2011-05-08 01:07 - 00000000 ____D () C:\Fraps
2014-09-19 01:39 - 2013-07-08 04:12 - 00000000 ____D () C:\Temp
2014-09-18 13:41 - 2014-09-18 13:41 - 00108748 _____ () C:\Users\Rafau\Desktop\OTL.Txt
2014-09-18 03:12 - 2014-03-07 07:04 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\.purple
2014-09-16 16:02 - 2011-05-07 13:10 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\IrfanView
2014-09-16 15:17 - 2014-09-11 08:36 - 00000000 ____D () C:\AdwCleaner
2014-09-15 00:57 - 2010-05-07 12:15 - 00000000 ____D () C:\Users\Rafau\Desktop\torrenty
2014-09-14 23:06 - 2011-05-07 12:02 - 00231568 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-09-13 09:14 - 2014-09-13 09:14 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-09-13 09:14 - 2011-05-07 13:18 - 00000000 ____D () C:\ProgramData\Skype
2014-09-13 09:06 - 2014-09-13 09:06 - 295040447 _____ () C:\Windows\MEMORY.DMP
2014-09-13 09:06 - 2014-09-13 09:06 - 00145320 _____ () C:\Windows\Minidump\091314-21512-01.dmp
2014-09-13 09:06 - 2011-12-04 11:43 - 00000000 ____D () C:\Windows\Minidump
2014-09-12 03:55 - 2013-02-20 11:02 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-12 03:53 - 2014-09-12 03:53 - 00001011 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-09-12 03:53 - 2014-09-12 03:53 - 00000000 ____D () C:\ProgramData\Licenses
2014-09-12 03:53 - 2014-09-12 03:53 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-09-12 03:47 - 2014-09-12 03:47 - 00688992 ____R (Swearware) C:\Users\Rafau\Desktop\dds.com
2014-09-11 13:16 - 2014-09-11 13:16 - 00000000 ____D () C:\rsit
2014-09-11 13:16 - 2014-09-11 13:16 - 00000000 ____D () C:\Program Files\trend micro
2014-09-11 10:19 - 2014-09-11 10:19 - 00000000 ____D () C:\zzz
2014-09-11 09:54 - 2014-09-11 09:54 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Ustawienia lokalne
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Szablony
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Moje dokumenty
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Menu Start
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moje wideo
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moje obrazy
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Documents\Moja muzyka
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\Dane aplikacji
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Historia
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Dane aplikacji
2014-09-11 09:54 - 2014-09-11 09:54 - 00000000 ____D () C:\users\Administrator
2014-09-11 09:49 - 2014-09-11 08:46 - 00007764 _____ () C:\Windows\PFRO.log
2014-09-11 09:15 - 2012-09-29 06:22 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-09-11 09:14 - 2014-05-09 01:55 - 00000000 ____D () C:\Users\Rafau\AppData\Local\21624
2014-09-11 08:50 - 2014-09-11 08:50 - 00001034 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-11 08:50 - 2014-09-11 08:50 - 00000000 ____D () C:\Users\Rafau\Desktop\mbam-chameleon-3.1.4.0
2014-09-11 08:50 - 2014-09-11 08:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-11 08:50 - 2011-05-12 06:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-11 08:41 - 2011-05-07 11:44 - 00000000 ____D () C:\users\Rafau
2014-09-11 08:38 - 2014-09-11 08:38 - 00602112 _____ (OldTimer Tools) C:\Users\Rafau\Desktop\OTL.exe
2014-09-11 08:36 - 2014-09-11 08:36 - 01370467 _____ () C:\Users\Rafau\Desktop\AdwCleaner.exe
