Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MRT.exe detected as Rogue.Agent/Gen-Nullo[EXE], and other suspicious symptoms


  • This topic is locked This topic is locked
60 replies to this topic

#1 Fromto

Fromto

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 01 October 2014 - 04:14 AM

Hello experts,

 

SuperAntiSpyware detected MRT.exe (located in C:\Windows\System32) as Rogue.Agent/Gen-Nullo[EXE] through their Real Time Protection. I've done several scans with Super AntiSpyware, MBAM, TDSSKiller, etc, in both normal and Safe Mode, but nothing came up. Also, whenever I delete MRT.exe, a new one will reappear the next day.

 

Other symptoms: 

 

1. When I start GMER (whether it's Safe Mode or normal mode), this error will appear: "C:\Windows\system32\config\system: The process cannot access the file because it is being used by another process". I am still able to perform a scan though, but the error message will still appear.

 

2. Even when there are no intensive programs running, for no reason and most of the time the laptop overheats and I can hear the laptop fan keeps spinning.

 

3. Sometimes (not all the time), whenever I want to upload a picture or right click on the desktop, it will take 5 to 10 seconds longer to load the pictures in the chooser window or for the right click menu to appear.

 

4. Not all images will load sometimes unless I refresh the page. This happens on all web browsers.

 

I suspect my computer has been infected with something more than just the fishy MRT.exe. I'm running on Windows 8 64 bit.

 

Thanks for your help in advance.

 

===================== DDS LOG ======================

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.67.2
Run by Redacted at 15:49:34 on 2014-10-01
Microsoft Windows 8  6.2.9200.0.1252.65.1033.18.7848.3395 [GMT 8:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Garena Plus\ggdllhost.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Users\Redacted\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
C:\Users\Redacted\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\CSISYN~1.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe
C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVAST Software\Avast\setup\instup.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [GarenaPlus] "C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe" -autolaunch
uRun: [SkyDrive] "C:\Users\Redacted\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Akamai NetSession Interface] "C:\Users\Redacted\AppData\Local\Akamai\netsession_win.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [BitTorrent] "C:\Users\Redacted\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED
uRun: [NetLimiter] "C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe" /minimized
uRunOnce: [Uninstall C:\Users\Redacted\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Redacted\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
uRunOnce: [Uninstall C:\Users\Redacted\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Redacted\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
StartupFolder: C:\Users\Redacted\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Redacted\AppData\Roaming\Dropbox\bin\Dropbox.exe
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{A1E99090-6FD7-4DEB-8B02-27BC2D656E97} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Redacted\AppData\Roaming\Mozilla\Firefox\Profiles\epkbiuan.Iggy\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\qa87dyig.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2013-12-28 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2013-12-28 224896]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-3-22 678384]
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-8-16 30496]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswsnx.sys [2013-12-28 1041168]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswsp.sys [2013-12-28 427360]
R1 ccSet_NARA;NARA Settings Manager;C:\Windows\System32\Drivers\NARAx64\0401000.00E\ccSetx64.sys [2013-8-16 168608]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-23 172344]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\Drivers\aswHwid.sys [2014-5-9 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-12-28 79184]
R2 aswStm;aswStm;C:\Windows\System32\Drivers\aswstm.sys [2014-3-11 92008]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe [2013-3-1 227968]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-8-3 50344]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2014-10-1 67584]
R2 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2013-2-20 2615368]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-14 731648]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-8-16 131544]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-8-16 169432]
R2 LMSvc;Launch Manager Service;C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [2013-4-26 431656]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-5 1809720]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-14 769432]
R2 nldrv;nldrv;C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [2014-9-16 111024]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-8-16 3943104]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\Drivers\btath_bus.sys [2013-8-16 34384]
R3 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2013-1-19 660040]
R3 LMDriver;Launch Manager Wireless Driver;C:\Windows\System32\Drivers\LMDriver.sys [2013-1-10 21360]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-12-23 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2014-7-5 122584]
R3 RadioShim;Shim for HID-KMDF Interface layer;C:\Windows\System32\Drivers\RadioShim.sys [2013-1-10 15704]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-8-16 794184]
R3 RTSPER;Realtek PCIE Card Reader - PER;C:\Windows\System32\Drivers\RtsPer.sys [2013-8-16 455240]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-4-8 31984]
R3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2014-8-11 152872]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-5 860472]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\Drivers\btath_flt.sys [2013-8-16 89168]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\Drivers\btath_a2dp.sys [2013-8-16 346192]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\Drivers\btath_avdt.sys [2013-8-16 115280]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\Drivers\btath_hcrp.sys [2013-8-16 179432]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\Drivers\btath_lwflt.sys [2013-8-16 77464]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\Drivers\btath_rcp.sys [2013-8-16 136424]
S3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2013-8-16 583760]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-5-21 442368]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-14 820184]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\Drivers\mwac.sys [2014-7-5 64216]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 QRDCIO;Quanta Generic IO Access;C:\Windows\System32\Drivers\QRDCIO.sys [2013-8-16 9728]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-10-01 05:48:41 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2014-09-27 15:01:37 262824 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10247.bin
2014-09-25 07:30:46 -------- d-----w- C:\Program Files (x86)\SpeedFan
2014-09-23 13:34:08 -------- d-----w- C:\Users\Redacted\AppData\Roaming\Tropico 3
2014-09-23 13:34:02 520544 ----a-w- C:\Windows\System32\d3dx10_41.dll
2014-09-23 13:34:02 453456 ----a-w- C:\Windows\SysWow64\d3dx10_41.dll
2014-09-23 13:34:02 2430312 ----a-w- C:\Windows\System32\D3DCompiler_41.dll
2014-09-23 13:34:02 1846632 ----a-w- C:\Windows\SysWow64\D3DCompiler_41.dll
2014-09-23 13:34:01 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll
2014-09-23 13:34:01 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2014-09-23 13:34:00 73544 ----a-w- C:\Windows\System32\XAPOFX1_3.dll
2014-09-23 13:34:00 69448 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2014-09-23 13:34:00 521560 ----a-w- C:\Windows\System32\XAudio2_4.dll
2014-09-23 13:34:00 517448 ----a-w- C:\Windows\SysWow64\XAudio2_4.dll
2014-09-23 13:28:19 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2014-09-23 13:27:58 411656 ----a-w- C:\Windows\System32\xactengine2_10.dll
2014-09-23 12:06:11 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-09-23 12:06:06 -------- d-----w- C:\Program Files (x86)\Steam
2014-09-23 09:38:04 -------- d-----w- C:\Program Files (x86)\WinDirStat
2014-09-23 08:59:49 -------- d-----w- C:\DD
2014-09-23 08:47:44 -------- d-----w- C:\FRST
2014-09-22 17:49:42 -------- d-----w- C:\Users\Redacted\AppData\Local\CrashDumps
2014-09-22 15:38:58 36456 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-09-22 15:38:53 -------- d-----w- C:\ProgramData\RogueKiller
2014-09-22 08:03:58 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-09-22 08:01:20 -------- d-----w- C:\AdwCleaner
2014-09-17 06:22:33 -------- d-----w- C:\Program Files\Locktime Software
2014-09-15 18:41:29 -------- d-----w- C:\Snort
2014-09-14 19:19:22 -------- d-----w- C:\Users\Redacted\AppData\Roaming\MPC-HC
2014-09-14 19:19:14 206336 ----a-w- C:\Windows\System32\unrar64.dll
2014-09-14 19:19:14 -------- d-----w- C:\Program Files\xy-VSFilter
2014-09-14 19:17:08 -------- d-----w- C:\Program Files\MPC-HC
2014-09-13 02:16:08 144896 ----a-w- C:\Windows\System32\tssdisai.dll
2014-09-13 02:16:07 148480 ----a-w- C:\Windows\System32\poqexec.exe
2014-09-12 08:45:58 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-09-12 07:25:09 536776 ----a-w- C:\Windows\SysWow64\msvcp120_clr0400.dll
2014-09-12 07:25:08 678600 ----a-w- C:\Windows\System32\msvcp120_clr0400.dll
2014-09-12 07:22:18 26218496 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-12 07:22:16 25479168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-12 07:22:12 755712 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-12 07:22:12 556544 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-12 07:22:03 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-09-12 07:22:02 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-09-12 07:21:43 4036096 ----a-w- C:\Windows\System32\win32k.sys
2014-09-10 06:54:08 -------- d-----w- C:\Users\Redacted\.gradle
2014-09-10 06:45:53 -------- d-----w- C:\Users\Redacted\AppData\Roaming\JetBrains
2014-09-10 05:57:52 -------- d-----w- C:\Users\Redacted\.AndroidStudioBeta
2014-09-09 17:35:05 -------- d-----w- C:\Users\Redacted\AppData\Local\Android
2014-09-09 14:43:27 -------- d-----w- C:\Users\Redacted\AppData\Roaming\BitTorrent
2014-09-09 07:41:29 -------- d-----w- C:\SUPERDelete
2014-09-09 07:37:49 -------- d-----w- C:\Users\Redacted\AppData\Roaming\SUPERAntiSpyware.com
2014-09-09 07:37:29 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-09-09 07:37:29 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-09-06 02:48:10 56496 ----a-w- C:\pxlorpob.sys
2014-09-05 06:34:34 -------- d-----w- C:\ProgramData\Sophos
2014-09-05 06:34:27 73728 ----a-r- C:\Users\Redacted\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-09-05 06:34:27 73728 ----a-r- C:\Users\Redacted\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-09-05 06:34:24 73728 ----a-r- C:\Users\Redacted\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-09-05 06:34:16 -------- d-----w- C:\Program Files (x86)\Sophos
2014-09-04 05:41:13 -------- d-----w- C:\Users\Redacted\AppData\Roaming\sqlitestudio
2014-09-01 19:39:01 -------- d-----w- C:\Users\Redacted\AppData\Roaming\Locktime
2014-09-01 19:38:46 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2014-09-01 19:38:43 -------- d-----w- C:\ProgramData\Locktime
2014-09-01 19:37:39 -------- d-----w- C:\Users\Redacted\AppData\Roaming\Locktime Software
2014-09-01 07:51:47 -------- d-----w- C:\DOSBox
.
==================== Find3M  ====================
.
2014-10-01 06:50:18 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-02 19:32:27 705480 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-02 19:32:27 104904 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-28 06:05:35 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-28 06:05:17 86528 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-28 06:05:17 128000 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-28 06:02:15 40448 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-28 06:01:45 253440 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2014-08-28 06:01:45 144384 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-28 06:01:45 100352 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-28 06:01:44 17920 ----a-w- C:\Windows\System32\wuaext.dll
2014-08-28 06:01:44 1623552 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-28 06:01:15 176640 ----a-w- C:\Windows\System32\storewuauth.dll
2014-08-16 09:34:19 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-08-16 09:32:57 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-16 09:32:05 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-16 07:37:20 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-16 07:36:19 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-16 07:35:44 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-02 16:42:23 92008 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-08-02 16:42:23 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-08-02 16:42:23 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-08-02 16:42:23 1041168 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2014-08-02 16:42:22 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-08-02 16:42:22 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-08-02 16:42:22 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-08-02 16:42:19 43152 ----a-w- C:\Windows\avastSS.scr
2014-08-01 02:34:03 729768 ----a-w- C:\Windows\System32\NotificationUI.exe
2014-07-31 23:40:32 1287680 ----a-w- C:\Windows\System32\schedsvc.dll
2014-07-25 04:55:09 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-15 23:03:48 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-15 22:51:05 71168 ----a-w- C:\Windows\System32\drivers\hdaudbus.sys
2014-07-12 02:36:04 1023488 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 15:55:47.42 ===============
 

