Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gameharbor.org opens up at the start of the computer


  • This topic is locked This topic is locked
16 replies to this topic

#1 antonioxo

antonioxo

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 22 September 2014 - 09:57 PM

hello everybody for a week or two it seems i've gotten the extendeddunlimited/game harbor virus i've tried to remove myself but failed to often to be honest can anybody help me out with this problem? i use windows 7 but i'm unsure what i really need to do to rid myself of this problem any help would be welcomed.



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 24 September 2014 - 08:33 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

  • Important: To help me reviewing your logs, please post them in code boxes. You can create them by clicking on the <>-symbol on top of the reply window.

 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
  
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.
 


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 antonioxo

antonioxo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 24 September 2014 - 09:57 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2014
Ran by nene's (administrator) on NENES-PC on 24-09-2014 10:02:56
Running from C:\Windows\SysWOW64\config\systemprofile\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgam.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
() C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020576 2012-02-20] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-20] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [InstantUpdate] => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe [124520 2012-04-06] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [296984 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [AVG_TRAY] => C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [fst_us_14] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2268075938-3801120968-3292501955-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1939136 2014-08-28] (Valve Corporation)
HKU\S-1-5-21-2268075938-3801120968-3292501955-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\S-1-5-21-2268075938-3801120968-3292501955-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2268075938-3801120968-3292501955-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-2268075938-3801120968-3292501955-1001\...\MountPoints2: {2d3901c4-f88d-11e2-aba6-f367c60d218a} - F:\menu.exe
HKU\S-1-5-21-2268075938-3801120968-3292501955-1001\...\MountPoints2: {5db5ad55-f796-11e1-af57-da5a474ce6a0} - G:\SETUP.EXE
HKU\S-1-5-21-2268075938-3801120968-3292501955-1001\...\MountPoints2: {638bb905-f1fb-11e1-aea4-bd8505bce382} - E:\setup.exe
HKU\S-1-5-21-2268075938-3801120968-3292501955-1001\...\MountPoints2: {638bb916-f1fb-11e1-aea4-bd8505bce382} - F:\Setup\rsrc\Autorun.exe
HKU\S-1-5-21-2268075938-3801120968-3292501955-1001\...\MountPoints2: {efbaacac-bcae-11e2-ae18-990cdb289085} - H:\AutoRunMorrowind.exe
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=282369&fr=spigot-yhp-ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={3F186BC6-DA0F-11E2-8CDB-F53284204286}
SearchScopes: HKLM-x32 - DefaultScope {0FB60180-07E9-473B-ACF3-5D8CB7E7BE0D} URL = 
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10043&barid={3F186BC6-DA0F-11E2-8CDB-F53284204286}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.my-online-search.com/?q={searchTerms}&babsrc=SP_ofln&mntrId=EC9E08EDB94BDDF5&cat=buenosearch&dlb=1&affID=127101&tsp=5195
SearchScopes: HKCU - {0FB60180-07E9-473B-ACF3-5D8CB7E7BE0D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN65749740104773247&UM=2
SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKCU - {6C899AEB-43E1-4EB0-A824-FBCFDBBA9F85} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10043&barid={3F186BC6-DA0F-11E2-8CDB-F53284204286}
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @idsoftware.com/QuakeLive -> C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files (x86)\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG10\Firefox4 [2012-09-29]
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox

Chrome: 
=======
CHR HKCU\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\nene's\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-08-06]
CHR HKCU\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\nene's\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2012-08-06]
CHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\nene's\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2012-08-06]
CHR HKLM-x32\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files (x86)\AVG\AVG10\Chrome\safesearch.crx [2011-09-09]
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\nene's\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [2011-09-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-20] (Atheros Commnucations) [File not signed]
R2 avgfws; C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2708024 2011-03-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4600512 2012-07-10] (INCA Internet Co., Ltd.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-02-19] (Atheros) [File not signed]
S2 HPSLPSVC; C:\Users\nene's\AppData\Local\Temp\7zS61E2\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57696 2010-07-12] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-05] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-20] (DT Soft Ltd)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S3 b57xdbd; system32\DRIVERS\b57xdbd.sys [X]
S3 b57xdmp; system32\DRIVERS\b57xdmp.sys [X]
S3 bScsiMSa; system32\DRIVERS\bScsiMSa.sys [X]
S3 bScsiSDa; system32\DRIVERS\bScsiSDa.sys [X]
S3 k57nd60a; system32\DRIVERS\k57nd60a.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 10:02 - 2014-09-24 10:02 - 00000000 ____D () C:\FRST
2014-09-23 14:32 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 14:32 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 22:12 - 2014-09-22 22:12 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Roaming\Atheros
2014-09-22 22:12 - 2014-09-22 22:12 - 00000000 ____D () C:\AVG10
2014-09-22 16:41 - 2014-09-22 16:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-22 16:39 - 2014-09-22 16:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-22 16:39 - 2014-09-22 16:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-22 13:40 - 2014-09-22 14:54 - 00146166 _____ () C:\Windows\system32\avgrep.txt
2014-09-22 12:29 - 2014-09-24 09:54 - 00001098 _____ () C:\Windows\setupact.log
2014-09-22 12:29 - 2014-09-22 12:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-22 12:27 - 2014-09-22 12:27 - 00003164 _____ () C:\Windows\System32\Tasks\{05E96C6D-98FF-4A59-AE57-D4FC758FB3BA}
2014-09-20 03:35 - 2014-09-20 03:35 - 00000000 _____ () C:\Windows\SysWOW64\shoB2FC.tmp
2014-09-17 01:45 - 2014-09-17 01:45 - 00000000 _____ () C:\Windows\SysWOW64\sho1698.tmp
2014-09-12 02:09 - 2014-09-12 02:09 - 00000000 _____ () C:\Windows\SysWOW64\sho109C.tmp
2014-09-10 01:37 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 01:37 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 01:37 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 01:37 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 01:37 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 01:37 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 01:37 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 01:37 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 01:37 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 01:37 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 01:37 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 01:37 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 01:37 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 01:37 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 01:37 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 01:37 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 01:37 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 01:37 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 01:37 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 01:37 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 01:37 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 01:37 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 01:37 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 01:37 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 01:37 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 01:37 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 01:37 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 01:37 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 01:37 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 01:37 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 01:37 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 01:37 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 01:37 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 01:37 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 01:37 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 01:37 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 01:37 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 01:37 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 01:37 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 01:37 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 01:37 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 01:37 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 01:37 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 01:37 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 01:37 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 01:37 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 01:37 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 01:37 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 01:37 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 01:37 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 01:37 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 01:37 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 01:37 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 01:37 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 01:37 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 01:37 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 01:28 - 2014-06-26 22:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 01:28 - 2014-06-26 21:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 22:38 - 2014-08-01 07:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-09 22:38 - 2014-08-01 07:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-09 22:38 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 22:38 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-09 22:38 - 2014-06-23 23:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-09 22:38 - 2014-06-23 22:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-09 22:37 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-09 22:37 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-09 22:37 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-04 21:25 - 2014-09-04 21:26 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-09-04 18:51 - 2014-09-04 18:51 - 00003090 _____ () C:\Windows\System32\Tasks\{733E0DEC-9206-4CF1-8D6C-D271121B578E}
2014-09-04 18:32 - 2014-09-04 18:32 - 00003298 _____ () C:\Windows\System32\Tasks\{DFDB3E63-8E37-4414-8D2A-A9A5E95FD89C}
2014-08-27 15:44 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 15:44 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 15:44 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 10:02 - 2014-09-24 10:02 - 00000000 ____D () C:\FRST
2014-09-24 09:59 - 2012-09-29 00:54 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-09-24 09:58 - 2012-05-11 02:37 - 01904482 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 09:57 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-24 09:57 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 09:55 - 2013-08-13 03:08 - 00000000 ____D () C:\Games
2014-09-24 09:54 - 2014-09-22 12:29 - 00001098 _____ () C:\Windows\setupact.log
2014-09-24 09:54 - 2012-07-10 18:22 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-24 09:53 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-24 03:37 - 2012-04-03 01:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-24 02:37 - 2012-04-03 01:16 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-24 02:37 - 2012-04-03 01:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-24 02:37 - 2012-04-03 01:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-22 22:12 - 2014-09-22 22:12 - 00000000 ____D () C:\Windows\system32\config\systemprofile\AppData\Roaming\Atheros
2014-09-22 22:12 - 2014-09-22 22:12 - 00000000 ____D () C:\AVG10
2014-09-22 16:41 - 2014-09-22 16:41 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-22 16:39 - 2014-09-22 16:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-22 16:39 - 2014-09-22 16:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-22 14:54 - 2014-09-22 13:40 - 00146166 _____ () C:\Windows\system32\avgrep.txt
2014-09-22 12:56 - 2014-02-21 23:31 - 00000000 ____D () C:\GOG Games
2014-09-22 12:29 - 2014-09-22 12:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-22 12:27 - 2014-09-22 12:27 - 00003164 _____ () C:\Windows\System32\Tasks\{05E96C6D-98FF-4A59-AE57-D4FC758FB3BA}
2014-09-22 12:25 - 2014-02-20 21:47 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2014-09-20 03:35 - 2014-09-20 03:35 - 00000000 _____ () C:\Windows\SysWOW64\shoB2FC.tmp
2014-09-17 01:45 - 2014-09-17 01:45 - 00000000 _____ () C:\Windows\SysWOW64\sho1698.tmp
2014-09-16 22:51 - 2012-04-03 00:34 - 75448320 _____ () C:\Windows\system32\config\RegBack\SOFTWARE
2014-09-16 22:51 - 2012-04-03 00:34 - 19546112 _____ () C:\Windows\system32\config\RegBack\SYSTEM
2014-09-16 22:51 - 2012-04-03 00:34 - 00421888 _____ () C:\Windows\system32\config\RegBack\DEFAULT
2014-09-16 22:51 - 2012-04-03 00:34 - 00024576 _____ () C:\Windows\system32\config\RegBack\SAM
2014-09-16 22:50 - 2012-04-03 00:34 - 00024576 _____ () C:\Windows\system32\config\RegBack\SECURITY
2014-09-15 15:06 - 2013-03-01 18:21 - 00000000 ____D () C:\Windows\rescache
2014-09-12 02:09 - 2014-09-12 02:09 - 00000000 _____ () C:\Windows\SysWOW64\sho109C.tmp
2014-09-10 18:45 - 2009-07-14 01:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 01:36 - 2012-07-17 00:54 - 00776014 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 01:35 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 01:29 - 2012-08-23 21:36 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 01:28 - 2014-05-06 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-09 18:11 - 2014-09-23 14:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 17:47 - 2014-09-23 14:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-09 00:35 - 2014-01-21 22:04 - 00000000 ____D () C:\Program Files (x86)\Bethesda Softworks
2014-09-04 21:26 - 2014-09-04 21:25 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-09-04 21:25 - 2012-04-03 00:54 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-04 18:51 - 2014-09-04 18:51 - 00003090 _____ () C:\Windows\System32\Tasks\{733E0DEC-9206-4CF1-8D6C-D271121B578E}
2014-09-04 18:32 - 2014-09-04 18:32 - 00003298 _____ () C:\Windows\System32\Tasks\{DFDB3E63-8E37-4414-8D2A-A9A5E95FD89C}
2014-08-28 11:20 - 2009-07-14 00:45 - 00412424 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 22:51