2014-09-11 04:54 - 2013-02-20 04:43 - 00000000 ____D () C:\Users\Rafau\AppData\Local\Downloaded Installations
2014-09-11 04:41 - 2010-09-22 10:30 - 00000000 ____D () C:\Users\Rafau\Desktop\rozne
2014-09-11 02:27 - 2014-09-11 02:27 - 00000000 ___HD () C:\Windows\PIF
2014-09-11 02:24 - 2014-09-11 02:24 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Rafau\Desktop\rkill.com
2014-09-10 17:18 - 2014-09-10 17:18 - 00235882 _____ () C:\Users\Rafau\Desktop\chameleon.chm
2014-09-10 17:10 - 2011-05-12 06:18 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-09-10 17:07 - 2014-09-10 17:07 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-10 17:03 - 2014-09-10 17:03 - 00009578 _____ () C:\Users\Rafau\Desktop\safer.reg
2014-09-10 16:59 - 2014-09-10 16:59 - 04872677 _____ () C:\Users\Rafau\Desktop\mbam-chameleon-3.1.4.0.zip
2014-09-10 16:59 - 2014-09-10 16:26 - 00007426 __RSH () C:\ProgramData\ntuser.pol
2014-09-10 16:14 - 2014-09-10 16:14 - 00000000 ____D () C:\Users\Rafau\AppData\Local\Ubisoft Game Launcher
2014-09-10 16:13 - 2014-09-10 16:13 - 00000000 ____D () C:\Program Files\Ubisoft
2014-09-10 16:13 - 2014-05-28 15:14 - 00282512 _____ () C:\Windows\System32\PnkBstrB.exe
2014-09-10 16:13 - 2014-05-28 15:14 - 00076888 _____ () C:\Windows\System32\PnkBstrA.exe
2014-09-10 15:18 - 2012-09-14 08:12 - 00000345 _____ () C:\Users\Rafau\AppData\Roaming\Drives Meter_Settings.ini
2014-09-10 15:04 - 2012-01-21 16:34 - 00000000 ____D () C:\ProgramData\Origin
2014-09-10 14:42 - 2012-01-21 16:33 - 00000000 ____D () C:\Program Files\Origin
2014-09-10 14:32 - 2012-02-11 15:20 - 00000000 ____D () C:\Users\Rafau\Documents\My Games
2014-09-10 14:18 - 2011-06-16 06:55 - 00006073 _____ () C:\Windows\cdplayer.ini
2014-09-10 14:18 - 2011-06-16 06:52 - 00001534 _____ () C:\ProgramData\ss.ini
2014-09-10 14:15 - 2014-03-31 10:05 - 00000000 ____D () C:\ProgramData\EPSON
2014-09-10 14:03 - 2014-05-01 11:44 - 00000000 ____D () C:\Users\Rafau\AppData\Roaming\.minecraft
2014-09-09 16:12 - 2014-06-02 13:10 - 00022931 _____ () C:\Users\Rafau\Desktop\nauka do sesji w pełni.xlsx
2014-09-09 15:54 - 2014-08-01 07:26 - 00021812 _____ () C:\Users\Rafau\Desktop\statystyki #2.xlsx
2014-08-28 04:48 - 2014-08-28 04:48 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_motusbdevice_01007.Wdf
2014-08-28 04:37 - 2014-08-28 04:37 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_motmodem_01007.Wdf
2014-08-28 04:32 - 2013-07-08 04:11 - 00000000 ____D () C:\Program Files\Motorola
2014-08-28 04:31 - 2014-08-28 04:31 - 00000000 ____D () C:\Program Files\Motorola Mobility
2014-08-28 04:31 - 2014-08-28 04:31 - 00000000 ____D () C:\Program Files\Common Files\MSSoap
2014-08-28 04:28 - 2011-05-07 11:52 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-08-28 04:23 - 2014-08-28 04:23 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_Motousbnet_01007.Wdf
2014-08-28 04:23 - 2014-08-28 04:23 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_motfilt_01007.Wdf
2014-08-28 04:23 - 2014-08-28 04:23 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_motccgpfl_01007.Wdf
2014-08-28 04:23 - 2014-08-28 04:23 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_motccgp_01007.Wdf
2014-08-28 04:23 - 2014-06-18 23:09 - 00001394 _____ () C:\Windows\System32\lvcoinst.log
2014-08-27 06:50 - 2010-01-31 12:09 - 00000000 ____D () C:\Users\Rafau\Documents\OpenTTD
2014-08-26 12:33 - 2014-08-26 12:33 - 00000000 ____D () C:\Users\Rafau\AppData\Local\Reflections