 

 

Attached Files


Edited by Fromto, 01 October 2014 - 05:25 AM.


BC AdBot (Login to Remove)

 


#2 Fromto

Fromto
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 03 October 2014 - 10:38 PM

Also, I want to add to point 4 that sometimes web pages do not load completely as well, resulting in broken images/flash elements unless I refresh said elements or the page. (couldn't find the edit button after editing the main post once, so sorry for unintentionally bumping this).



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:51 PM

Posted 05 October 2014 - 01:29 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#4 Fromto

Fromto
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 06 October 2014 - 03:12 PM

Hi nasdaq

 

I did a AdwCleaner scan on my own back in September. I will post the logs of the previous scan and new scan. As for the Farbar scan I will post it later.

 

Previous Scan Log (AdwCleaner[S0])

 

# AdwCleaner v3.310 - Report created 22/09/2014 at 16:10:23
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Redacted - ACER
# Running from : C:\Users\Redacted\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Mozilla Firefox v32.0.2 (x86 en-US)
 
[ File : C:\Users\Redacted\AppData\Roaming\Mozilla\Firefox\Profiles\2r2lmh5u.default\prefs.js ]
 
 
[ File : C:\Users\Redacted\AppData\Roaming\Mozilla\Firefox\Profiles\epkbiuan.Iggy\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\Redacted\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1620 octets] - [22/09/2014 16:01:22]
AdwCleaner[R1].txt - [1680 octets] - [22/09/2014 16:07:12]
AdwCleaner[S0].txt - [1494 octets] - [22/09/2014 16:10:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1554 octets] ##########
 
New Scan Log (AdwCleaner[R2])
 
# AdwCleaner v3.311 - Report created 07/10/2014 at 04:01:28
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Redacted - ACER
# Running from : C:\Users\Redacted\Desktop\adwcleaner_3.311.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
[ File : C:\Users\Redacted\AppData\Roaming\Mozilla\Firefox\Profiles\2r2lmh5u.default\prefs.js ]
 
 
[ File : C:\Users\Redacted\AppData\Roaming\Mozilla\Firefox\Profiles\epkbiuan.Iggy\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Redacted\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1620 octets] - [22/09/2014 16:01:22]
AdwCleaner[R1].txt - [1680 octets] - [22/09/2014 16:07:12]
AdwCleaner[R2].txt - [1006 octets] - [07/10/2014 04:01:28]
AdwCleaner[S0].txt - [1638 octets] - [22/09/2014 16:10:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1126 octets] ##########
 

Edited by Fromto, 06 October 2014 - 03:13 PM.