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2014
Ran by nene's at 2014-09-24 10:04:08
Running from C:\Windows\SysWOW64\config\systemprofile\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2011 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Internet Security 2011 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
FW: AVG Firewall (Enabled) {621CC794-9486-F902-D092-0484E8EA828B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"Total War - Rome II" (HKLM-x32\...\{D038303C-02D7-4F1F-949E-8ABC0159A640}_is1) (Version: 1.7.0.8418 (Patch 7) - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2108.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2108.00 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}) (Version: 1.00.3004 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.122 - Atheros)
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1432 - AVG Technologies)
AVG 2011 (Version: 10.0.1432 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.4015 - AVG Technologies) Hidden
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Baldurs Gate - Enhanced Edition (HKLM-x32\...\Baldurs Gate - Enhanced Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Child of Light (HKLM-x32\...\Q2hpbGRvZkxpZ2h0_is1) (Version: 1 - )
Command and Conquer 3: Kane's Wrath (HKLM-x32\...\Steam App 24810) (Version:  - EA Los Angeles)
Command and Conquer 3: Tiberium Wars (HKLM-x32\...\Steam App 24790) (Version:  - EA Los Angeles)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Dead Space (HKLM-x32\...\Dead Space_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Divinity Original Sin (HKLM-x32\...\RGl2aW5pdHlPcmlnaW5hbFNpbg==_is1) (Version: 1 - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Don’t Starve (HKLM-x32\...\Don’t Starve_is1) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 10.6.9.9_WHQL (HKLM\...\Elantech) (Version: 10.6.9.9 - ELAN Microelectronic Corp.)
Fallout 2 (HKLM-x32\...\Steam App 38410) (Version:  - Black Isle Studios)
Fallout New Vegas  1.4 (HKLM-x32\...\Fallout New Vegas_is1) (Version: 1.4 - Bethesda Softworks)
Faster Than Light (HKLM-x32\...\Faster Than Light_is1) (Version:  - GOG.com)
Final Fantasy VIII (HKLM-x32\...\Final Fantasy VIII_is1) (Version:  - )
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.5 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.5.1.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Long Live the Queen (HKLM-x32\...\GOGPACKLLTQ_is1) (Version: 2.0.0.3 - GOG.com)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 en-US)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Quake Live Mozilla Plugin (HKLM-x32\...\{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}) (Version: 1.0.520 - id Software)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 3.1 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
Rome - Total War - Alexander (HKLM-x32\...\{6C1804BC-094F-431A-BEA5-37A837958029}) (Version: 1.9 - The Creative Assembly)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2268.2 - Hi-Rez Studios)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
The Elder Scrolls III Morrowind GOTY version 0.0.0.9 (HKLM-x32\...\The Elder Scrolls III Morrowind GOTY_is1) (Version: 0.0.0.9 - WaLMaRT)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Vampire - The Masquerade Bloodlines (HKLM-x32\...\InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision)
Vampire - The Masquerade Bloodlines (x32 Version: 1.00.0000 - Activision) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Vizzed Retro Game Room (HKLM-x32\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2268075938-3801120968-3292501955-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\nene's\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points  =========================

19-09-2014 18:19:59 Restore Operation
22-09-2014 15:55:36 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
22-09-2014 16:21:14 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
24-09-2014 07:00:51 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {093370B8-0602-45D3-BCF6-C300F4CAC999} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2268075938-3801120968-3292501955-1001
Task: {0BFFE4BA-FFA5-4ACF-A55B-964C6CFCC903} - System32\Tasks\{3C31B69A-2691-4D45-B7F7-A389B15B0A32} => Firefox.exe http://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?page=tsProgressBar
Task: {304AB245-C032-4DC8-A9D1-A1BE6361134D} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {496A6F1E-5A88-46DF-B95F-FCDB37F43E43} - System32\Tasks\{4F16B75E-3568-49A2-BD08-DCD955D3E5F3} => C:\Program Files (x86)\Thief\Binaries\Win32\Shipping-ThiefGame.exe
Task: {5D37B884-9783-4410-99E8-1058A009C918} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2268075938-3801120968-3292501955-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {867F38CC-D890-4D51-B6CD-2BE294D0D33C} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {9CA57EB7-E53B-486E-B222-DBCD04220A4A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2268075938-3801120968-3292501955-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {A2991D09-F6C9-44A0-B822-99B316D7FA71} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
Task: {F4E50B09-91D1-41A6-9F8B-6A802CCA1290} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-02-10 07:55 - 2011-02-10 07:55 - 01148256 _____ () C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
2012-04-06 23:29 - 2012-04-06 23:29 - 00040552 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-04-06 23:29 - 2012-04-06 23:29 - 00022120 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2014-08-28 22:16 - 2014-08-21 14:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 22:16 - 2014-08-21 14:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 22:16 - 2014-08-21 14:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-03-12 17:10 - 2014-08-20 18:38 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 01:18 - 2014-08-28 07:48 - 02224320 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 22:16 - 2014-08-21 14:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 22:16 - 2014-08-21 14:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-07-10 18:24 - 2014-08-28 07:48 - 00678080 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2012-01-05 17:22 - 2012-01-05 17:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-01-05 17:22 - 2012-01-05 17:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-01-05 17:22 - 2012-01-05 17:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-09-22 16:39 - 2014-09-18 03:16 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-07-10 18:24 - 2014-08-20 18:38 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-09-10 16:42 - 2014-09-10 16:42 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\27372090b75ca919048606aad2206bf4\IsdiInterop.ni.dll
2012-04-03 00:54 - 2012-02-01 19:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-05-11 02:44 - 2012-02-07 21:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-09-09 20:20 - 2014-09-09 20:20 - 16825520 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/23/2014 01:36:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EoCApp.exe, version: 1.0.36.0, time stamp: 0x53b151cb
Faulting module name: EoCApp.exe, version: 1.0.36.0, time stamp: 0x53b151cb
Exception code: 0xc0000005
Fault offset: 0x002ff324
Faulting process id: 0x18b8
Faulting application start time: 0xEoCApp.exe0
Faulting application path: EoCApp.exe1
Faulting module path: EoCApp.exe2
Report Id: EoCApp.exe3

Error: (09/22/2014 10:25:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/22/2014 10:14:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/22/2014 00:40:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FileShredder.exe, version: 2.0.8.9, time stamp: 0x4d91692f
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000005
Fault offset: 0x00025e37
Faulting process id: 0x157c
Faulting application start time: 0xFileShredder.exe0
Faulting application path: FileShredder.exe1
Faulting module path: FileShredder.exe2
Report Id: FileShredder.exe3

Error: (09/22/2014 00:17:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
	The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (09/22/2014 00:17:41 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=2350}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
	The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (09/19/2014 02:44:25 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Installed DirectX).

Error: (09/19/2014 02:27:59 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: The restore point selected was damaged or deleted during the restore (Installed DirectX).

Error: (09/18/2014 10:36:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAOrigins.exe, version: 1.4.12393.0, time stamp: 0x4c093423
Faulting module name: DAOrigins.exe, version: 1.4.12393.0, time stamp: 0x4c093423
Exception code: 0xc0000005
Fault offset: 0x0019a04e
Faulting process id: 0xd04
Faulting application start time: 0xDAOrigins.exe0
Faulting application path: DAOrigins.exe1
Faulting module path: DAOrigins.exe2
Report Id: DAOrigins.exe3

Error: (09/18/2014 09:37:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAOrigins.exe, version: 1.4.12393.0, time stamp: 0x4c093423
Faulting module name: DAOrigins.exe, version: 1.4.12393.0, time stamp: 0x4c093423
Exception code: 0xc0000005
Fault offset: 0x0019a04e
Faulting process id: 0x11e0
Faulting application start time: 0xDAOrigins.exe0
Faulting application path: DAOrigins.exe1
Faulting module path: DAOrigins.exe2
Report Id: DAOrigins.exe3


System errors:
=============
Error: (09/24/2014 09:57:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126

Error: (09/23/2014 02:25:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126

Error: (09/22/2014 10:36:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126

Error: (09/22/2014 10:25:57 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126

Error: (09/22/2014 10:15:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126

Error: (09/22/2014 03:02:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error: 
%%126

Error: (09/22/2014 02:42:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (09/22/2014 02:01:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (09/22/2014 02:01:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068

Error: (09/22/2014 01:50:45 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084VSS{0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}


Microsoft Office Sessions:
=========================
Error: (09/23/2014 01:36:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: EoCApp.exe1.0.36.053b151cbEoCApp.exe1.0.36.053b151cbc0000005002ff32418b801cfd6ec27c89fbcC:\Program Files (x86)\Divinity Original Sin\Shipping\EoCApp.exeC:\Program Files (x86)\Divinity Original Sin\Shipping\EoCApp.exe889c8a93-42e3-11e4-988c-973ec3b85692

Error: (09/22/2014 10:25:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\nene's\Downloads\esetsmartinstaller_enu.exe

Error: (09/22/2014 10:14:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/22/2014 00:40:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FileShredder.exe2.0.8.94d91692fMSVCR90.dll9.0.30729.61614dace5b9c000000500025e37157c01cfd683e5435edfC:\Program Files (x86)\EgisTec Shredder\x86\FileShredder.exeC:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll24a38591-4277-11e4-853a-af1d8bca00dd

Error: (09/22/2014 00:17:42 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	The content index catalog is corrupt.   0xc0041801 (0xc0041801)
The catalog is corrupt

Error: (09/22/2014 00:17:41 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
	The content index catalog is corrupt.   0xc0041801 (0xc0041801)
2350

Error: (09/19/2014 02:44:25 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: Installed DirectX

Error: (09/19/2014 02:27:59 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: Installed DirectX

Error: (09/18/2014 10:36:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DAOrigins.exe1.4.12393.04c093423DAOrigins.exe1.4.12393.04c093423c00000050019a04ed0401cfd3aa6b912df8C:\Games\Dragon Age Origins\bin_ship\DAOrigins.exeC:\Games\Dragon Age Origins\bin_ship\DAOrigins.exed1ecb49b-3fa5-11e4-ae45-a9e9bcf7b6a1

Error: (09/18/2014 09:37:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DAOrigins.exe1.4.12393.04c093423DAOrigins.exe1.4.12393.04c093423c00000050019a04e11e001cfd3a8b03703f4C:\Games\Dragon Age Origins\bin_ship\DAOrigins.exeC:\Games\Dragon Age Origins\bin_ship\DAOrigins.exe81e5f428-3f9d-11e4-ae45-a9e9bcf7b6a1



GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-24 10:24:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GN00 465.76GB
Running: jkew6j06.exe; Driver: C:\Windows\TEMP\fwloqpow.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\SysWOW64\ntdll.dll [2292:2296]                                                        000000000016196b
Thread  C:\Windows\SysWOW64\ntdll.dll [2292:2312]                                                        0000000000112340
Thread  C:\Windows\SysWOW64\ntdll.dll [2292:2316]                                                        0000000000112340
Thread  C:\Windows\SysWOW64\ntdll.dll [2292:2320]                                                        0000000000112340
Thread  C:\Windows\SysWOW64\ntdll.dll [2292:2324]                                                        0000000000112340
Thread  C:\Windows\SysWOW64\ntdll.dll [2292:2328]                                                        0000000000112340
Thread  C:\Windows\SysWOW64\ntdll.dll [2292:2436]                                                        00000000721fa3d3
Thread  C:\Windows\SysWOW64\ntdll.dll [2292:2492]                                                        00000000721974f8
Thread  C:\Windows\SysWOW64\ntdll.dll [2292:2500]                                                        00000000721a396f
Thread  C:\Windows\SysWOW64\ntdll.dll [2292:2504]                                                        0000000072111020
Thread  C:\Windows\SysWOW64\ntdll.dll [2292:2508]                                                        0000000072111020
Thread  C:\Windows\SysWOW64\ntdll.dll [2292:2556]                                                        0000000071740650
Thread  C:\Windows\SysWOW64\ntdll.dll [2292:2560]                                                        0000000071740650
Thread  C:\Windows\SysWOW64\ntdll.dll [2292:2564]                                                        0000000000112340

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb94bddf6                      
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb94bddf6 (not active ControlSet)  