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2009-07-13 15:24] - [2009-07-13 17:16] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-09-11 23:14:14
Restore point made on: 2014-09-16 02:20:26
Restore point made on: 2014-09-19 01:32:46
Restore point made on: 2014-09-23 00:26:58

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4093.55 MB
Available physical RAM: 3514.74 MB
Total Pagefile: 4091.83 MB
Available Pagefile: 3524.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.74 MB

==================== Drives ================================

Drive c: (Samsung System) (Fixed) (Total:199.99 GB) (Free:73.6 GB) NTFS
Drive e: (Samsung Inne) (Fixed) (Total:198.63 GB) (Free:102.58 GB) NTFS
Drive f: (Sims3SP01) (CDROM) (Total:4.52 GB) (Free:0 GB) UDF
Drive l: (ZDJECIA) (Fixed) (Total:7.45 GB) (Free:1.67 GB) FAT32
Drive m: (TRANSCEND 1) (Fixed) (Total:99.97 GB) (Free:46.39 GB) FAT32
Drive n: (TRANSCEND 2) (Fixed) (Total:598.64 GB) (Free:2.69 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Samsung Gry) (Fixed) (Total:300 GB) (Free:24.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AB4D186A)
Partition 1: (Not Active) - (Size=200 GB) - (Type=OF Extended)
Partition 2: (Active) - (Size=300 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=198.6 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 7.5 GB) (Disk ID: DB6884B3)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: CC0DB276)
Partition 1: (Active) - (Size=100 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=598.6 GB) - (Type=07 NTFS)


LastRegBack: 2014-08-07 03:44

==================== End Of Log ============================



#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:06 AM

Posted 25 September 2014 - 02:38 PM

Hi buczubuczu

Step 1

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the flashdrive as fixlist.txt
 

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Agnitum <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Agnitum <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
C:\Windows\system32\Drivers\akg00eig.sys
C:\ProgramData\EjislUzurq\EjislUzurq.dat

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Step 2

Download the RogueKiller office (created by Tigzy)

http://www.sur-la-toile.com/RogueKiller/

---> Click Scan

---> Then click Report Once the scan is complete, copy and paste the report on the forum.

(The report is also on the desktop)
 


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#10 buczubuczu

buczubuczu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland, Silesia
  • Local time:06:06 AM

Posted 26 September 2014 - 04:14 AM

Woohoo. Some action, finally! :D
After doing that scripts, both Outpost and Avast! are finally back. They act, as they should to. What's kinda weird is that both of them have databases up to date. Isn't that a cheap joke? Should I be afraid of something?

Fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 24-09-2014
Ran by SYSTEM at 2014-09-26 03:37:05 Run:2
Running from l:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Agnitum <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Agnitum <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
C:\Windows\system32\Drivers\akg00eig.sys
C:\ProgramData\EjislUzurq\EjislUzurq.dat
*****************

HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value deleted successfully.
"C:\Windows\system32\Drivers\akg00eig.sys" => File/Directory not found.
"C:\ProgramData\EjislUzurq\EjislUzurq.dat" => File/Directory not found.

==== End of Fixlog ====


2. Rougekiller log
I cannot make it in normal mode. Program is stucked at [X64] HKEY_LOCAL_MACHINE\System\ControlSet003\Services : Wdf01000.
Should I try to make it in safe mode then?

I've managed to get report from rougekiller like this one
RogueKiller V9.2.13.0 [Sep 25 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Rafau [Admin rights]
Mode : Scan -- Date : 09/26/2014  04:45:27

¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] (SVC) ALSysIO -- \??\C:\Users\Rafau\AppData\Local\Temp\ALSysIO.sys[x] -> STOPPED