#5 Fromto

Fromto
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 06 October 2014 - 03:15 PM

There's something weird too. It told me to uncheck anything which I do not want to clean for the new scan, but there are no detected items and the only items that appear are the profiles for my browsers.



#6 Fromto

Fromto
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 06 October 2014 - 11:52 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Redacted (administrator) on ACER on 07-10-2014 12:38:50
Running from C:\Users\Redacted\Desktop
Loaded Profiles: UpdatusUser & Redacted (Available profiles: UpdatusUser & Redacted)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Redacted\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-16] (Symantec Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-03] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-03-01] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-823994528-2752198070-2781395043-1002\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9957168 2014-08-28] ()
HKU\S-1-5-21-823994528-2752198070-2781395043-1002\...\Run: [SkyDrive] => C:\Users\Redacted\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-823994528-2752198070-2781395043-1002\...\Run: [Akamai NetSession Interface] => "C:\Users\Redacted\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-823994528-2752198070-2781395043-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7763736 2014-09-16] (SUPERAntiSpyware)
HKU\S-1-5-21-823994528-2752198070-2781395043-1002\...\Run: [BitTorrent] => C:\Users\Redacted\AppData\Roaming\BitTorrent\BitTorrent.exe [1947736 2014-09-09] (BitTorrent Inc.)
HKU\S-1-5-21-823994528-2752198070-2781395043-1002\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [38528 2014-09-16] (Locktime Software)
HKU\S-1-5-21-823994528-2752198070-2781395043-1002\...\RunOnce: [Uninstall C:\Users\Redacted\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Redacted\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-823994528-2752198070-2781395043-1002\...\RunOnce: [Uninstall C:\Users\Redacted\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Redacted\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-03-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-03-07] (NVIDIA Corporation)
Startup: C:\Users\Redacted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Redacted\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.sg
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
SearchScopes: HKLM - {775D6D26-7A07-49D2-9CCA-D61D1B194C88} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {775D6D26-7A07-49D2-9CCA-D61D1B194C88} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {775D6D26-7A07-49D2-9CCA-D61D1B194C88} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} -  No File
Handler-x32: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll (QlikTech AB)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Redacted\AppData\Roaming\Mozilla\Firefox\Profiles\epkbiuan.Iggy
FF Homepage: hxxp://www.google.com.sg/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: WOT - C:\Users\Redacted\AppData\Roaming\Mozilla\Firefox\Profiles\epkbiuan.Iggy\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-23]
FF Extension: Bitdefender QuickScan - C:\Users\Redacted\AppData\Roaming\Mozilla\Firefox\Profiles\epkbiuan.Iggy\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-18]
FF Extension: Firebug - C:\Users\Redacted\AppData\Roaming\Mozilla\Firefox\Profiles\epkbiuan.Iggy\Extensions\firebug@software.joehewitt.com.xpi [2013-12-23]
FF Extension: SQL Inject Me - C:\Users\Redacted\AppData\Roaming\Mozilla\Firefox\Profiles\epkbiuan.Iggy\Extensions\sqlime@security.compass.xpi [2013-12-23]
FF Extension: Session Manager - C:\Users\Redacted\AppData\Roaming\Mozilla\Firefox\Profiles\epkbiuan.Iggy\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2014-07-24]
FF Extension: ReloadEvery - C:\Users\Redacted\AppData\Roaming\Mozilla\Firefox\Profiles\epkbiuan.Iggy\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-12-23]
FF Extension: FireFTP - C:\Users\Redacted\AppData\Roaming\Mozilla\Firefox\Profiles\epkbiuan.Iggy\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013-12-23]
FF Extension: Adblock Plus - C:\Users\Redacted\AppData\Roaming\Mozilla\Firefox\Profiles\epkbiuan.Iggy\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-10]
FF Extension: DownThemAll! - C:\Users\Redacted\AppData\Roaming\Mozilla\Firefox\Profiles\epkbiuan.Iggy\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-12-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-12-28]
 