---- EOF - GMER 2.1 ----

10:26:39.0033 0x04bc  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
10:26:54.0710 0x04bc  ============================================================
10:26:54.0710 0x04bc  Current date / time: 2014/09/24 10:26:54.0710
10:26:54.0710 0x04bc  SystemInfo:
10:26:54.0710 0x04bc  
10:26:54.0710 0x04bc  OS Version: 6.1.7601 ServicePack: 1.0
10:26:54.0710 0x04bc  Product type: Workstation
10:26:54.0710 0x04bc  ComputerName: NENES-PC
10:26:54.0710 0x04bc  UserName: nene's
10:26:54.0710 0x04bc  Windows directory: C:\Windows
10:26:54.0710 0x04bc  System windows directory: C:\Windows
10:26:54.0710 0x04bc  Running under WOW64
10:26:54.0710 0x04bc  Processor architecture: Intel x64
10:26:54.0710 0x04bc  Number of processors: 4
10:26:54.0710 0x04bc  Page size: 0x1000
10:26:54.0710 0x04bc  Boot type: Normal boot
10:26:54.0710 0x04bc  ============================================================
10:26:54.0839 0x04bc  KLMD registered as C:\Windows\system32\drivers\17113879.sys
10:26:55.0367 0x04bc  System UUID: {76D624F5-20BD-DDF0-9C4A-7A2388E16940}
10:26:55.0933 0x04bc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:26:55.0936 0x04bc  ============================================================
10:26:55.0936 0x04bc  \Device\Harddisk0\DR0:
10:26:55.0952 0x04bc  MBR partitions:
10:26:55.0952 0x04bc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000
10:26:55.0952 0x04bc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2232800, BlocksNum 0x38153000
10:26:55.0952 0x04bc  ============================================================
10:26:56.0004 0x04bc  C: <-> \Device\Harddisk0\DR0\Partition2
10:26:56.0004 0x04bc  ============================================================
10:26:56.0005 0x04bc  Initialize success
10:26:56.0005 0x04bc  ============================================================
10:27:19.0472 0x0efc  ============================================================
10:27:19.0472 0x0efc  Scan started
10:27:19.0472 0x0efc  Mode: Manual; 
10:27:19.0472 0x0efc  ============================================================
10:27:19.0472 0x0efc  KSN ping started
10:27:22.0279 0x0efc  KSN ping finished: true
10:27:23.0133 0x0efc  ================ Scan system memory ========================
10:27:23.0133 0x0efc  System memory - ok
10:27:23.0133 0x0efc  ================ Scan services =============================
10:27:23.0376 0x0efc  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:27:23.0380 0x0efc  1394ohci - ok
10:27:23.0425 0x0efc  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:27:23.0431 0x0efc  ACPI - ok
10:27:23.0452 0x0efc  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:27:23.0453 0x0efc  AcpiPmi - ok
10:27:23.0550 0x0efc  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:27:23.0552 0x0efc  AdobeARMservice - ok
10:27:23.0696 0x0efc  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:27:23.0700 0x0efc  AdobeFlashPlayerUpdateSvc - ok
10:27:23.0776 0x0efc  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:27:23.0784 0x0efc  adp94xx - ok
10:27:23.0817 0x0efc  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:27:23.0823 0x0efc  adpahci - ok
10:27:23.0844 0x0efc  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:27:23.0848 0x0efc  adpu320 - ok
10:27:23.0876 0x0efc  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:27:23.0878 0x0efc  AeLookupSvc - ok
10:27:23.0939 0x0efc  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
10:27:23.0948 0x0efc  AFD - ok
10:27:23.0981 0x0efc  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
10:27:23.0983 0x0efc  agp440 - ok
10:27:24.0010 0x0efc  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
10:27:24.0011 0x0efc  ALG - ok
10:27:24.0056 0x0efc  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:27:24.0057 0x0efc  aliide - ok
10:27:24.0075 0x0efc  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:27:24.0075 0x0efc  amdide - ok
10:27:24.0113 0x0efc  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:27:24.0115 0x0efc  AmdK8 - ok
10:27:24.0129 0x0efc  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
10:27:24.0131 0x0efc  AmdPPM - ok
10:27:24.0158 0x0efc  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:27:24.0161 0x0efc  amdsata - ok
10:27:24.0183 0x0efc  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:27:24.0187 0x0efc  amdsbs - ok
10:27:24.0202 0x0efc  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:27:24.0203 0x0efc  amdxata - ok
10:27:24.0235 0x0efc  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
10:27:24.0237 0x0efc  AppID - ok
10:27:24.0267 0x0efc  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:27:24.0268 0x0efc  AppIDSvc - ok
10:27:24.0303 0x0efc  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
10:27:24.0305 0x0efc  Appinfo - ok
10:27:24.0342 0x0efc  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
10:27:24.0344 0x0efc  arc - ok
10:27:24.0366 0x0efc  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:27:24.0368 0x0efc  arcsas - ok
10:27:24.0512 0x0efc  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:27:24.0514 0x0efc  aspnet_state - ok
10:27:24.0560 0x0efc  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:27:24.0560 0x0efc  AsyncMac - ok
10:27:24.0600 0x0efc  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:27:24.0601 0x0efc  atapi - ok
10:27:24.0634 0x0efc  [ BCC09E0B0362741D0C084828A1B950F3, 0B63874E4ED11EFC626144BEE964BBEED665466582FC5DC12333C02101EF414C ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
10:27:24.0635 0x0efc  AthBTPort - ok
10:27:24.0708 0x0efc  [ AFF8FD222BFEB2D7AAF7F5E1AFF48A46, 3FFEC85AD6E6F8C345676757A40F2AE97F466744C5EE8EA013DA56E6BF2B1DE8 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
10:27:24.0710 0x0efc  AtherosSvc - ok
10:27:24.0859 0x0efc  [ 43E7A4298644526B0190C43AF6489DB1, 3ABA96CEE54E4AAA64100655F9BB676F57C76A098D649E63624251FBACFFDAAC ] athr            C:\Windows\system32\DRIVERS\athrx.sys
10:27:24.0918 0x0efc  athr - ok
10:27:24.0984 0x0efc  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:27:24.0996 0x0efc  AudioEndpointBuilder - ok
10:27:25.0014 0x0efc  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:27:25.0029 0x0efc  AudioSrv - ok
10:27:25.0106 0x0efc  [ 705417FD6C165CCF926ACA943B478D68, 36D247A53607AEA194AFA77316E9255002A36584A2B04AB66BCA195E2E7DDC7C ] Avgfwfd         C:\Windows\system32\DRIVERS\avgfwd6a.sys
10:27:25.0107 0x0efc  Avgfwfd - ok
10:27:25.0227 0x0efc  [ 2F0C5AE2352F22B587EDC2829C971262, 6BA46C609AF02148C12D09565BD1F6A432C3F6C70BB863059B3D2CB3E2B11522 ] avgfws          C:\Program Files (x86)\AVG\AVG10\avgfws.exe
10:27:25.0274 0x0efc  avgfws - ok
10:27:25.0570 0x0efc  [ 7A0F6A3E0E41425B9BA54616B482668A, 096BE4C9D44CD8BB63E3415DF70035C63B43B43E191C7311DCA05532C0DDF840 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
10:27:25.0679 0x0efc  AVGIDSAgent - ok
10:27:25.0757 0x0efc  [ E6671E90D38C88764412E07C9D9B3D63, BE49A67C4739F4516F1CBE6E30AAD063E3DD7AB2543C7CBC00DD561222DDC0A5 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
10:27:25.0757 0x0efc  AVGIDSDriver - ok
10:27:25.0788 0x0efc  [ 1553B388E0F0462C25AD8F30C3C29E83, 32B19B54EC7413BDC4E03821C007FE50659350F4DBC3487E5FD634DFDDC26C3C ] AVGIDSEH        C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:27:25.0788 0x0efc  AVGIDSEH - ok
10:27:25.0788 0x0efc  [ DCA426A66739E75F51A72160DFB945AD, 38080DBA773CBD26963A579DC70BFABB273D544295AFAD6F63F7A798C47D60D7 ] AVGIDSFilter    C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
10:27:25.0788 0x0efc  AVGIDSFilter - ok
10:27:25.0820 0x0efc  [ 5D9D7009EDA9338F286730390DBEB5B6, 3DA456A113FBFBB33FC27661D3F0D21525210FE1C60BB64D0C1ECC4AF35B86DE ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
10:27:25.0835 0x0efc  Avgldx64 - ok
10:27:25.0835 0x0efc  [ 997D002827D3E3DCBBB25BF46DB161AB, DAB5984718F1429B41A8B81863E68363CA0F3E4FF0EEBAD47B4A246A69ADF8E9 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
10:27:25.0835 0x0efc  Avgmfx64 - ok
10:27:25.0882 0x0efc  [ BCCFE3374C887075CDE2AC8FDB1CB2F8, 9D9C0CE241288D9CD386F6BD35818646E8D66F0929D2A700CF7DF4EFFB107C8E ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
10:27:25.0898 0x0efc  Avgrkx64 - ok
10:27:25.0929 0x0efc  [ 0D49ADCEBE243B79366EA523B647519A, 2539503A1F2A4D53C6065DAC0996FD95E6C0E0597AD7A5F743B934384CFFEA03 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
10:27:25.0944 0x0efc  Avgtdia - ok
10:27:25.0960 0x0efc  [ FC2BC51120A945F7C70376495E4E7737, AA9711093972B6D7690C7662EF45DAAA9499AD36A6191382E43DAE566B64BF12 ] avgwd           C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
10:27:25.0976 0x0efc  avgwd - ok
10:27:26.0007 0x0efc  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:27:26.0007 0x0efc  AxInstSV - ok
10:27:26.0069 0x0efc  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
10:27:26.0069 0x0efc  b06bdrv - ok
10:27:26.0100 0x0efc  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:27:26.0116 0x0efc  b57nd60a - ok
10:27:26.0116 0x0efc  b57xdbd - ok
10:27:26.0116 0x0efc  b57xdmp - ok
10:27:26.0163 0x0efc  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:27:26.0178 0x0efc  BDESVC - ok
10:27:26.0194 0x0efc  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:27:26.0194 0x0efc  Beep - ok
10:27:26.0272 0x0efc  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
10:27:26.0272 0x0efc  BFE - ok
10:27:26.0319 0x0efc  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
10:27:26.0334 0x0efc  BITS - ok
10:27:26.0366 0x0efc  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
10:27:26.0366 0x0efc  blbdrive - ok
10:27:26.0397 0x0efc  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:27:26.0397 0x0efc  bowser - ok
10:27:26.0412 0x0efc  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:27:26.0412 0x0efc  BrFiltLo - ok
10:27:26.0428 0x0efc  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:27:26.0428 0x0efc  BrFiltUp - ok
10:27:26.0490 0x0efc  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
10:27:26.0490 0x0efc  Browser - ok
10:27:26.0522 0x0efc  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:27:26.0522 0x0efc  Brserid - ok
10:27:26.0522 0x0efc  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:27:26.0537 0x0efc  BrSerWdm - ok
10:27:26.0537 0x0efc  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:27:26.0537 0x0efc  BrUsbMdm - ok
10:27:26.0553 0x0efc  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:27:26.0553 0x0efc  BrUsbSer - ok
10:27:26.0568 0x0efc  bScsiMSa - ok
10:27:26.0584 0x0efc  bScsiSDa - ok
10:27:26.0615 0x0efc  [ C05ED3246C06EC56F10D85B0304CD09E, F479ED840D5BA4244391ABBB91D75D77D7A7D3F73F9AD45B7C7A137321B536AE ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
10:27:26.0631 0x0efc  BTATH_A2DP - ok
10:27:26.0646 0x0efc  [ 2D27F7A831657D63AFC78E5E78DCA83F, 916A7B13A0BBFD62BEF2B124B75FDD675A29D6D939FEA0AD555D5B23DCEECB69 ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
10:27:26.0646 0x0efc  btath_avdt - ok
10:27:26.0678 0x0efc  [ E6B734A37ADE36FE1A77035F4E484C8C, 7F3AB1E0CF9F348633B3B325F5F365CCD4C7FF7E4564BDE02C2DA27A499D0234 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
10:27:26.0678 0x0efc  BTATH_BUS - ok
10:27:26.0693 0x0efc  [ FB3833E63FF602B69C2FF085846DCF43, 468BC9580341AD4C65F0BBB3A11F3E39C1DD0F9694D098AB3647A181C03E4E11 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
10:27:26.0693 0x0efc  BTATH_HCRP - ok
10:27:26.0724 0x0efc  [ 371A11C1333BA526263A987A93ACDE3D, 80E15B815F2B6F4AFBDDB115C4F54126F5D2796F6ACB387DEA9C4A1C061EB7EB ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
10:27:26.0724 0x0efc  BTATH_LWFLT - ok
10:27:26.0771 0x0efc  [ ABCD3C16CA850A7594CEB9AD5D966810, DB0EAF000BB6F12F2AA550B66F5C61E08F2C6E58A18DA40BE69DD2B662D1EC60 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
10:27:26.0771 0x0efc  BTATH_RCP - ok
10:27:26.0802 0x0efc  [ 13BDB661991ACF40ADCB09BD64A8CBEF, E0DA4A5F11F5175EF30019673F2B3675CA825466025D8494AE35E721D2E307CE ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
10:27:26.0818 0x0efc  BtFilter - ok
10:27:26.0865 0x0efc  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
10:27:26.0865 0x0efc  BthEnum - ok
10:27:26.0880 0x0efc  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:27:26.0880 0x0efc  BTHMODEM - ok
10:27:26.0927 0x0efc  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
10:27:26.0927 0x0efc  BthPan - ok