¤¤¤ Registry Entries : 24 ¤¤¤
[Suspicious.Path] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90120000-0030-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H  -> FOUND
[Suspicious.Path] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | {90120000-0030-0000-0000-0000000FF1CE} : C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H  -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\Users\Rafau\AppData\Local\Temp\ALSysIO.sys) -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\Rafau\AppData\Local\Temp\ALSysIO.sys) -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\Users\Rafau\AppData\Local\Temp\ALSysIO.sys) -> FOUND
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ALSysIO (\??\C:\Users\Rafau\AppData\Local\Temp\ALSysIO.sys) -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 62.179.1.62 62.179.1.63  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 62.179.1.62 62.179.1.63  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 62.179.1.62 62.179.1.63  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 62.179.1.62 62.179.1.63  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0B840CBE-1090-4EDA-8582-6FDE5B0DD780} | DhcpNameServer : 62.179.1.62 62.179.1.63  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8A0E5B23-16FE-49C8-85BC-E690B65F6DB9} | DhcpNameServer : 62.179.1.62 62.179.1.63  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0B840CBE-1090-4EDA-8582-6FDE5B0DD780} | DhcpNameServer : 62.179.1.62 62.179.1.63  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8A0E5B23-16FE-49C8-85BC-E690B65F6DB9} | DhcpNameServer : 62.179.1.62 62.179.1.63  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0B840CBE-1090-4EDA-8582-6FDE5B0DD780} | DhcpNameServer : 62.179.1.62 62.179.1.63  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8A0E5B23-16FE-49C8-85BC-E690B65F6DB9} | DhcpNameServer : 62.179.1.62 62.179.1.63  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0B840CBE-1090-4EDA-8582-6FDE5B0DD780} | DhcpNameServer : 62.179.1.62 62.179.1.63  -> FOUND
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8A0E5B23-16FE-49C8-85BC-E690B65F6DB9} | DhcpNameServer : 62.179.1.62 62.179.1.63  -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-232082853-2929556137-3554894394-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[Suspicious.Path] HKEY_USERS\S-1-5-21-232082853-2929556137-3554894394-1000\Control Panel\Desktop | SCRNSAVE.EXE : C:\Windows\MATRIX~1.SCR  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 3 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 genuine.microsoft.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mpa.one.microsoft.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 sls.microsoft.com

¤¤¤ Antirootkit : 7 (Driver: LOADED) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x87b401f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x87b401f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x87b401f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x87b401f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x87b401f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x87b401f8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x87b401f8

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] 5lcb0le0.default : user_pref("network.proxy.http", " 194.141.96.247"); -> FOUND
[PUM.Proxy][FIREFX:Config] 5lcb0le0.default : user_pref("network.proxy.http_port", 8080); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD753LJ ATA Device +++++
--- User ---
[MBR] e19f76b84ab4b2c1f905239ad7ea2444
[BSP] 29fd579b5a7560915da8b6e634136c40 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 204789 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 419425020 | Size: 307196 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1048578048 | Size: 203402 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Urz?dzenie nie jest gotowe. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] ??danie nie jest obs?ugiwane. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Urz?dzenie nie jest gotowe. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] ??danie nie jest obs?ugiwane. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] Urz?dzenie nie jest gotowe. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] ??danie nie jest obs?ugiwane. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Urz?dzenie nie jest gotowe. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] ??danie nie jest obs?ugiwane. )

+++++ PhysicalDrive5: StoreJet Transcend USB Device +++++
--- User ---
[MBR] dde21eaf4e328c2ca961d576d2ebefda
[BSP] edafe1cea7483d6edf1f74af3acf5564 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 64 | Size: 102398 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 209712510 | Size: 613003 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] ??danie nie jest obs?ugiwane. )

+++++ PhysicalDrive6: SanDisk Cruzer Blade USB Device +++++
--- User ---
[MBR] 51d78acadfcae7cf19c5e0826c1cb6a4
[BSP] 96f6d08617e3f68506695251dffd04e0 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 32 | Size: 7633 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] ??danie nie jest obs?ugiwane. )



Although - I'm not sure if that's enough.


Edited by buczubuczu, 26 September 2014 - 05:40 AM.


#11 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:06 AM

Posted 26 September 2014 - 05:23 PM

Hi buczubuczu

Step 1
We need to run MalwareBytes Anti-Malware

  • Please open Malwarebytes Anti-Malware
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.
    Capture1_zps47821576.jpg
  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.
    MBAM%20rootkit%20setting.jpg
  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.