Chrome: 
=======
CHR Profile: C:\Users\Redacted\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Redacted\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-23]
CHR Extension: (Google Drive) - C:\Users\Redacted\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Redacted\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Redacted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-23]
CHR Extension: (Google Search) - C:\Users\Redacted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-23]
CHR Extension: (avast! Online Security) - C:\Users\Redacted\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-29]
CHR Extension: (Google Wallet) - C:\Users\Redacted\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-23]
CHR Extension: (Gmail) - C:\Users\Redacted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-03]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-03-01] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-03] (AVAST Software)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-20] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-19] (Acer Incorporated)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-14] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [328832 2014-09-16] (Locktime Software)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-16] (Symantec Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [152872 2014-08-11] (Sophos Limited)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-03] ()
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-03-01] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-07] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [111024 2014-09-16] (Locktime Software)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 MFE_RR; \??\C:\Users\Redacted\AppData\Local\Temp\mfe_rr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-07 12:38 - 2014-10-07 12:39 - 00024434 _____ () C:\Users\Redacted\Desktop\FRST.txt
2014-10-07 12:38 - 2014-10-07 12:38 - 02109952 _____ (Farbar) C:\Users\Redacted\Desktop\FRST64.exe
2014-10-07 12:38 - 2014-10-07 12:38 - 00000000 ____D () C:\Users\Redacted\Desktop\FRST-OlderVersion
2014-10-07 12:38 - 2014-09-23 16:51 - 00415232 _____ (Farbar) C:\Users\Redacted\Desktop\FSS.exe
2014-10-07 02:57 - 2014-10-07 02:57 - 00066698 _____ () C:\Users\Redacted\AppData\Local\recently-used.xbel
2014-10-06 21:30 - 2014-10-06 21:30 - 00000000 ____D () C:\Users\Redacted\Desktop\New folder
2014-10-06 21:11 - 2014-10-06 21:09 - 01375089 _____ () C:\Users\Redacted\Desktop\adwcleaner_3.311.exe
2014-10-06 21:08 - 2014-10-06 21:09 - 01375089 _____ () C:\Users\Redacted\Downloads\adwcleaner_3.311.exe
2014-10-03 19:37 - 2014-10-03 19:37 - 00162932 _____ () C:\Users\Redacted\Downloads\android-holo-colors-apptheme.zip
2014-10-02 13:42 - 2014-10-07 11:28 - 00003496 _____ () C:\Windows\System32\Tasks\gg_uac_daemon_Redacted
2014-10-01 19:45 - 2014-10-01 19:57 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-01 19:43 - 2014-10-01 19:57 - 00000000 ____D () C:\Users\Redacted\Desktop\mbar
2014-10-01 19:40 - 2014-10-01 19:42 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Redacted\Downloads\mbar-1.07.0.1012.exe
2014-10-01 16:43 - 2014-10-01 16:43 - 742447509 _____ () C:\Windows\MEMORY.DMP
2014-10-01 16:43 - 2014-10-01 16:43 - 00301800 _____ () C:\Windows\Minidump\100114-37187-01.dmp
2014-10-01 16:43 - 2014-10-01 16:43 - 00000000 ____D () C:\Windows\Minidump
2014-10-01 16:02 - 2014-10-01 16:02 - 00000000 ____D () C:\Users\Redacted\Desktop\dds files
2014-10-01 14:51 - 2014-10-01 14:56 - 99259192 _____ (Sophos Limited) C:\Users\Redacted\Downloads\Sophos Virus Removal Tool(1).exe
2014-10-01 14:31 - 2014-10-01 14:32 - 00000296 _____ () C:\Users\Redacted\Downloads\RootkitRemover_20141001_143128.log
2014-10-01 14:31 - 2014-10-01 14:31 - 00783120 _____ (McAfee, Inc.) C:\Users\Redacted\Downloads\rootkitremover.exe
2014-10-01 13:48 - 2014-10-01 13:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2014-10-01 13:48 - 2014-10-01 13:48 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2014-10-01 13:40 - 2014-10-01 13:42 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Redacted\Downloads\cbSetup.exe
2014-10-01 13:36 - 2014-10-01 13:36 - 00688992 ____R (Swearware) C:\Users\Redacted\Desktop\dds.com
2014-10-01 13:36 - 2014-10-01 13:36 - 00688992 _____ (Swearware) C:\Users\Redacted\Downloads\dds.com
2014-09-27 02:31 - 2014-09-27 02:31 - 02085775 _____ () C:\Users\Redacted\Downloads\system_sounds_3_7644_3160.zip
2014-09-26 14:47 - 2014-09-26 14:47 - 00206691 _____ () C:\Users\Redacted\Downloads\Cardpsd50.psd
2014-09-25 15:30 - 2014-10-01 20:30 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-09-25 15:30 - 2014-09-25 15:30 - 02174848 _____ () C:\Users\Redacted\Downloads\instsf450.exe
2014-09-25 15:30 - 2014-09-25 15:30 - 00001007 _____ () C:\Users\UpdatusUser\Desktop\SpeedFan.lnk
2014-09-25 15:30 - 2014-09-25 15:30 - 00001007 _____ () C:\Users\Redacted\Desktop\SpeedFan.lnk
2014-09-25 15:30 - 2014-09-25 15:30 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2014-09-25 15:30 - 2014-09-25 15:30 - 00000000 ____D () C:\Users\Redacted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-09-25 15:30 - 2014-09-25 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-09-25 13:33 - 2014-09-25 13:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 15:46 - 2014-09-24 15:46 - 00000000 _____ () C:\Users\Redacted\Desktop\4 October 1230pm DENTAL.txt
2014-09-23 21:34 - 2014-09-30 16:53 - 00000000 ____D () C:\Users\Redacted\AppData\Roaming\Tropico 3
2014-09-23 21:34 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-09-23 21:34 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-09-23 21:34 - 2009-03-16 14:18 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-09-23 21:34 - 2009-03-16 14:18 - 00069448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-09-23 21:34 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-09-23 21:34 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-09-23 21:34 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-09-23 21:34 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-09-23 21:34 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-09-23 21:34 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-09-23 21:33 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-09-23 21:33 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-09-23 21:33 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-09-23 21:33 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-09-23 21:33 - 2008-10-15 07:03 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-09-23 21:33 - 2008-10-15 07:03 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-09-23 21:33 - 2008-10-15 07:03 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-09-23 21:33 - 2008-10-15 07:03 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-09-23 21:33 - 2008-10-15 07:03 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-09-23 21:33 - 2008-10-15 07:03 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-09-23 21:33 - 2008-10-15 07:03 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-09-23 21:33 - 2008-10-15 07:03 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-09-23 21:33 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-09-23 21:33 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-09-23 21:33 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-09-23 21:33 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-09-23 21:33 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-09-23 21:33 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-09-23 21:33 - 2008-07-30 06:20 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-09-23 21:33 - 2008-07-30 06:20 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-09-23 21:33 - 2008-07-30 06:20 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-09-23 21:33 - 2008-07-30 06:20 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-09-23 21:33 - 2008-07-30 06:20 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-09-23 21:33 - 2008-07-30 06:20 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-09-23 21:33 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-09-23 21:33 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-09-23 21:28 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-09-23 21:28 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-09-23 21:28 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-09-23 21:28 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-09-23 21:28 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-09-23 21:28 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-09-23 21:28 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-09-23 21:28 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-09-23 21:28 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-09-23 21:28 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-09-23 21:28 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-09-23 21:28 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-09-23 21:28 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-09-23 21:28 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-09-23 21:28 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-09-23 21:28 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-09-23 21:28 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-09-23 21:28 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-09-23 21:28 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-09-23 21:28 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-09-23 21:28 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-09-23 21:28 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-09-23 21:28 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-09-23 21:28 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-09-23 21:28 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-09-23 21:28 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-09-23 21:28 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-09-23 21:28 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-09-23 21:28 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-09-23 21:28 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-09-23 21:27 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-09-23 21:27 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-09-23 21:27 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-09-23 21:27 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-09-23 21:27 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-09-23 21:27 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-09-23 21:27 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-09-23 21:27 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-09-23 21:27 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-09-23 21:27 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-09-23 21:27 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-09-23 21:27 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-09-23 21:27 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-09-23 21:27 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-09-23 21:27 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-09-23 21:27 