10:27:26.0958 0x0efc  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
10:27:26.0958 0x0efc  BTHPORT - ok
10:27:26.0990 0x0efc  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
10:27:26.0990 0x0efc  bthserv - ok
10:27:27.0021 0x0efc  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
10:27:27.0021 0x0efc  BTHUSB - ok
10:27:27.0036 0x0efc  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:27:27.0036 0x0efc  cdfs - ok
10:27:27.0068 0x0efc  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:27:27.0083 0x0efc  cdrom - ok
10:27:27.0130 0x0efc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:27:27.0146 0x0efc  CertPropSvc - ok
10:27:27.0177 0x0efc  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
10:27:27.0177 0x0efc  circlass - ok
10:27:27.0208 0x0efc  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
10:27:27.0208 0x0efc  CLFS - ok
10:27:27.0286 0x0efc  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:27:27.0286 0x0efc  clr_optimization_v2.0.50727_32 - ok
10:27:27.0302 0x0efc  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:27:27.0302 0x0efc  clr_optimization_v2.0.50727_64 - ok
10:27:27.0380 0x0efc  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:27:27.0395 0x0efc  clr_optimization_v4.0.30319_32 - ok
10:27:27.0426 0x0efc  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:27:27.0426 0x0efc  clr_optimization_v4.0.30319_64 - ok
10:27:27.0442 0x0efc  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:27:27.0442 0x0efc  CmBatt - ok
10:27:27.0458 0x0efc  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:27:27.0458 0x0efc  cmdide - ok
10:27:27.0520 0x0efc  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
10:27:27.0520 0x0efc  CNG - ok
10:27:27.0551 0x0efc  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:27:27.0551 0x0efc  Compbatt - ok
10:27:27.0582 0x0efc  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:27:27.0582 0x0efc  CompositeBus - ok
10:27:27.0582 0x0efc  COMSysApp - ok
10:27:27.0676 0x0efc  [ CEEF9EF16A91596F849421295ABBE86F, 1E93283BFCCE12F9E7C4E1881B4CCB4E2946C55F47DC95431A99C276A772872F ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
10:27:27.0676 0x0efc  cphs - ok
10:27:27.0707 0x0efc  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:27:27.0707 0x0efc  crcdisk - ok
10:27:27.0754 0x0efc  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:27:27.0770 0x0efc  CryptSvc - ok
10:27:27.0894 0x0efc  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:27:27.0910 0x0efc  cvhsvc - ok
10:27:27.0941 0x0efc  [ E6CE7188CC47AE5DAFDAF552D370C52F, D68E48F137BF8C6CD0BE4248F9F9D7C68F273C34304641756A76364E915BF428 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
10:27:27.0957 0x0efc  dc3d - ok
10:27:28.0019 0x0efc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:27:28.0019 0x0efc  DcomLaunch - ok
10:27:28.0050 0x0efc  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
10:27:28.0050 0x0efc  defragsvc - ok
10:27:28.0082 0x0efc  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:27:28.0082 0x0efc  DfsC - ok
10:27:28.0128 0x0efc  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:27:28.0128 0x0efc  Dhcp - ok
10:27:28.0160 0x0efc  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
10:27:28.0160 0x0efc  discache - ok
10:27:28.0191 0x0efc  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
10:27:28.0191 0x0efc  Disk - ok
10:27:28.0238 0x0efc  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:27:28.0238 0x0efc  Dnscache - ok
10:27:28.0253 0x0efc  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:27:28.0269 0x0efc  dot3svc - ok
10:27:28.0300 0x0efc  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
10:27:28.0300 0x0efc  DPS - ok
10:27:28.0347 0x0efc  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:27:28.0347 0x0efc  drmkaud - ok
10:27:28.0409 0x0efc  [ C02FF01B821FBB72104132E56EC5B881, 161AC96EE71C9B1F59ACE07EDC7550E1203C8DEFF6B333D298D564FAF536CF96 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
10:27:28.0409 0x0efc  DsiWMIService - ok
10:27:28.0472 0x0efc  [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:27:28.0487 0x0efc  dtsoftbus01 - ok
10:27:28.0565 0x0efc  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:27:28.0581 0x0efc  DXGKrnl - ok
10:27:28.0628 0x0efc  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
10:27:28.0628 0x0efc  EapHost - ok
10:27:28.0768 0x0efc  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
10:27:28.0815 0x0efc  ebdrv - ok
10:27:28.0846 0x0efc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
10:27:28.0846 0x0efc  EFS - ok
10:27:28.0924 0x0efc  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:27:28.0924 0x0efc  ehRecvr - ok
10:27:28.0940 0x0efc  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
10:27:28.0940 0x0efc  ehSched - ok
10:27:29.0002 0x0efc  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:27:29.0018 0x0efc  elxstor - ok
10:27:29.0111 0x0efc  [ 76B978AD795A7E71C48390B000F6023F, 0A398C0FD9F72A0865343E2153F1F4CFA9EE375DC77E87FBDE38A1A8CA3061EB ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
10:27:29.0111 0x0efc  ePowerSvc - ok
10:27:29.0142 0x0efc  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:27:29.0142 0x0efc  ErrDev - ok
10:27:29.0189 0x0efc  [ 9FD76E7BA1D2A534B7BCF5BD5755E24B, ECC5E023CC778EDC0A9D9A6807D0457D583611B3968DEEEC4C2A34EE12391DE4 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
10:27:29.0189 0x0efc  ETD - ok
10:27:29.0252 0x0efc  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
10:27:29.0252 0x0efc  EventSystem - ok
10:27:29.0283 0x0efc  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:27:29.0283 0x0efc  exfat - ok
10:27:29.0298 0x0efc  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:27:29.0314 0x0efc  fastfat - ok
10:27:29.0361 0x0efc  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
10:27:29.0376 0x0efc  Fax - ok
10:27:29.0408 0x0efc  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
10:27:29.0408 0x0efc  fdc - ok
10:27:29.0454 0x0efc  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
10:27:29.0454 0x0efc  fdPHost - ok
10:27:29.0470 0x0efc  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:27:29.0470 0x0efc  FDResPub - ok
10:27:29.0486 0x0efc  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:27:29.0486 0x0efc  FileInfo - ok
10:27:29.0486 0x0efc  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:27:29.0486 0x0efc  Filetrace - ok
10:27:29.0532 0x0efc  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:27:29.0548 0x0efc  FLEXnet Licensing Service - ok
10:27:29.0579 0x0efc  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:27:29.0579 0x0efc  flpydisk - ok
10:27:29.0595 0x0efc  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:27:29.0610 0x0efc  FltMgr - ok
10:27:29.0657 0x0efc  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
10:27:29.0673 0x0efc  FontCache - ok
10:27:29.0720 0x0efc  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:27:29.0720 0x0efc  FontCache3.0.0.0 - ok
10:27:29.0735 0x0efc  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:27:29.0751 0x0efc  FsDepends - ok
10:27:29.0782 0x0efc  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:27:29.0782 0x0efc  Fs_Rec - ok
10:27:29.0829 0x0efc  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:27:29.0829 0x0efc  fvevol - ok
10:27:29.0876 0x0efc  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:27:29.0876 0x0efc  gagp30kx - ok
10:27:29.0938 0x0efc  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:27:29.0954 0x0efc  gpsvc - ok
10:27:30.0000 0x0efc  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:27:30.0000 0x0efc  hcw85cir - ok
10:27:30.0032 0x0efc  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:27:30.0047 0x0efc  HdAudAddService - ok
10:27:30.0063 0x0efc  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:27:30.0063 0x0efc  HDAudBus - ok
10:27:30.0078 0x0efc  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
10:27:30.0078 0x0efc  HidBatt - ok
10:27:30.0110 0x0efc  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:27:30.0110 0x0efc  HidBth - ok
10:27:30.0125 0x0efc  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:27:30.0125 0x0efc  HidIr - ok
10:27:30.0156 0x0efc  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
10:27:30.0156 0x0efc  hidserv - ok
10:27:30.0203 0x0efc  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:27:30.0203 0x0efc  HidUsb - ok
10:27:30.0297 0x0efc  [ C193FE8507607B2917A6F9B554132559, 962B065219D305B2DE1B4816D234438FBF8F6A79D45389683A21657733C14D5B ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
10:27:30.0297 0x0efc  HiPatchService - ok
10:27:30.0312 0x0efc  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:27:30.0328 0x0efc  hkmsvc - ok
10:27:30.0359 0x0efc  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:27:30.0359 0x0efc  HomeGroupListener - ok
10:27:30.0390 0x0efc  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:27:30.0390 0x0efc  HomeGroupProvider - ok
10:27:30.0437 0x0efc  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:27:30.0437 0x0efc  HpSAMD - ok
10:27:30.0546 0x0efc  HPSLPSVC - ok
10:27:30.0593 0x0efc  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:27:30.0593 0x0efc  HTTP - ok
10:27:30.0624 0x0efc  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:27:30.0624 0x0efc  hwpolicy - ok
10:27:30.0640 0x0efc  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:27:30.0640 0x0efc  i8042prt - ok
10:27:30.0687 0x0efc  [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor          C:\Windows\system32\drivers\iaStor.sys
10:27:30.0702 0x0efc  iaStor - ok
10:27:30.0765 0x0efc  [ 545462D0DBE24AF379BA869B7C185CCD, 056F9D0D5FD4FEF37665A35A4029722FF60D02A69854E952DC361CC0E5CD26F9 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:27:30.0765 0x0efc  IAStorDataMgrSvc - ok
10:27:30.0827 0x0efc  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:27:30.0843 0x0efc  iaStorV - ok
10:27:30.0905 0x0efc  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:27:30.0921 0x0efc  idsvc - ok
10:27:30.0952 0x0efc  IEEtwCollectorService - ok
10:27:31.0482 0x0efc  [ 276EE9CDAB16C50E1DF0E4CEFA882F5F, 320D677A9576F27D5BA8C6EA9191C8A5ED9EF9947A48F5B98B09AA3CE9C02682 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
10:27:31.0716 0x0efc  igfx - ok
10:27:31.0810 0x0efc  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:27:31.0810 0x0efc  iirsp - ok
10:27:31.0857 0x0efc  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
10:27:31.0872 0x0efc  IKEEXT - ok
10:27:32.0044 0x0efc  [ D830262519DDCDFC8BE34EB7047C22DC, A3D41BD7EDBAD0B64245824E920804FB98468E32A649A7983AB3C13C89144D23 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:27:32.0122 0x0efc  IntcAzAudAddService - ok
10:27:32.0169 0x0efc  [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
10:27:32.0169 0x0efc  IntcDAud - ok
10:27:32.0231 0x0efc  [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
10:27:32.0231 0x0efc  Intel(R) Capability Licensing Service Interface - ok
10:27:32.0247 0x0efc  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:27:32.0262 0x0efc  intelide - ok
10:27:32.0278 0x0efc  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:27:32.0278 0x0efc  intelppm - ok
10:27:32.0325 0x0efc  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:27:32.0325 0x0efc  IPBusEnum - ok
10:27:32.0340 0x0efc  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:27:32.0340 0x0efc  IpFilterDriver - ok
10:27:32.0387 0x0efc  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:27:32.0387 0x0efc  iphlpsvc - ok
10:27:32.0418 0x0efc  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:27:32.0418 0x0efc  IPMIDRV - ok
10:27:32.0450 0x0efc  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:27:32.0450 0x0efc  IPNAT - ok
10:27:32.0465 0x0efc  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:27:32.0465 0x0efc  IRENUM - ok
10:27:32.0496 0x0efc  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:27:32.0496 0x0efc  isapnp - ok
10:27:32.0528 0x0efc  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:27:32.0543 0x0efc  iScsiPrt - ok
10:27:32.0559 0x0efc  [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
10:27:32.0559 0x0efc  iusb3hcs - ok
10:27:32.0590 0x0efc  [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
10:27:32.0606 0x0efc  iusb3hub - ok
10:27:32.0637 0x0efc  [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