    If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
    MBAMThreatScan_zpsc6c6daeb.jpg
    • After viewing the results, please click on the Copy to Clipboard button > OK.
      MBAMScanLog_zps21b494ad.jpg
    • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.
Step 2

Please perform a scan with your Avast Software.

Step 3

We need to do a search with Farbar's Recovery Scan Tool

Open up Farbar's Recovery Scan Tool

Type the following in the edit box after "Search:".

EjislUzurq


Click Search button and post the log (Search.txt) it makes to your reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#12 buczubuczu

buczubuczu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland, Silesia
  • Local time:06:06 AM

Posted 27 September 2014 - 04:10 AM

All right.
Log from MBAM
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2014-09-27
Scan Time: 01:20:58
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.26.10
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x86
File System: NTFS
User: Rafau

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341050
Time Elapsed: 13 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

2.
Log from avast!
Avast found 9 unwanted stuff (quarantine from ADWCleaner) - told it to get rid of that. There was stuff called MgAssist.exe.vir, Mobogenie.exe.vir, nengine.dll.vir, nsis.vdr, DaemonProcess.exe.vir, New_UpdateMoboGenie.exe.vir, nengine.dll.vir and quarantine.txt. All of that is gone, all of that were in C:\AdwCleaner\Quarantine.
3.
Log from scanning

Farbar Recovery Scan Tool (x86) Version: 26-09-2014
Ran by Rafau at 2014-09-27 01:36:38
Running from C:\Users\Rafau\Desktop
Boot Mode: Normal

================== Search: "EjisUzurq" ===================

=== End Of Search ===

 

Log from registry search

Farbar Recovery Scan Tool (x86) Version: 26-09-2014
Ran by Rafau at 2014-09-27 01:40:27
Running from C:\Users\Rafau\Desktop
Boot Mode: Normal

================== Search Registry: "EjisUzurq" ===========


====== End Of Search ======


Should I do something else?



#13 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:06 AM

Posted 27 September 2014 - 11:51 AM

Hi buczubuczu

Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".
 

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:
     
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
     
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    When the scan is complete,

    If no threats were found:
     
  • Check in "Uninstall application on close"
  • Close program

    If threats were found:
     
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply

Also can I have have an update about how your machine is running now? Do you have any further issues?


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#14 buczubuczu

buczubuczu
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland, Silesia
  • Local time:06:06 AM

Posted 27 September 2014 - 04:41 PM

Any other issues You ask? Nothing really special - runs a bit slow (just as used to - five years on one operating system) when opening. Besides that - everything in place. Errors like this one with C++ library doesn't count - it happened to me randomly since I can remember. I think that it could be connected with my Football Manager (yes, I'm playing this Excel since 2010 edition) error on 90% rate, when I'm quit the game to OS.

I would also like to delete Admin account, which keeps showing itself every logon. I'm already having full rights at my normal and first account, so I don't need any more. I made it, because I thought that making ANOTHER supervisor admin account could help me with this bugger. Although - I do not know, how to delete it now. Managing accounts (or something like this in english, I'm not sure how does it sound) doesn't show any options, besides changing the password and few other things.