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-09-23 21:27 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-09-23 21:27 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-09-23 21:27 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-09-23 21:27 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-09-23 21:27 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-09-23 21:27 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-09-23 21:27 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-09-23 21:27 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-09-23 21:27 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-09-23 21:27 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-09-23 21:27 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-09-23 21:27 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-09-23 21:27 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-09-23 21:27 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-09-23 21:27 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-09-23 21:27 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-09-23 21:27 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-09-23 21:27 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-09-23 21:27 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-09-23 21:27 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-09-23 21:27 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-09-23 21:27 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-09-23 21:27 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-09-23 21:27 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-09-23 21:27 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-09-23 21:27 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-09-23 21:27 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-09-23 21:27 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-09-23 21:27 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-09-23 21:27 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-09-23 21:27 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-09-23 21:27 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-09-23 21:27 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-09-23 21:27 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-09-23 21:27 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-09-23 21:27 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-09-23 21:27 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-09-23 21:27 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-09-23 21:27 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-09-23 21:27 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-09-23 21:27 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-09-23 21:27 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-09-23 21:27 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-09-23 21:27 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-09-23 21:26 - 2014-09-23 21:33 - 00034853 _____ () C:\Windows\DirectX.log
2014-09-23 21:26 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-09-23 21:26 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-09-23 21:26 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-09-23 21:26 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-09-23 21:26 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-09-23 21:26 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-09-23 21:26 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-09-23 21:26 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-09-23 21:26 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-09-23 21:26 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-09-23 21:26 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-09-23 21:26 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-09-23 21:26 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-09-23 21:26 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-09-23 21:26 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-09-23 21:26 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-09-23 21:26 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-09-23 21:26 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-09-23 20:17 - 2014-09-23 20:17 - 00000221 _____ () C:\Users\Redacted\Desktop\Tropico 3 - Steam Special Edition.url
2014-09-23 20:17 - 2014-09-23 20:17 - 00000000 ____D () C:\Users\Redacted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-23 20:06 - 2014-09-30 15:44 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-23 20:06 - 2014-09-23 20:06 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-09-23 20:06 - 2014-09-23 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-23 20:05 - 2014-09-23 20:05 - 01142392 _____ () C:\Users\Redacted\Downloads\SteamSetup.exe
2014-09-23 17:38 - 2014-09-23 17:38 - 00001031 _____ () C:\Users\UpdatusUser\Desktop\WinDirStat.lnk
2014-09-23 17:38 - 2014-09-23 17:38 - 00001031 _____ () C:\Users\Redacted\Desktop\WinDirStat.lnk
2014-09-23 17:38 - 2014-09-23 17:38 - 00000000 ____D () C:\Users\Redacted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-09-23 17:38 - 2014-09-23 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2014-09-23 17:38 - 2014-09-23 17:38 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2014-09-23 17:36 - 2014-09-23 17:36 - 00645729 _____ (WDS Team) C:\Users\Redacted\Downloads\windirstat1_1_2_setup.exe
2014-09-23 16:52 - 2014-09-23 16:52 - 00050702 _____ () C:\Users\Redacted\Downloads\Addition.txt
2014-09-23 16:52 - 2014-09-23 16:52 - 00003042 _____ () C:\Users\Redacted\Downloads\FSS.txt
2014-09-23 16:51 - 2014-09-23 16:51 - 00415232 _____ (Farbar) C:\Users\Redacted\Downloads\FSS.exe
2014-09-23 16:49 - 2014-09-23 16:52 - 00082978 _____ () C:\Users\Redacted\Downloads\FRST.txt
2014-09-23 16:47 - 2014-10-07 12:38 - 00000000 ____D () C:\FRST
2014-09-23 16:46 - 2014-09-23 16:47 - 02105856 _____ (Farbar) C:\Users\Redacted\Downloads\FRST64.exe
2014-09-23 01:49 - 2014-09-23 01:49 - 00000000 ____D () C:\Users\Redacted\AppData\Local\CrashDumps
2014-09-22 23:38 - 2014-09-23 16:42 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-22 23:38 - 2014-09-22 23:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-22 23:37 - 2014-09-22 23:38 - 05451352 _____ () C:\Users\Redacted\Downloads\RogueKillerX64.exe
2014-09-22 21:04 - 2014-09-22 21:06 - 02052817 _____ () C:\Users\Redacted\Downloads\Sunshine-assets.zip
2014-09-22 16:33 - 2014-09-22 16:33 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-22 16:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-22 16:01 - 2014-10-07 04:03 - 00000000 ____D () C:\AdwCleaner
2014-09-22 16:00 - 2014-09-22 16:01 - 01373475 _____ () C:\Users\Redacted\Downloads\AdwCleaner.exe
2014-09-20 22:34 - 2014-09-20 22:34 - 00380416 _____ () C:\Users\Redacted\Downloads\htq8467k.exe
2014-09-19 16:44 - 2014-09-19 16:45 - 02347384 _____ (ESET) C:\Users\Redacted\Downloads\esetsmartinstaller_enu(1).exe
2014-09-19 16:08 - 2014-09-22 16:25 - 00005850 _____ () C:\Users\Redacted\Desktop\Rkill.txt
2014-09-19 16:07 - 2014-09-19 16:08 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Redacted\Downloads\rkill.exe
2014-09-17 22:00 - 2014-09-17 22:00 - 00022016 _____ () C:\Users\Redacted\Downloads\FPK_POST_Details_2014817.xls
2014-09-17 14:22 - 2014-09-17 14:22 - 00001156 _____ () C:\Users\Public\Desktop\NetLimiter 4 (x64).lnk
2014-09-17 14:22 - 2014-09-17 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 4
2014-09-17 14:22 - 2014-09-17 14:22 - 00000000 ____D () C:\Program Files\Locktime Software
2014-09-17 13:41 - 2014-09-17 13:42 - 05942448 _____ (Locktime Software) C:\Users\Redacted\Downloads\netlimiter-4.0.8.0.exe
2014-09-16 20:00 - 2014-09-16 20:00 - 00030720 _____ () C:\Users\Redacted\Downloads\FPK_POST_Details_2014816.xls
2014-09-16 02:42 - 2014-09-16 02:42 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\Redacted\Downloads\WinPcap_4_1_3.exe
2014-09-16 02:41 - 2014-09-16 02:41 - 02576098 _____ () C:\Users\Redacted\Downloads\Snort_2_9_6_2_Installer.exe
2014-09-16 02:41 - 2014-09-16 02:41 - 00000000 ____D () C:\Snort
2014-09-15 03:20 - 2014-09-15 03:21 - 07675997 _____ () C:\Users\Redacted\Downloads\madVR.zip
2014-09-15 03:19 - 2014-09-15 03:19 - 00000000 ____D () C:\Users\Redacted\AppData\Roaming\MPC-HC
2014-09-15 03:19 - 2014-09-15 03:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\xy-VSFilter
2014-09-15 03:19 - 2014-09-15 03:19 - 00000000 ____D () C:\Program Files\xy-VSFilter
2014-09-15 03:19 - 2012-07-17 14:21 - 00206336 _____ () C:\Windows\system32\unrar64.dll
2014-09-15 03:17 - 2014-09-15 03:17 - 01163800 _____ (xy-VSFilter Team ) C:\Users\Redacted\Downloads\xy-VSFilter_3.0.0.211_x64_Installer.exe
2014-09-15 03:17 - 2014-09-15 03:17 - 00001662 _____ () C:\Users\Redacted\Desktop\MPC-HC x64.lnk
2014-09-15 03:17 - 2014-09-15 03:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2014-09-15 03:17 - 2014-09-15 03:17 - 00000000 ____D () C:\Program Files\MPC-HC
2014-09-15 03:16 - 2014-09-15 03:16 - 11775336 _____ (MPC-HC Team ) C:\Users\Redacted\Downloads\MPC-HC.1.7.6.x64.exe
2014-09-15 00:00 - 2014-09-15 00:00 - 00032256 _____ () C:\Users\Redacted\Downloads\FPK_POST_Details_2014814.xls
2014-09-14 22:51 - 2014-09-16 16:30 - 00000000 ___RD () C:\Users\Redacted\Desktop\Mega
2014-09-14 21:40 - 2014-09-14 21:40 - 00030345 _____ () C:\Users\Redacted\Downloads\post-105093472906078_697929740289112-likes.csv
2014-09-13 10:16 - 2014-08-09 16:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-13 10:16 - 2014-08-09 16:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-09-12 16:46 - 2014-08-16 17:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 16:46 - 2014-08-16 17:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 16:46 - 2014-08-16 17:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 16:46 - 2014-08-16 17:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 16:46 - 2014-08-16 17:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 16:46 - 2014-08-16 17:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 16:46 - 2014-08-16 17:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-12 16:46 - 2014-08-16 17:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 16:46 - 2014-08-16 17:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 16:46 - 2014-08-16 15:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 16:46 - 2014-08-16 15:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 16:46 - 2014-08-16 15:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 16:46 - 2014-08-16 15:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-12 16:46 - 2014-08-16 15:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 16:46 - 2014-08-16 15:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 16:46 - 2014-08-16 15:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 16:46 - 2014-08-16 15:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 16:46 - 2014-03-07 08:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 16:46 - 2013-05-16 06:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-12 16:46 - 2013-05-16 06:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-12 16:46 - 2013-05-14 21:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 16:46 - 2013-05-14 17:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 