10:27:32.0652 0x0efc  iusb3xhc - ok
10:27:32.0715 0x0efc  [ DBD76BC1D498FE368F2C8CB76C3E00A4, CDFB082B57807CE89509A16D1C8A5BAEEC026EDD7068F5E359AA50557D2525DC ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
10:27:32.0715 0x0efc  jhi_service - ok
10:27:32.0730 0x0efc  k57nd60a - ok
10:27:32.0762 0x0efc  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:27:32.0762 0x0efc  kbdclass - ok
10:27:32.0793 0x0efc  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:27:32.0793 0x0efc  kbdhid - ok
10:27:32.0808 0x0efc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
10:27:32.0808 0x0efc  KeyIso - ok
10:27:32.0840 0x0efc  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:27:32.0840 0x0efc  KSecDD - ok
10:27:32.0871 0x0efc  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:27:32.0871 0x0efc  KSecPkg - ok
10:27:32.0902 0x0efc  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:27:32.0902 0x0efc  ksthunk - ok
10:27:32.0933 0x0efc  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:27:32.0949 0x0efc  KtmRm - ok
10:27:33.0011 0x0efc  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:27:33.0011 0x0efc  LanmanServer - ok
10:27:33.0042 0x0efc  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:27:33.0058 0x0efc  LanmanWorkstation - ok
10:27:33.0105 0x0efc  [ 6BB516A31DE232DAB436FF3A117E1E80, 1B91633C9D2FDD27B1712557E95D5642973105F0161D57E074A0601B666F1221 ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
10:27:33.0105 0x0efc  Live Updater Service - ok
10:27:33.0136 0x0efc  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:27:33.0136 0x0efc  lltdio - ok
10:27:33.0183 0x0efc  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:27:33.0183 0x0efc  lltdsvc - ok
10:27:33.0214 0x0efc  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:27:33.0214 0x0efc  lmhosts - ok
10:27:33.0245 0x0efc  [ 86E4CC39C953D11EF57CF54C4DC78238, 076973CA22E8BA94877241EC39D97612C32F3E744E026FA0E518C4DDE8277A55 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:27:33.0261 0x0efc  LMS - ok
10:27:33.0308 0x0efc  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:27:33.0308 0x0efc  LSI_FC - ok
10:27:33.0323 0x0efc  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:27:33.0323 0x0efc  LSI_SAS - ok
10:27:33.0339 0x0efc  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:27:33.0339 0x0efc  LSI_SAS2 - ok
10:27:33.0370 0x0efc  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:27:33.0370 0x0efc  LSI_SCSI - ok
10:27:33.0386 0x0efc  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:27:33.0401 0x0efc  luafv - ok
10:27:33.0432 0x0efc  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:27:33.0432 0x0efc  Mcx2Svc - ok
10:27:33.0479 0x0efc  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:27:33.0479 0x0efc  megasas - ok
10:27:33.0510 0x0efc  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:27:33.0510 0x0efc  MegaSR - ok
10:27:33.0542 0x0efc  [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
10:27:33.0557 0x0efc  MEIx64 - ok
10:27:33.0620 0x0efc  Microsoft SharePoint Workspace Audit Service - ok
10:27:33.0651 0x0efc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
10:27:33.0651 0x0efc  MMCSS - ok
10:27:33.0666 0x0efc  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
10:27:33.0666 0x0efc  Modem - ok
10:27:33.0698 0x0efc  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:27:33.0698 0x0efc  monitor - ok
10:27:33.0729 0x0efc  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:27:33.0729 0x0efc  mouclass - ok
10:27:33.0744 0x0efc  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:27:33.0744 0x0efc  mouhid - ok
10:27:33.0791 0x0efc  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:27:33.0791 0x0efc  mountmgr - ok
10:27:33.0838 0x0efc  [ FD5E45969B82B83E33CB05B5C9B0E3F2, A6C21F7A0A97683DA50FC102131618CC1BE5CA0C3625D2FDAF5861B9B6523E45 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:27:33.0854 0x0efc  MozillaMaintenance - ok
10:27:33.0869 0x0efc  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:27:33.0885 0x0efc  mpio - ok
10:27:33.0900 0x0efc  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:27:33.0916 0x0efc  mpsdrv - ok
10:27:33.0963 0x0efc  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:27:33.0978 0x0efc  MpsSvc - ok
10:27:34.0010 0x0efc  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:27:34.0010 0x0efc  MRxDAV - ok
10:27:34.0041 0x0efc  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:27:34.0041 0x0efc  mrxsmb - ok
10:27:34.0088 0x0efc  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:27:34.0088 0x0efc  mrxsmb10 - ok
10:27:34.0103 0x0efc  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:27:34.0103 0x0efc  mrxsmb20 - ok
10:27:34.0134 0x0efc  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:27:34.0134 0x0efc  msahci - ok
10:27:34.0150 0x0efc  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:27:34.0150 0x0efc  msdsm - ok
10:27:34.0166 0x0efc  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
10:27:34.0181 0x0efc  MSDTC - ok
10:27:34.0212 0x0efc  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:27:34.0212 0x0efc  Msfs - ok
10:27:34.0244 0x0efc  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:27:34.0244 0x0efc  mshidkmdf - ok
10:27:34.0259 0x0efc  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:27:34.0259 0x0efc  msisadrv - ok
10:27:34.0290 0x0efc  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:27:34.0290 0x0efc  MSiSCSI - ok
10:27:34.0290 0x0efc  msiserver - ok
10:27:34.0322 0x0efc  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:27:34.0322 0x0efc  MSKSSRV - ok
10:27:34.0353 0x0efc  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:27:34.0353 0x0efc  MSPCLOCK - ok
10:27:34.0353 0x0efc  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:27:34.0353 0x0efc  MSPQM - ok
10:27:34.0384 0x0efc  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:27:34.0384 0x0efc  MsRPC - ok
10:27:34.0400 0x0efc  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:27:34.0415 0x0efc  mssmbios - ok
10:27:34.0431 0x0efc  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:27:34.0431 0x0efc  MSTEE - ok
10:27:34.0446 0x0efc  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:27:34.0446 0x0efc  MTConfig - ok
10:27:34.0462 0x0efc  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
10:27:34.0462 0x0efc  Mup - ok
10:27:34.0493 0x0efc  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
10:27:34.0509 0x0efc  napagent - ok
10:27:34.0556 0x0efc  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:27:34.0556 0x0efc  NativeWifiP - ok
10:27:34.0618 0x0efc  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:27:34.0634 0x0efc  NDIS - ok
10:27:34.0680 0x0efc  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:27:34.0680 0x0efc  NdisCap - ok
10:27:34.0696 0x0efc  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:27:34.0696 0x0efc  NdisTapi - ok
10:27:34.0712 0x0efc  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:27:34.0712 0x0efc  Ndisuio - ok
10:27:34.0743 0x0efc  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:27:34.0743 0x0efc  NdisWan - ok
10:27:34.0758 0x0efc  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:27:34.0758 0x0efc  NDProxy - ok
10:27:34.0774 0x0efc  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:27:34.0774 0x0efc  NetBIOS - ok
10:27:34.0805 0x0efc  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:27:34.0805 0x0efc  NetBT - ok
10:27:34.0836 0x0efc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
10:27:34.0836 0x0efc  Netlogon - ok
10:27:34.0852 0x0efc  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
10:27:34.0868 0x0efc  Netman - ok
10:27:34.0946 0x0efc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:27:34.0946 0x0efc  NetMsmqActivator - ok
10:27:34.0946 0x0efc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:27:34.0961 0x0efc  NetPipeActivator - ok
10:27:34.0992 0x0efc  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
10:27:35.0008 0x0efc  netprofm - ok
10:27:35.0024 0x0efc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:27:35.0024 0x0efc  NetTcpActivator - ok
10:27:35.0039 0x0efc  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:27:35.0039 0x0efc  NetTcpPortSharing - ok
10:27:35.0070 0x0efc  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:27:35.0070 0x0efc  nfrd960 - ok
10:27:35.0102 0x0efc  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:27:35.0102 0x0efc  NlaSvc - ok
10:27:35.0117 0x0efc  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:27:35.0117 0x0efc  Npfs - ok
10:27:35.0148 0x0efc  npggsvc - ok
10:27:35.0180 0x0efc  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
10:27:35.0180 0x0efc  nsi - ok
10:27:35.0195 0x0efc  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:27:35.0195 0x0efc  nsiproxy - ok
10:27:35.0273 0x0efc  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:27:35.0289 0x0efc  Ntfs - ok
10:27:35.0351 0x0efc  [ D27A4546417ED7C4AEA7B3420D4F1F50, 8D52FF7D2C6E338E2E8B414F0FE9ED296A901CB38BCFF8814B1ECE52D8D1599D ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
10:27:35.0351 0x0efc  NTI IScheduleSvc - ok
10:27:35.0398 0x0efc  [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
10:27:35.0398 0x0efc  NTIDrvr - ok
10:27:35.0414 0x0efc  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
10:27:35.0414 0x0efc  Null - ok
10:27:35.0445 0x0efc  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:27:35.0445 0x0efc  nvraid - ok
10:27:35.0460 0x0efc  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:27:35.0460 0x0efc  nvstor - ok
10:27:35.0492 0x0efc  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:27:35.0507 0x0efc  nv_agp - ok
10:27:35.0523 0x0efc  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:27:35.0523 0x0efc  ohci1394 - ok
10:27:35.0585 0x0efc  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:27:35.0585 0x0efc  ose - ok
10:27:35.0788 0x0efc  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:27:35.0866 0x0efc  osppsvc - ok
10:27:35.0928 0x0efc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:27:35.0928 0x0efc  p2pimsvc - ok
10:27:35.0960 0x0efc  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
10:27:35.0960 0x0efc  p2psvc - ok
10:27:35.0991 0x0efc  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
10:27:35.0991 0x0efc  Parport - ok
10:27:36.0006 0x0efc  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:27:36.0022 0x0efc  partmgr - ok
10:27:36.0053 0x0efc  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:27:36.0053 0x0efc  PcaSvc - ok
10:27:36.0069 0x0efc  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
10:27:36.0069 0x0efc  pci - ok
10:27:36.0100 0x0efc  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:27:36.0100 0x0efc  pciide - ok
10:27:36.0131 0x0efc  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:27:36.0131 0x0efc  pcmcia - ok
10:27:36.0147 0x0efc  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:27:36.0147 0x0efc  pcw - ok
10:27:36.0178 0x0efc  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:27:36.0178 0x0efc  PEAUTH - ok
10:27:36.0256 0x0efc  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:27:36.0256 0x0efc  PerfHost - ok
10:27:36.0334 0x0efc  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
10:27:36.0350 0x0efc  pla - ok
10:27:36.0396 0x0efc  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:27:36.0396 0x0efc  PlugPlay - ok
10:27:36.0412 0x0efc  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:27:36.0412 0x0efc  PNRPAutoReg - ok
10:27:36.0428 0x0efc  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:27:36.0443 0x0efc  PNRPsvc - ok
10:27:36.0490 0x0efc  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:27:36.0490 0x0efc  PolicyAgent - ok
10:27:36.0521 0x0efc  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
10:27:36.0521 0x0efc  Power - ok
10:27:36.0568 0x0efc  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:27:36.0568 0x0efc  PptpMiniport - ok
10:27:36.0599 0x0efc  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
10:27:36.0599 0x0efc  Processor - ok
10:27:36.0615 0x0efc  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:27:36.0630 0x0efc  ProfSvc - ok
10:27:36.0646 0x0efc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:27:36.0646 0x0efc  ProtectedStorage - ok