About that threads from ESET scan, it's here.
Not sure why it decided to delete good old CoreTemp (I know that every program warn me about it), as well as some root on my android phones and avi to mp3 extractor. Vdoplugin and the other one might be some crap, but I'm not sure about it. Anyway, here comes another log.
C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir    a variant of Win32/Thinknice.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir    a variant of Win32/ELEX.AV potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Rafau\AppData\Roaming\SupTab\SupTab.dll.vir    a variant of Win32/Thinknice.B potentially unwanted application    deleted - quarantined
C:\Users\Rafau\Dropbox\instalky\coretemp_1236.exe    a variant of Win32/InstallIQ.A potentially unwanted application    deleted - quarantined
D:\Instalki\livevdo-plugin.exe    Win32/TopMedia.A potentially unwanted application    deleted - quarantined
D:\Instalki\PazeraFlacToMp3Setup__6131_il11699.exe    a variant of Win32/Amonetize.AS potentially unwanted application    deleted - quarantined
D:\Instalki\Pazera_Free_Audio_Extractor.exe    Win32/InstallMonetizer.AF potentially unwanted application    deleted - quarantined
D:\Instalki\vshare-plugin.exe    Win32/TopMedia.A potentially unwanted application    deleted - quarantined
D:\Instalki\benchmark\coretemp_1236.exe    a variant of Win32/InstallIQ.A potentially unwanted application    deleted - quarantined
D:\Instalki\Telefony\xperia x10 mini pro\SE_tweaker tool v4.0\SE_tweaker tool v4.0\msm7227\bootTools\rageagainstthecage    Android/Exploit.Lotoor.AK trojan    cleaned by deleting - quarantined
D:\Instalki\Telefony\xperia x10 mini pro\SE_tweaker tool v4.0\SE_tweaker tool v4.0\rootdirectory\binary\rageagainstthecage    Android/Exploit.Lotoor.AK trojan    cleaned by deleting - quarantined
D:\Instalki\Telefony\xperia x10 mini pro\SE_tweaker tool v4.0\SE_tweaker tool v4.0\rootdirectory\files\rageagainstthecage    Android/Exploit.Lotoor.AK trojan    cleaned by deleting - quarantined
D:\Instalki\Telefony\xperia x10 mini pro\SE_tweaker tool v4.0\SE_tweaker tool v4.0\rootdirectory\files\cwm_files\rageagainstthecage    Android/Exploit.Lotoor.AK trojan    cleaned by deleting - quarantined
D:\Instalki\Telefony\xperia x10 mini pro\SuperOneClickv1.9.5-ShortFuse\Exploits\GingerBreak    Android/Exploit.Lotoor.AF trojan    cleaned by deleting - quarantined
D:\Instalki\Telefony\xperia x10 mini pro\SuperOneClickv1.9.5-ShortFuse\Exploits\psneuter    Android/Exploit.Lotoor.AK trojan    cleaned by deleting - quarantined
V:\Instalky rozne i podluzne\Pazera_Free_Audio_Extractor.exe    Win32/InstallMonetizer.AF potentially unwanted application    deleted - quarantined
V:\Instalky rozne i podluzne\PDFCreator-1_2_1_setup.exe    Win32/Toolbar.Widgi potentially unwanted application    deleted - quarantined
 



#15 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:04:06 AM

Posted 28 September 2014 - 01:22 PM

Hi buczubuczu
 
 
Here is a great tutorial by SevenForums on how to Enable/ Disable Administrator account.
 
http://www.sevenforums.com/tutorials/507-built-administrator-account-enable-disable.html


Your logs look clean, If you have no further problems you can uninstall the tools we have used and follow this advice :-

Remove Tools Used :

Clean up FRST Quarantine Folder

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

Start
DeleteQuarantine:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) You can delete it.
 
Clean up with Delfix

    Download "Delfix by Xplode" and save it to your desktop.

  • Double Click to start the program
    If you are using Vista or higher, please right-click and choose run as administrator
        Make Sure the following items are checked:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click on " Run " and wait patiently until the tool have completed.

    The tool will create a log when it has completed. We don't need you to post this.

     
    Clean up with TFC

    Please download TFC.exe - Temp File Cleaner by OldTimer:
    Alternate link: www.itxassociates.com/OT-Tools/TFC.exe
    • Save it to your Desktop.
    • Close any open windows, save your work.
    • Double click the TFC icon to run the program. ] (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process,
    • Allow TFC to run uninterrupted,
    • The program should not take long to finish its job.
    • Once it's finished, click OK to reboot.
    Turn On Automatic Updates:
    • Click Start, click Run, type sysdm.cpl, and then press ENTER.
    • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them
    Make your Internet Explorer more secure:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Under Security Level for this Zone make sure that you are set to Medium -High as seen in the image below:-

      IE10%20Rec%20Settings.jpg
    • Also verify that Enable Protected Mode is checked
    • Next press the Apply button and then the OK to exit the Internet Properties page.
    Finally I would highly advice you to read this topic Best Practices for Safe Computing - Tips to protect yourself against malware infection

    If you have any problems you know where we are :)

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users