16:46 - 2013-02-21 18:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-12 16:46 - 2013-02-21 18:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 16:46 - 2013-02-21 18:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 16:46 - 2013-02-21 18:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-12 16:46 - 2012-11-08 12:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 16:46 - 2012-11-08 12:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 16:46 - 2012-07-26 11:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 16:45 - 2014-08-16 17:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 16:45 - 2014-08-16 17:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-12 16:45 - 2014-08-16 17:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 16:45 - 2014-08-16 17:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 16:45 - 2014-08-16 17:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 16:45 - 2014-08-16 17:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 16:45 - 2014-08-16 15:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 16:45 - 2014-08-16 15:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 16:45 - 2014-08-16 15:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 16:45 - 2014-08-16 15:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 16:45 - 2014-08-16 15:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 16:45 - 2013-02-21 18:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 16:45 - 2013-02-21 18:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 16:45 - 2013-02-19 17:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-09-12 15:25 - 2014-06-05 09:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-12 15:25 - 2014-06-04 07:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-12 15:24 - 2014-08-28 19:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-12 15:24 - 2014-08-28 14:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-12 15:24 - 2014-08-28 14:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-12 15:24 - 2014-08-28 14:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-12 15:24 - 2014-08-28 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-12 15:24 - 2014-08-28 14:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-12 15:24 - 2014-08-28 14:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-12 15:24 - 2014-08-28 14:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-12 15:24 - 2014-08-28 14:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-12 15:24 - 2014-08-28 14:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-12 15:24 - 2014-08-28 14:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-12 15:24 - 2014-08-28 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-12 15:24 - 2014-08-28 14:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-12 15:24 - 2014-08-28 14:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-12 15:24 - 2014-08-01 07:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-12 15:22 - 2014-09-05 06:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 15:22 - 2014-09-03 09:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 15:22 - 2014-07-24 11:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-12 15:22 - 2014-07-24 11:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-12 15:21 - 2014-08-23 14:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-12 15:05 - 2014-10-07 12:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-12 15:05 - 2014-09-12 15:05 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 20:56 - 2014-09-10 20:57 - 00000000 ____D () C:\Users\Redacted\Desktop\Unused Stuff 1
2014-09-10 14:54 - 2014-09-10 15:10 - 00000000 ____D () C:\Users\Redacted\.gradle
2014-09-10 14:45 - 2014-09-10 14:45 - 00000000 ____D () C:\Users\Redacted\AppData\Roaming\JetBrains
2014-09-10 13:57 - 2014-09-10 13:58 - 00000000 ____D () C:\Users\Redacted\.AndroidStudioBeta
2014-09-10 01:38 - 2014-09-10 01:38 - 00000000 ____D () C:\Users\Redacted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Android Studio
2014-09-10 01:35 - 2014-09-10 01:35 - 00000000 ____D () C:\Users\Redacted\AppData\Local\Android
2014-09-10 01:22 - 2014-09-10 01:31 - 379497130 _____ (Google Inc.) C:\Users\Redacted\Downloads\android-studio-bundle-135.1339820-windows.exe
2014-09-09 22:44 - 2014-09-09 22:44 - 00000816 _____ () C:\Users\Redacted\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2014-09-09 22:43 - 2014-09-16 01:50 - 00000000 ____D () C:\Users\Redacted\AppData\Roaming\BitTorrent
2014-09-09 22:40 - 2014-09-09 22:40 - 01947736 _____ (BitTorrent Inc.) C:\Users\Redacted\Downloads\BitTorrent.exe
2014-09-09 15:41 - 2014-09-09 15:41 - 00000000 ____D () C:\SUPERDelete
2014-09-09 15:37 - 2014-10-06 20:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-09 15:37 - 2014-09-24 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-09 15:37 - 2014-09-09 15:37 - 00001768 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-09-09 15:37 - 2014-09-09 15:37 - 00000000 ____D () C:\Users\Redacted\AppData\Roaming\SUPERAntiSpyware.com
2014-09-09 15:37 - 2014-09-09 15:37 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-09-09 15:35 - 2014-09-09 15:35 - 19231376 _____ (SUPERAntiSpyware) C:\Users\Redacted\Downloads\SUPERAntiSpyware.exe
2014-09-09 15:16 - 2014-09-09 15:17 - 30517960 _____ (Microsoft Corporation) C:\Users\Redacted\Downloads\Windows-KB890830-x64-V5.15.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-07 12:37 - 2013-12-23 22:07 - 00000000 ____D () C:\Users\Redacted\.gimp-2.8
2014-10-07 12:00 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-07 11:52 - 2014-02-17 16:49 - 00004952 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ACER-Redacted ACER
2014-10-07 11:48 - 2013-12-23 16:17 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-07 11:41 - 2014-07-05 11:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-07 11:29 - 2014-01-05 00:25 - 00000000 ___RD () C:\Users\Redacted\Dropbox
2014-10-07 11:29 - 2014-01-05 00:20 - 00000000 ____D () C:\Users\Redacted\AppData\Roaming\Dropbox
2014-10-07 11:28 - 2013-12-23 16:17 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-07 11:27 - 2012-07-26 15:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-07 04:00 - 2013-12-23 20:28 - 00125240 _____ () C:\Users\Redacted\Desktop\todo.txt
2014-10-07 02:57 - 2013-12-28 21:56 - 00000000 ____D () C:\Users\Redacted\AppData\Local\gtk-2.0
2014-10-06 10:47 - 2013-12-28 22:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-04 11:36 - 2014-01-02 01:34 - 00000600 _____ () C:\Users\Redacted\AppData\Roaming\winscp.rnd
2014-10-04 02:56 - 2014-05-09 23:24 - 00007608 _____ () C:\Users\Redacted\AppData\Local\Resmon.ResmonCfg
2014-10-03 16:27 - 2013-08-16 03:53 - 01234376 _____ () C:\Windows\WindowsUpdate.log
2014-10-02 13:48 - 2013-08-16 04:40 - 00450618 _____ () C:\Windows\system32\prfh0404.dat
2014-10-02 13:48 - 2013-08-16 04:40 - 00136776 _____ () C:\Windows\system32\prfc0404.dat
2014-10-02 13:48 - 2013-08-16 04:35 - 00436298 _____ () C:\Windows\system32\prfh0804.dat
2014-10-02 13:48 - 2013-08-16 04:35 - 00136776 _____ () C:\Windows\system32\prfc0804.dat
2014-10-02 13:48 - 2012-07-26 15:28 - 01973394 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-02 03:22 - 2012-07-26 13:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-01 19:44 - 2014-07-05 11:58 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 17:42 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\rescache
2014-10-01 16:42 - 2014-06-04 18:29 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-10-01 16:42 - 2013-12-23 06:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-01 16:42 - 2013-05-13 18:30 - 00091966 _____ () C:\Windows\PFRO.log
2014-10-01 15:06 - 2012-07-26 15:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-01 12:22 - 2013-12-24 11:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-01 12:05 - 2014-07-23 16:18 - 00000000 ___RD () C:\Users\Redacted\OneDrive
2014-09-30 19:45 - 2013-12-24 00:24 - 00000310 _____ () C:\Users\Redacted\Desktop\24october2014.txt
2014-09-29 23:56 - 2014-03-13 01:26 - 00000000 ____D () C:\Users\Redacted\AppData\Roaming\GarenaPlus
2014-09-29 23:56 - 2014-03-13 01:25 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-09-27 22:21 - 2014-06-04 18:29 - 00000000 ____D () C:\Users\Redacted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-27 22:21 - 2014-06-04 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-26 20:25 - 2014-06-05 19:59 - 00003822 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1387992087
2014-09-26 20:25 - 2013-12-26 01:21 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-25 22:30 - 2014-07-23 16:18 - 00002246 _____ () C:\Users\Redacted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2014-09-25 22:24 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-25 13:49 - 2013-12-23 16:19 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-23 21:01 - 2014-08-28 21:22 - 00000383 _____ () C:\Users\Redacted\Desktop\Mega.txt
2014-09-23 17:59 - 2013-12-24 01:03 - 00000000 ____D () C:\Users\Redacted\Desktop\Backup
2014-09-23 17:55 - 2013-05-13 18:43 - 00000000 ____D () C:\ProgramData\WildTangent
2014-09-23 17:14 - 2014-02-05 22:13 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-823994528-2752198070-2781395043-1002
2014-09-23 12:01 - 2014-08-06 20:29 - 00000000 ____D () C:\Users\Redacted\.android
2014-09-22 17:49 - 2014-08-18 15:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-22 16:33 - 2014-08-18 15:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-21 11:51 - 2013-05-13 18:44 - 00000000 ____D () C:\ProgramData\McAfee
2014-09-20 12:25 - 2013-05-13 18:44 - 00000000 ____D () C:\Program Files\mcafee
2014-09-20 10:53 - 2014-02-21 14:48 - 00000000 ____D () C:\Program Files (x86)\Heroku
2014-09-20 10:50 - 2014-01-24 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-20 10:50 - 2014-01-24 07:19 - 00000000 ____D () C:\ProgramData\HP
2014-09-20 10:50 - 2014-01-24 07:19 - 00000000 ____D () C:\Program Files (x86)\HP
2014-09-18 14:52 - 2013-12-23 06:42 - 00000000 ____D () C:\Users\Redacted\AppData\Local\Packages
2014-09-18 13:24 - 2014-01-05 00:25 - 00000988 _____ () C:\Users\Redacted\Desktop\Dropbox.lnk
2014-09-18 13:24 - 2014-01-05 00:22 - 00000000 ____D () C:\Users\Redacted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-17 14:22 - 2014-09-02 03:38 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-17 13:42 - 2014-09-02 03:37 - 00000000 ____D () C:\Users\Redacted\AppData\Roaming\Locktime Software
2014-09-16 02:43 - 2014-01-08 01:11 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-09-13 22:28 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-13 10:22 - 2014-07-23 14:11 - 00854808 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-13 10:21 - 2012-07-26 16:12 - 00000000 ____D () C:\Windows\Registration
2014-09-13 10:20 - 2014-07-10 17:40 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 14:54 - 2013-12-23 06:42 - 00000000 ____D () C:\Users\Redacted
2014-09-09 21:40 - 2014-09-04 13:41 - 00000000 ____D () C:\Users\Redacted\AppData\Roaming\sqlitestudio
2014-09-09 19:51 - 2014-09-04 15:46 - 00045056 _____ () C:\Users\Redacted\Desktop\mktest.db
2014-09-09 19:51 - 2014-09-04 14:00 - 00045056 _____ () C:\Users\Redacted\Desktop\mk.db
 