10:27:36.0662 0x0efc  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:27:36.0662 0x0efc  Psched - ok
10:27:36.0724 0x0efc  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:27:36.0755 0x0efc  ql2300 - ok
10:27:36.0755 0x0efc  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:27:36.0755 0x0efc  ql40xx - ok
10:27:36.0786 0x0efc  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
10:27:36.0786 0x0efc  QWAVE - ok
10:27:36.0802 0x0efc  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:27:36.0802 0x0efc  QWAVEdrv - ok
10:27:36.0818 0x0efc  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:27:36.0818 0x0efc  RasAcd - ok
10:27:36.0849 0x0efc  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:27:36.0849 0x0efc  RasAgileVpn - ok
10:27:36.0864 0x0efc  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
10:27:36.0864 0x0efc  RasAuto - ok
10:27:36.0880 0x0efc  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:27:36.0880 0x0efc  Rasl2tp - ok
10:27:36.0911 0x0efc  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
10:27:36.0927 0x0efc  RasMan - ok
10:27:36.0942 0x0efc  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:27:36.0942 0x0efc  RasPppoe - ok
10:27:36.0974 0x0efc  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:27:36.0974 0x0efc  RasSstp - ok
10:27:37.0005 0x0efc  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:27:37.0005 0x0efc  rdbss - ok
10:27:37.0036 0x0efc  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
10:27:37.0036 0x0efc  rdpbus - ok
10:27:37.0052 0x0efc  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:27:37.0052 0x0efc  RDPCDD - ok
10:27:37.0083 0x0efc  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:27:37.0083 0x0efc  RDPENCDD - ok
10:27:37.0098 0x0efc  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:27:37.0098 0x0efc  RDPREFMP - ok
10:27:37.0130 0x0efc  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:27:37.0130 0x0efc  RDPWD - ok
10:27:37.0192 0x0efc  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:27:37.0192 0x0efc  rdyboost - ok
10:27:37.0223 0x0efc  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:27:37.0223 0x0efc  RemoteAccess - ok
10:27:37.0270 0x0efc  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:27:37.0270 0x0efc  RemoteRegistry - ok
10:27:37.0301 0x0efc  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
10:27:37.0301 0x0efc  RFCOMM - ok
10:27:37.0317 0x0efc  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:27:37.0317 0x0efc  RpcEptMapper - ok
10:27:37.0348 0x0efc  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
10:27:37.0348 0x0efc  RpcLocator - ok
10:27:37.0395 0x0efc  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
10:27:37.0410 0x0efc  RpcSs - ok
10:27:37.0442 0x0efc  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:27:37.0457 0x0efc  rspndr - ok
10:27:37.0457 0x0efc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
10:27:37.0473 0x0efc  SamSs - ok
10:27:37.0488 0x0efc  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:27:37.0488 0x0efc  sbp2port - ok
10:27:37.0520 0x0efc  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:27:37.0520 0x0efc  SCardSvr - ok
10:27:37.0535 0x0efc  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:27:37.0535 0x0efc  scfilter - ok
10:27:37.0582 0x0efc  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
10:27:37.0598 0x0efc  Schedule - ok
10:27:37.0629 0x0efc  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:27:37.0629 0x0efc  SCPolicySvc - ok
10:27:37.0676 0x0efc  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
10:27:37.0676 0x0efc  sdbus - ok
10:27:37.0707 0x0efc  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:27:37.0707 0x0efc  SDRSVC - ok
10:27:37.0722 0x0efc  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:27:37.0722 0x0efc  secdrv - ok
10:27:37.0738 0x0efc  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
10:27:37.0738 0x0efc  seclogon - ok
10:27:37.0754 0x0efc  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
10:27:37.0769 0x0efc  SENS - ok
10:27:37.0785 0x0efc  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:27:37.0785 0x0efc  SensrSvc - ok
10:27:37.0816 0x0efc  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
10:27:37.0816 0x0efc  Serenum - ok
10:27:37.0847 0x0efc  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
10:27:37.0847 0x0efc  Serial - ok
10:27:37.0894 0x0efc  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:27:37.0894 0x0efc  sermouse - ok
10:27:37.0925 0x0efc  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
10:27:37.0925 0x0efc  SessionEnv - ok
10:27:37.0956 0x0efc  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
10:27:37.0956 0x0efc  sffdisk - ok
10:27:37.0956 0x0efc  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:27:37.0956 0x0efc  sffp_mmc - ok
10:27:37.0988 0x0efc  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
10:27:37.0988 0x0efc  sffp_sd - ok
10:27:38.0019 0x0efc  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:27:38.0019 0x0efc  sfloppy - ok
10:27:38.0097 0x0efc  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
10:27:38.0097 0x0efc  Sftfs - ok
10:27:38.0159 0x0efc  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:27:38.0175 0x0efc  sftlist - ok
10:27:38.0206 0x0efc  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:27:38.0206 0x0efc  Sftplay - ok
10:27:38.0237 0x0efc  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:27:38.0237 0x0efc  Sftredir - ok
10:27:38.0253 0x0efc  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
10:27:38.0253 0x0efc  Sftvol - ok
10:27:38.0268 0x0efc  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:27:38.0268 0x0efc  sftvsa - ok
10:27:38.0315 0x0efc  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:27:38.0315 0x0efc  SharedAccess - ok
10:27:38.0346 0x0efc  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:27:38.0346 0x0efc  ShellHWDetection - ok
10:27:38.0393 0x0efc  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:27:38.0393 0x0efc  SiSRaid2 - ok
10:27:38.0424 0x0efc  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:27:38.0424 0x0efc  SiSRaid4 - ok
10:27:38.0440 0x0efc  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:27:38.0440 0x0efc  Smb - ok
10:27:38.0487 0x0efc  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:27:38.0487 0x0efc  SNMPTRAP - ok
10:27:38.0518 0x0efc  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:27:38.0518 0x0efc  spldr - ok
10:27:38.0565 0x0efc  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
10:27:38.0580 0x0efc  Spooler - ok
10:27:38.0690 0x0efc  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
10:27:38.0752 0x0efc  sppsvc - ok
10:27:38.0768 0x0efc  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:27:38.0768 0x0efc  sppuinotify - ok
10:27:38.0799 0x0efc  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:27:38.0814 0x0efc  srv - ok
10:27:38.0846 0x0efc  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:27:38.0846 0x0efc  srv2 - ok
10:27:38.0861 0x0efc  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:27:38.0861 0x0efc  srvnet - ok
10:27:38.0908 0x0efc  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:27:38.0908 0x0efc  SSDPSRV - ok
10:27:38.0924 0x0efc  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:27:38.0924 0x0efc  SstpSvc - ok
10:27:38.0986 0x0efc  [ C3D855CC0A8E5E373FDFCF4F743C5C9D, 8DFDD2470DCCC63FCF1621B6B3A996285C75EE330BE8AC905B2176E5DE52C150 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
10:27:39.0002 0x0efc  Steam Client Service - ok
10:27:39.0017 0x0efc  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:27:39.0017 0x0efc  stexstor - ok
10:27:39.0080 0x0efc  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
10:27:39.0080 0x0efc  stisvc - ok
10:27:39.0111 0x0efc  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:27:39.0111 0x0efc  swenum - ok
10:27:39.0142 0x0efc  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
10:27:39.0158 0x0efc  swprv - ok
10:27:39.0236 0x0efc  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
10:27:39.0267 0x0efc  SysMain - ok
10:27:39.0282 0x0efc  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:27:39.0282 0x0efc  TabletInputService - ok
10:27:39.0314 0x0efc  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:27:39.0314 0x0efc  TapiSrv - ok
10:27:39.0345 0x0efc  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
10:27:39.0345 0x0efc  TBS - ok
10:27:39.0423 0x0efc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:27:39.0454 0x0efc  Tcpip - ok
10:27:39.0501 0x0efc  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:27:39.0532 0x0efc  TCPIP6 - ok
10:27:39.0563 0x0efc  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:27:39.0563 0x0efc  tcpipreg - ok
10:27:39.0594 0x0efc  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:27:39.0594 0x0efc  TDPIPE - ok
10:27:39.0610 0x0efc  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:27:39.0610 0x0efc  TDTCP - ok
10:27:39.0626 0x0efc  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:27:39.0641 0x0efc  tdx - ok
10:27:39.0657 0x0efc  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:27:39.0657 0x0efc  TermDD - ok
10:27:39.0688 0x0efc  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
10:27:39.0704 0x0efc  TermService - ok
10:27:39.0719 0x0efc  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
10:27:39.0719 0x0efc  Themes - ok
10:27:39.0750 0x0efc  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
10:27:39.0750 0x0efc  THREADORDER - ok
10:27:39.0782 0x0efc  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
10:27:39.0797 0x0efc  TrkWks - ok
10:27:39.0844 0x0efc  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:27:39.0844 0x0efc  TrustedInstaller - ok
10:27:39.0860 0x0efc  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:27:39.0860 0x0efc  tssecsrv - ok
10:27:39.0875 0x0efc  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:27:39.0875 0x0efc  TsUsbFlt - ok
10:27:39.0906 0x0efc  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
10:27:39.0906 0x0efc  TsUsbGD - ok
10:27:39.0953 0x0efc  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:27:39.0953 0x0efc  tunnel - ok
10:27:39.0984 0x0efc  [ 20155CF5FB9F7902178D7D5CDC7C0F90, 151043D6F1D7D3419FB4AA8D76229CFF99ECAA89297421C2137DE609E5A2B368 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
10:27:39.0984 0x0efc  TurboB - ok
10:27:40.0031 0x0efc  [ E00FC2B80837C29817A3A082717B8C48, 8028C16FB0579EADAAA092B5F197125C716AF1C64C43F9FADF725D3E1109F1BD ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
10:27:40.0031 0x0efc  TurboBoost - ok
10:27:40.0062 0x0efc  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:27:40.0062 0x0efc  uagp35 - ok
10:27:40.0078 0x0efc  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
10:27:40.0078 0x0efc  UBHelper - ok
10:27:40.0109 0x0efc  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:27:40.0109 0x0efc  udfs - ok
10:27:40.0140 0x0efc  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:27:40.0140 0x0efc  UI0Detect - ok
10:27:40.0172 0x0efc  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:27:40.0172 0x0efc  uliagpkx - ok
10:27:40.0218 0x0efc  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:27:40.0218 0x0efc  umbus - ok
10:27:40.0250 0x0efc  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
10:27:40.0250 0x0efc  UmPass - ok
10:27:40.0343 0x0efc  [ D80B1075B69B57A3AB78F750CE463ECE, E8435B723C3D9F5B28D5588365E7D6BED298565BCF61240C2B505B1033180DAA ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:27:40.0343 0x0efc  UNS - ok
10:27:40.0390 0x0efc  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
10:27:40.0390 0x0efc  upnphost - ok
10:27:40.0437 0x0efc  [ AF1B9474D67897D0C2CFF58E0ACEACCC, 5ED9836EC7BEEB6706C327EF199E9B674863ED8C83890DDE5E5A6554C2DA5288 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
10:27:40.0437 0x0efc  USBAAPL64 - ok
10:27:40.0468 0x0efc  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:27:40.0468 0x0efc  usbccgp - ok
10:27:40.0515 0x0efc  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:27:40.0515 0x0efc  usbcir - ok
10:27:40.0546 0x0efc  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
10:27:40.0546 0x0efc  usbehci - ok
10:27:40.0593 0x0efc  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:27:40.0593 0x0efc  usbhub - ok
10:27:40.0624 0x0efc  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:27:40.0624 0x0efc  usbohci - ok
10:27:40.0655 0x0efc  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:27:40.0655 0x0efc  usbprint - ok
10:27:40.0671 0x0efc  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:27:40.0671 0x0efc  USBSTOR - ok
10:27:40.0702 0x0efc  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:27:40.0702 0x0efc  usbuhci - ok
10:27:40.0764 0x0efc  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
10:27:40.0764 0x0efc  usbvideo - ok
10:27:40.0796 0x0efc  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
10:27:40.0796 0x0efc  UxSms - ok
10:27:40.0811 0x0efc  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
10:27:40.0811 0x0efc  VaultSvc - ok
10:27:40.0858 0x0efc  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:27:40.0858 0x0efc  vdrvroot - ok
10:27:40.0874 0x0efc  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
10:27:40.0889 0x0efc  vds - ok
10:27:40.0905 0x0efc  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:27:40.0905 0x0efc  vga - ok
10:27:40.0905 0x0efc  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:27:40.0905 0x0efc  VgaSave - ok
10:27:40.0936 0x0efc  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:27:40.0936 0x0efc  vhdmp - ok
10:27:40.0967 0x0efc  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:27:40.0967 0x0efc  viaide - ok
10:27:41.0014 0x0efc  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:27:41.0014 0x0efc  volmgr - ok
10:27:41.0045 0x0efc  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:27:41.0061 0x0efc  volmgrx - ok
10:27:41.0092 0x0efc  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:27:41.0108 0x0efc  volsnap - ok
10:27:41.0123 0x0efc  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:27:41.0139 0x0efc  vsmraid - ok
10:27:41.0217 0x0efc  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
10:27:41.0232 0x0efc  VSS - ok
10:27:41.0248 0x0efc  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:27:41.0248 0x0efc  vwifibus - ok
10:27:41.0248 0x0efc  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:27:41.0248 0x0efc  vwififlt - ok
10:27:41.0295 0x0efc  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
10:27:41.0295 0x0efc  W32Time - ok
10:27:41.0326 0x0efc  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:27:41.0326 0x0efc  WacomPen - ok
10:27:41.0357 0x0efc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:27:41.0357 0x0efc  WANARP - ok
10:27:41.0373 0x0efc  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:27:41.0373 0x0efc  Wanarpv6 - ok
10:27:41.0435 0x0efc  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:27:41.0466 0x0efc  WatAdminSvc - ok
10:27:41.0529 0x0efc  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
10:27:41.0544 0x0efc  wbengine - ok
10:27:41.0560 0x0efc  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:27:41.0576 0x0efc  WbioSrvc - ok
10:27:41.0591 0x0efc  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:27:41.0607 0x0efc  wcncsvc - ok
10:27:41.0622 0x0efc  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:27:41.0622 0x0efc  WcsPlugInService - ok
10:27:41.0654 0x0efc  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
10:27:41.0654 0x0efc  Wd - ok
10:27:41.0685 0x0efc  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
10:27:41.0685 0x0efc  WDC_SAM - ok
10:27:41.0732 0x0efc  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:27:41.0747 0x0efc  Wdf01000 - ok
10:27:41.0778 0x0efc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:27:41.0794 0x0efc  WdiServiceHost - ok
10:27:41.0794 0x0efc  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:27:41.0794 0x0efc  WdiSystemHost - ok
10:27:41.0841 0x0efc  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
10:27:41.0841 0x0efc  WebClient - ok
10:27:41.0856 0x0efc  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:27:41.0856 0x0efc  Wecsvc - ok
10:27:41.0872 0x0efc  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:27:41.0872 0x0efc  wercplsupport - ok
10:27:41.0919 0x0efc  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:27:41.0919 0x0efc  WerSvc - ok
10:27:41.0950 0x0efc  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:27:41.0950 0x0efc  WfpLwf - ok
10:27:41.0966 0x0efc  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:27:41.0966 0x0efc  WIMMount - ok
10:27:41.0997 0x0efc  WinDefend - ok
10:27:42.0012 0x0efc  WinHttpAutoProxySvc - ok
10:27:42.0059 0x0efc  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:27:42.0059 0x0efc  Winmgmt - ok
10:27:42.0153 0x0efc  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:27:42.0184 0x0efc  WinRM - ok
10:27:42.0231 0x0efc  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:27:42.0231 0x0efc  WinUsb - ok
10:27:42.0278 0x0efc  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:27:42.0293 0x0efc  Wlansvc - ok
10:27:42.0356 0x0efc  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:27:42.0356 0x0efc  wlcrasvc - ok
10:27:42.0496 0x0efc  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:27:42.0527 0x0efc  wlidsvc - ok
10:27:42.0574 0x0efc  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:27:42.0574 0x0efc  WmiAcpi - ok
10:27:42.0590 0x0efc  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:27:42.0605 0x0efc  wmiApSrv - ok
10:27:42.0636 0x0efc  WMPNetworkSvc - ok
10:27:42.0652 0x0efc  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:27:42.0652 0x0efc  WPCSvc - ok
10:27:42.0668 0x0efc  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:27:42.0668 0x0efc  WPDBusEnum - ok
10:27:42.0699 0x0efc  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:27:42.0699 0x0efc  ws2ifsl - ok
10:27:42.0714 0x0efc  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
10:27:42.0714 0x0efc  wscsvc - ok
10:27:42.0714 0x0efc  WSearch - ok
10:27:42.0808 0x0efc  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:27:42.0855 0x0efc  wuauserv - ok
10:27:42.0886 0x0efc  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:27:42.0886 0x0efc  WudfPf - ok
10:27:42.0917 0x0efc  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:27:42.0917 0x0efc  WUDFRd - ok
10:27:42.0964 0x0efc  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:27:42.0964 0x0efc  wudfsvc - ok
10:27:42.0980 0x0efc  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:27:42.0980 0x0efc  WwanSvc - ok
10:27:43.0058 0x0efc  [ 79BC44FF509C79D4E34DED3CD6EFD92B, E20385AC49BB1BA882A1EEEB57EB4AC2B1EFD507C0254DE6DE5AD5161A8B0E7C ] ZAtheros Wlan Agent C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
10:27:43.0058 0x0efc  ZAtheros Wlan Agent - ok
10:27:43.0089 0x0efc  ================ Scan global ===============================
10:27:43.0104 0x0efc  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
10:27:43.0136 0x0efc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
10:27:43.0151 0x0efc  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
10:27:43.0182 0x0efc  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:27:43.0214 0x0efc  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
10:27:43.0214 0x0efc  [ Global ] - ok
10:27:43.0214 0x0efc  ================ Scan MBR ==================================
10:27:43.0229 0x0efc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:27:43.0541 0x0efc  \Device\Harddisk0\DR0 - ok
10:27:43.0541 0x0efc  ================ Scan VBR ==================================
10:27:43.0541 0x0efc  [ 9606C02858D6BA511559A983ECC7BF67 ] \Device\Harddisk0\DR0\Partition1
10:27:43.0588 0x0efc  \Device\Harddisk0\DR0\Partition1 - ok
10:27:43.0604 0x0efc  [ EF856F7172D75FD795BD04D68D5CB904 ] \Device\Harddisk0\DR0\Partition2
10:27:43.0619 0x0efc  \Device\Harddisk0\DR0\Partition2 - ok
10:27:43.0619 0x0efc  ================ Scan generic autorun ======================
10:27:43.0650 0x0efc  [ 406C9A72B1CE00E731310CCADB4C3150, 921041224A4BB4E78E863AED3705F3E75C42D2D7FB4DA458E278EB8F0A05BA8A ] C:\Windows\system32\igfxtray.exe
10:27:43.0666 0x0efc  IgfxTray - ok
10:27:43.0682 0x0efc  [ 2A5459EB1D04D25EC44B6FB1E1F262F2, 058B4CA9AA5228B01664AF42C49D2D78D2EAC12173D82E188B5AD5FF9361D9FA ] C:\Windows\system32\hkcmd.exe
10:27:43.0697 0x0efc  HotKeysCmds - ok
10:27:44.0087 0x0efc  [ 6522AA1BCFC503A2417B7358E31F4EB9, 7E0AC65A1A99877DAFC139C7F712C19A92FED4D1E80BD8DC6FD857EA2D40E1CA ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
10:27:44.0430 0x0efc  RtHDVCpl - ok
10:27:44.0508 0x0efc  [ 350AE710634AF327DDC90B897BBBA23A, E4F0C0D50894A9CA63311AC48EA22F7B9BCA35AE3AC71AD6259C0FAC6FA134B9 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
10:27:44.0524 0x0efc  RtHDVBg_Dolby - ok
10:27:44.0524 0x0efc  ETDCtrl - ok
10:27:44.0586 0x0efc  [ 3D9FBF1E033D9B81221A6EAB130FD54C, A87A8111E46828E8AE42335FE3BCAC11B17AC19FEF5EA76EABF2A34EDD5F40F5 ] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
10:27:44.0618 0x0efc  AtherosBtStack - ok
10:27:44.0649 0x0efc  [ 8D40209B42F7AD6EB6A203DD08C923A2, 914DD327F28F54F64185F1AA9D20E81308C750EC2823ED4ADAECB82DE8A04F01 ] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
10:27:44.0664 0x0efc  AthBtTray - ok
10:27:44.0664 0x0efc  IntelTBRunOnce - ok
10:27:44.0758 0x0efc  [ 9634F2078F66B901B171F7E75FFF3261, DF82CF522847F930A26A438096C32A34F448A89F28BA4C681F396F0C25B96E28 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
10:27:44.0789 0x0efc  Power Management - ok
10:27:44.0836 0x0efc  [ E815DF429EE04E2CE644C1B5F30B0B1E, 98C2B1DA65CBC30D43D526C2D43B7A0DB931B3C0CA60193468A8F99538CC8DAF ] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe
10:27:44.0836 0x0efc  InstantUpdate - ok
10:27:44.0898 0x0efc  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
10:27:44.0930 0x0efc  Adobe ARM - ok
10:27:44.0976 0x0efc  [ 4DDE3E01B5020B3D5DEEC7E3DC0F3185, C7315F3521EE461027A3DDE7CFC0EA4F8E705A98F9292284BB20620D7F34DDE9 ] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
10:27:44.0976 0x0efc  BackupManagerTray - ok
10:27:45.0054 0x0efc  [ FE668B0E3E87077A46FE77AFB0E27F9C, E9485A083D7CC0438668132154C8AD14267113F15EEB794B356BF3E6F998FD17 ] C:\Program Files (x86)\Launch Manager\LManager.exe
10:27:45.0086 0x0efc  LManager - ok
10:27:45.0148 0x0efc  [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
10:27:45.0148 0x0efc  USB3MON - ok
10:27:45.0148 0x0efc  APSDaemon - ok
10:27:45.0257 0x0efc  [ 06105D08927E3498B3D380CBF0688E78, 76CEBECFBEC01C75A94E0A3E04B5AEDB5ECA0C19EBCDC8F30009B09678510D73 ] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
10:27:45.0304 0x0efc  AVG_TRAY - ok
10:27:45.0382 0x0efc  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
10:27:45.0382 0x0efc  BCSSync - ok
10:27:45.0460 0x0efc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:27:45.0476 0x0efc  Sidebar - ok
10:27:45.0507 0x0efc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:27:45.0507 0x0efc  mctadmin - ok
10:27:45.0538 0x0efc  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:27:45.0554 0x0efc  Sidebar - ok
10:27:45.0569 0x0efc  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:27:45.0569 0x0efc  mctadmin - ok
10:27:45.0678 0x0efc  [ 776F1F9447FDA3F568EC6D1FB74DDD27, A53409B29ACDDB901D395EC4217F5BF366B3F8AFF2817B007AC7558505D18863 ] C:\Program Files (x86)\Steam\Steam.exe
10:27:45.0710 0x0efc  Steam - ok
10:27:45.0710 0x0efc  Uploader - ok
10:27:45.0866 0x0efc  [ AFE3883FB37A5567C913E7DFCF2924A5, 3CA38EE302E0FF343DB87AE90DA868DCE5B7B490C2AA32164AF8DD4773482265 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
10:27:45.0944 0x0efc  DAEMON Tools Lite - ok
10:27:45.0944 0x0efc  CMD - ok
10:27:45.0944 0x0efc  Waiting for KSN requests completion. In queue: 97
10:27:46.0958 0x0efc  Waiting for KSN requests completion. In queue: 97
10:27:47.0972 0x0efc  Waiting for KSN requests completion. In queue: 97
10:27:49.0048 0x0efc  AV detected via SS2: AVG Internet Security 2011, C:\Program Files (x86)\AVG\AVG10\avgwsc.exe ( 10.0.0.1295 ), 0x41000 ( enabled : updated )
10:27:49.0048 0x0efc  FW detected via SS2: AVG Firewall, C:\Program Files (x86)\AVG\AVG10\avgwsc.exe ( 10.0.0.1295 ), 0x71010 ( enabled )
10:27:51.0575 0x0efc  ============================================================
10:27:51.0575 0x0efc  Scan finished
10:27:51.0575 0x0efc  ============================================================
10:27:51.0575 0x0c0c  Detected object count: 0
10:27:51.0575 0x0c0c  Actual detected object count: 0
10:30:17.0794 0x12f0  Deinitialize success


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 24 September 2014 - 10:17 AM

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 antonioxo

antonioxo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 24 September 2014 - 02:59 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2014
Ran by nene's at 2014-09-24 15:22:36 Run:1
Running from C:\Windows\SysWOW64\config\systemprofile\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10043&barid={3F186BC6-DA0F-11E2-8CDB-F53284204286}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={3F186BC6-DA0F-11E2-8CDB-F53284204286}
SearchScopes: HKLM-x32 - DefaultScope {0FB60180-07E9-473B-ACF3-5D8CB7E7BE0D} URL = 
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10043&barid={3F186BC6-DA0F-11E2-8CDB-F53284204286}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.my-online-search.com/?q={searchTerms}&babsrc=SP_ofln&mntrId=EC9E08EDB94BDDF5&cat=buenosearch&dlb=1&affID=127101&tsp=5195
SearchScopes: HKCU - {0FB60180-07E9-473B-ACF3-5D8CB7E7BE0D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN65749740104773247&UM=2
HKU\S-1-5-21-2268075938-3801120968-3292501955-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION

C:\Program Files\Updater By SweetPacks
2014-09-20 03:35 - 2014-09-20 03:35 - 00000000 _____ () C:\Windows\SysWOW64\shoB2FC.tmp
2014-09-17 01:45 - 2014-09-17 01:45 - 00000000 _____ () C:\Windows\SysWOW64\sho1698.tmp
2014-09-12 02:09 - 2014-09-12 02:09 - 00000000 _____ () C:\Windows\SysWOW64\sho109C.tmp

EmptyTemp:
*****************

HKLM\Software\Mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}" => Key deleted successfully.
"HKCR\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}" => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
"HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0FB60180-07E9-473B-ACF3-5D8CB7E7BE0D}" => Key deleted successfully.
"HKCR\CLSID\{0FB60180-07E9-473B-ACF3-5D8CB7E7BE0D}" => Key not found.
HKU\S-1-5-21-2268075938-3801120968-3292501955-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
"C:\Program Files\Updater By SweetPacks" => File/Directory not found.
C:\Windows\SysWOW64\shoB2FC.tmp => Moved successfully.
C:\Windows\SysWOW64\sho1698.tmp => Moved successfully.
C:\Windows\SysWOW64\sho109C.tmp => Moved successfully.
EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/24/2014
Scan Time: 3:30:58 PM
Logfile: malware log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.24.10
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: nene's

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340318
Time Elapsed: 13 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 21
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [fd7db33e33488fa7915fd4bfd92908f8], 
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, , [fd7db33e33488fa7915fd4bfd92908f8], 
PUP.Optional.WordOV, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}, , [e5959b5676050c2af85d903825dd7e82], 
PUP.Optional.WordOV, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}, , [e5959b5676050c2af85d903825dd7e82], 
PUP.Optional.WordOV, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}, , [e5959b5676050c2af85d903825dd7e82], 
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{7736C7FA-512D-11E2-B871-DEC36088709B}, , [f981e80989f2c86e8838c6caf40eb34d], 
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7736C7FA-512D-11E2-B871-DEC36088709B}, , [f981e80989f2c86e8838c6caf40eb34d], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\Updater By SweetPacks, , [3e3c6d84b8c3082e945aed6cdd2747b9], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\Updater By SweetPacks, , [cdad16db037852e424ca54055fa510f0], 
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dknkjnkhedbanphkkpbpcgoblmkbfhlf, , [81f96a87fa81979f958c85921ce7d729], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, , [f38730c16d0e31058ccdda7b7292748c], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-9.5b, , [5426a24f35469a9c531d3001de25619f], 
PUP.Optional.FreeSoftToday.A, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\freesofttoday, , [df9be70a0f6c8ea83449caac5ca8a25e], 
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, , [502aa0513744989ea035710647bde51b], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [a7d35f92b7c43bfb4f63c99f897bdc24], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, , [f486ad445e1dee488f55ec6d94702fd1], 
PUP.Optional.ValueApps.A, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, , [205a31c0a4d7270fd4b016287291e21e], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dknkjnkhedbanphkkpbpcgoblmkbfhlf, , [6b0f5d945a210234091925f20ef5dc24], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [b5c5529fb2c9a492749d98a6778ce020], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [f78302efa0db1c1aa1cf4a0ad034837d], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, , [64161ed3cab14aec0553391c4eb6738d], 

Registry Values: 6
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}, , [98e2628f106b96a0c9029a2bb949a060], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}, C:\Program Files\Updater By SweetPacks\Firefox, , [98e2628f106b96a0c9029a2bb949a060]
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_us_14, , [5228c22f9be039fd27b8c46655ae39c7], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {3F186BC6-DA0F-11E2-8CDB-F53284204286}, , [f38730c16d0e31058ccdda7b7292748c]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0F, , [f78302efa0db1c1aa1cf4a0ad034837d]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {3F186BC6-DA0F-11E2-8CDB-F53284204286}, , [64161ed3cab14aec0553391c4eb6738d]

Registry Data: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-2268075938-3801120968-3292501955-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://search.yahoo.com/?type=282369&fr=spigot-yhp-ie, Good: (www.google.com), Bad: (https://search.yahoo.com/?type=282369&fr=spigot-yhp-ie),,[d4a6ac45e99259dd5f447f82c93c40c0]

Folders: 8
PUP.Optional.TidyNetwork.A, C:\Users\nene's\AppData\Local\TidyNetwork.com, , [5b1f3cb534471f174701904c8979e61a], 
PUP.Optional.CrossRider.A, C:\Users\nene's\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnkgiapbjhdboldbhkagdodklkphaip, , [5822eb06e695e74f0b59a040788a15eb], 
PUP.Optional.CrossRider.A, C:\Users\nene's\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnkgiapbjhdboldbhkagdodklkphaip\1.26.36_0, , [5822eb06e695e74f0b59a040788a15eb], 
PUP.Optional.FreeSoftToday.A, C:\Users\nene's\AppData\Local\freeSOFTtoday, , [69117b761a611323154bb83b61a17987], 
PUP.Optional.FreeSoftToday.A, C:\Users\nene's\AppData\Local\freeSOFTtoday\freeSOFTtoday, , [69117b761a611323154bb83b61a17987], 
PUP.Optional.FreeSoftToday.A, C:\Users\nene's\AppData\Local\freeSOFTtoday\freeSOFTtoday\1.0, , [69117b761a611323154bb83b61a17987], 
PUP.Optional.DefaultTab.A, C:\Users\nene's\AppData\Roaming\DefaultTab, , [4b2fea0712697bbba2677088d32fca36], 
PUP.Optional.DefaultTab.A, C:\Users\nene's\AppData\Roaming\DefaultTab\DefaultTab, , [4b2fea0712697bbba2677088d32fca36], 

Files: 5
PUP.Optional.DefaultTab, C:\Users\nene's\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll, , [7406b33e6813be7858e38a8c36cb12ee], 
PUP.Optional.Conduit.A, C:\Users\nene's\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx, , [5a20faf73d3e6fc7c060f1264bb86997], 
PUP.Optional.TidyNetwork.A, C:\Users\nene's\AppData\Local\TidyNetwork.com\TidyNetwork.exe, , [5b1f3cb534471f174701904c8979e61a], 
PUP.Optional.TidyNetwork.A, C:\Users\nene's\AppData\Local\TidyNetwork.com\tidynetwork.log, , [5b1f3cb534471f174701904c8979e61a], 
PUP.Optional.FreeSoftToday.A, C:\Users\nene's\AppData\Local\freeSOFTtoday\freeSOFTtoday\1.0\freeSOFTtoday.cyl, , [69117b761a611323154bb83b61a17987], 

Physical Sectors: 0
(No malicious items detected)


(end)


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 25 September 2014 - 06:20 AM

Scan with ESET Online Scan

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
  • Click the blue Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
  • Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 antonioxo

antonioxo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 25 September 2014 - 06:24 PM

C:\Games\Total War - Rome II\steam_api.dll	a variant of Win32/HackTool.Crack.BL potentially unsafe application
C:\Users\nene's\Downloads\Divinity.Original.Sin-RELOADED\rld-diorsi.iso	a variant of Win32/HackTool.Crack.BL potentially unsafe application

things seem to be going well cmd doesn't open up firefox or the page anymore my computer is running great so i think the worse is behind me



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 26 September 2014 - 06:06 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK Mirror (if the link is down)

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread (Note: Do NOT post this one into a code box!


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 antonioxo

antonioxo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 26 September 2014 - 02:48 PM

# Username : nene's - NENES-PC
# Running from : C:\Windows\SysWOW64\config\systemprofile\Desktop\adwcleaner_3.310(1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


*************************

AdwCleaner[R0].txt - [3105 octets] - [26/09/2014 14:24:31]
AdwCleaner[R1].txt - [827 octets] - [26/09/2014 15:36:12]
AdwCleaner[R2].txt - [690 octets] - [26/09/2014 15:47:25]
AdwCleaner[S0].txt - [3027 octets] - [26/09/2014 14:36:03]

########## EOF - \AdwCleaner\AdwCleaner[R2].txt - [809 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.2 (09.26.2014:2)
OS: Windows 7 Home Premium x64
Ran by SYSTEM on Fri 09/26/2014 at 15:40:29.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho3CF5.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho4FD5.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5EC7.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho640E.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho833A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC70D.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoC7FE.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoDE2A.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF2FA.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/26/2014 at 15:42:36.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#10 antonioxo

antonioxo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 26 September 2014 - 02:51 PM

for the last program it states "UNSUPPORTED OPERATING SYSTEM! ABORTED!"



#11 antonioxo

antonioxo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 26 September 2014 - 03:39 PM

# AdwCleaner v3.310 - Report created 26/09/2014 at 14:24:31
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : nene's - NENES-PC
# Running from : C:\Windows\SysWOW64\config\systemprofile\Desktop\adwcleaner_3.310.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\Trymedia

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\WNLT
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\WNLT
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289663
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\free_soft_to_day
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


*************************

AdwCleaner[R0].txt - [2939 octets] - [26/09/2014 14:24:31]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [2999 octets] ##########

sorry i pasted the wrong copy for the first program


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 29 September 2014 - 04:33 AM


SecurityCheck

Reboot your system before starting!

...

:rolleyes:
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 antonioxo

antonioxo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 30 September 2014 - 05:58 PM

Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
AVG Internet Security 2011   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.1.1    
 Java 7 Update 7  
 Java version out of Date!
 Adobe Flash Player 15.0.0.152  
 Adobe Reader 10.1.11 Adobe Reader out of Date!  
 Mozilla Firefox (32.0.3)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe
 AVG avgtray.exe
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:30 AM

Posted 04 October 2014 - 07:31 AM

Your system is clean now! :)

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.




Temp File Cleaner

We need to download Temp File Cleaner (TFC) by OldTimer:
  • Please download TFC.exe by Oldtimer at one of the two links: Link 1 Link 2
  • Save and close all running applications
  • Double-click on TFC.exe to run the program
  • Click on Start to begin the cleaning process note: this program may close running applications, make your screen disappear temporarily, or require a reboot of your PC - this is normal and part of the cleanup
  • When the scan is complete, if you were not asked to reboot the computer, please do so now
More Information can be found about the tool here: http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

 

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 antonioxo

antonioxo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 07 October 2014 - 05:47 PM

thanks for the help wouldn't have been able to do it without your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users