Files to move or delete:
====================
C:\Users\Redacted\mywifi301.exe
 
 
Some content of TEMP:
====================
C:\Users\Redacted\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfuwrib.dll
C:\Users\Redacted\AppData\Local\Temp\restarter4133552333778412740.exe
C:\Users\Redacted\AppData\Local\Temp\restarter9039976824426940800.exe
C:\Users\Redacted\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Redacted\AppData\Local\Temp\sfamcc00002.dll
C:\Users\Redacted\AppData\Local\Temp\sfamcc00003.dll
C:\Users\Redacted\AppData\Local\Temp\sfamcc00004.dll
C:\Users\Redacted\AppData\Local\Temp\sfareca00002.dll
C:\Users\Redacted\AppData\Local\Temp\sfextra.dll
C:\Users\Redacted\AppData\Local\Temp\VistaLauncher6061901042757239770.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-28 10:36
 
==================== End Of Log ============================

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:51 PM

Posted 07 October 2014 - 08:48 AM


MRT.exe is good. The process is not running on your computer.
SuperAntiSpyware is reporting a false/positive.
This is a valid program, but it is up to you whether or not you want it to run on startup.
http://www.bleepingcomputer.com/startups/MRT.exe-19376.html

If you want you can delete the file. The program is available here if you ever need it.
http://www.microsoft.com/security/pc-security/malware-removal.aspx
===

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - {775D6D26-7A07-49D2-9CCA-D61D1B194C88} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {775D6D26-7A07-49D2-9CCA-D61D1B194C88} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} -  No File
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 MFE_RR; \??\C:\Users\Redacted\AppData\Local\Temp\mfe_rr.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#8 Fromto

Fromto
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 07 October 2014 - 09:19 AM

Ah.. I see. But how do I account for the other symptoms above (especially the issue with GMER)? 



#9 Fromto

Fromto
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 07 October 2014 - 09:22 AM

Also, I do not want to scare myself, but it seems that Windows Malicious Software Removal Tool is always on the Windows Update important updates to install list everyday. Is that behavior normal?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:51 PM

Posted 07 October 2014 - 10:17 AM

It's being updated with all the other Windows Updates.

I have never installed it. It just may be that it comes installed with Windows 8.

Read these articles.

http://www.howtogeek.com/180773/what-is-the-malicious-software-removal-tool-and-do-i-need-it/

http://support2.microsoft.com/kb/890830

Someone in the Windows 8 Forum may able to give you more information than I have.
http://www.bleepingcomputer.com/forums/f/209/windows-8/

===

Problem with booting and the Master Boot records are better identified with these tools.
Run the and post the logs for my review.


Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#11 Fromto

Fromto
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 09 October 2014 - 12:56 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by Redacted at 2014-10-09 13:54:02 Run:1
Running from C:\Users\Redacted\Desktop\dds files
Loaded Profiles: UpdatusUser & Redacted (Available profiles: UpdatusUser & Redacted)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - {775D6D26-7A07-49D2-9CCA-D61D1B194C88} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {775D6D26-7A07-49D2-9CCA-D61D1B194C88} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} -  No File
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 MFE_RR; \??\C:\Users\Redacted\AppData\Local\Temp\mfe_rr.sys [X]
 
End
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{775D6D26-7A07-49D2-9CCA-D61D1B194C88}" => Key deleted successfully.
"HKCR\CLSID\{775D6D26-7A07-49D2-9CCA-D61D1B194C88}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{775D6D26-7A07-49D2-9CCA-D61D1B194C88}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{775D6D26-7A07-49D2-9CCA-D61D1B194C88}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key deleted successfully.
"HKCR\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
"HKCR\PROTOCOLS\Handler\qvp" => Key deleted successfully.
"HKCR\CLSID\{4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
MFE_RR => Service deleted successfully.
 
==== End of Fixlog ====


#12 Fromto

Fromto
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 09 October 2014 - 01:04 AM

13:58:07.0188 0x08a0  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
13:58:07.0188 0x08a0  UEFI system
13:58:09.0408 0x08a0  ============================================================
13:58:09.0408 0x08a0  Current date / time: 2014/10/09 13:58:09.0407
13:58:09.0408 0x08a0  SystemInfo:
13:58:09.0408 0x08a0  
13:58:09.0408 0x08a0  OS Version: 6.2.9200 ServicePack: 0.0
13:58:09.0408 0x08a0  Product type: Workstation
13:58:09.0408 0x08a0  ComputerName: ACER
13:58:09.0408 0x08a0  UserName: Redacted
13:58:09.0408 0x08a0  Windows directory: C:\Windows
13:58:09.0408 0x08a0  System windows directory: C:\Windows
13:58:09.0408 0x08a0  Running under WOW64
13:58:09.0408 0x08a0  Processor architecture: Intel x64
13:58:09.0408 0x08a0  Number of processors: 4
13:58:09.0408 0x08a0  Page size: 0x1000
13:58:09.0408 0x08a0  Boot type: Normal boot
13:58:09.0408 0x08a0  ============================================================
13:58:10.0330 0x08a0  KLMD registered as C:\Windows\system32\drivers\46616189.sys
13:58:10.0527 0x08a0  System UUID: {9811A837-D329-6C20-8F0A-B900622297F0}
13:58:10.0887 0x08a0  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:58:10.0889 0x08a0  ============================================================
13:58:10.0889 0x08a0  \Device\Harddisk0\DR0:
13:58:10.0890 0x08a0  GPT partitions:
13:58:10.0890 0x08a0  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {41F572BA-5A7C-4115-A9E3-A65D2F7FA488}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
13:58:10.0890 0x08a0  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {084C051F-A86D-4821-A540-C4E01A37D951}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
13:58:10.0890 0x08a0  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {FF198CA8-2E18-434B-A9AE-DDF95D3E62DF}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
13:58:10.0890 0x08a0  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {10F6F12D-1FC3-49D1-9DEC-6B50421F1AFA}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x39231000
13:58:10.0890 0x08a0  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {B3B83985-1325-49A1-987D-BB78F3C43E43}, Name: Basic data partition, StartLBA 0x393CF800, BlocksNum 0x39337000
13:58:10.0890 0x08a0  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {D54C8EE9-4D5C-4E41-9849-523890A56014}, Name: Basic data partition, StartLBA 0x72706800, BlocksNum 0x2000000
13:58:10.0890 0x08a0  MBR partitions:
13:58:10.0890 0x08a0  ============================================================
13:58:10.0914 0x08a0  C: <-> \Device\Harddisk0\DR0\Partition4
13:58:10.0954 0x08a0  D: <-> \Device\Harddisk0\DR0\Partition5
13:58:10.0954 0x08a0  ============================================================
13:58:10.0954 0x08a0  Initialize success
13:58:10.0954 0x08a0  ============================================================
13:58:16.0451 0x0eec  ============================================================
13:58:16.0451 0x0eec  Scan started
13:58:16.0451 0x0eec  Mode: Manual; SigCheck; TDLFS; 
13:58:16.0451 0x0eec  ============================================================
13:58:16.0451 0x0eec  KSN ping started
13:58:19.0264 0x0eec  KSN ping finished: true
13:58:21.0363 0x0eec  ================ Scan system memory ========================
13:58:21.0363 0x0eec  System memory - ok
13:58:21.0363 0x0eec  ================ Scan services =============================
13:58:21.0487 0x0eec  [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
13:58:21.0513 0x0eec  !SASCORE - ok
13:58:21.0608 0x0eec  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
13:58:21.0639 0x0eec  1394ohci - ok
13:58:21.0645 0x0eec  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\Windows\system32\drivers\3ware.sys
13:58:21.0655 0x0eec  3ware - ok
13:58:21.0680 0x0eec  [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:58:21.0699 0x0eec  ACPI - ok
13:58:21.0704 0x0eec  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
13:58:21.0713 0x0eec  acpiex - ok
13:58:21.0716 0x0eec  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
13:58:21.0744 0x0eec  acpipagr - ok
13:58:21.0747 0x0eec  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
13:58:21.0762 0x0eec  AcpiPmi - ok
13:58:21.0765 0x0eec  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
13:58:21.0786 0x0eec  acpitime - ok
13:58:21.0867 0x0eec  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:58:21.0878 0x0eec  AdobeFlashPlayerUpdateSvc - ok
13:58:21.0919 0x0eec  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:58:21.0939 0x0eec  adp94xx - ok
13:58:21.0952 0x0eec  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:58:21.0977 0x0eec  adpahci - ok
13:58:21.0985 0x0eec  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:58:22.0004 0x0eec  adpu320 - ok
13:58:22.0019 0x0eec  [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:58:22.0055 0x0eec  AeLookupSvc - ok
13:58:22.0088 0x0eec  [ FE7FB9612D354EB41DF4F0FF5D6FB259, 98D5BD9C1300195C49CB0717A831A06D99F7AE631D5EA065E10BFE7C2FA57A18 ] AFD             C:\Windows\system32\drivers\afd.sys
13:58:22.0139 0x0eec  AFD - ok
13:58:22.0165 0x0eec  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:58:22.0174 0x0eec  agp440 - ok
13:58:22.0190 0x0eec  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\Windows\System32\alg.exe
13:58:22.0222 0x0eec  ALG - ok
13:58:22.0256 0x0eec  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
13:58:22.0282 0x0eec  AllUserInstallAgent - ok
13:58:22.0286 0x0eec  [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
13:58:22.0308 0x0eec  AmdK8 - ok
13:58:22.0313 0x0eec  [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
13:58:22.0342 0x0eec  AmdPPM - ok
13:58:22.0348 0x0eec  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:58:22.0369 0x0eec  amdsata - ok
13:58:22.0379 0x0eec  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:58:22.0394 0x0eec  amdsbs - ok
13:58:22.0399 0x0eec  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:58:22.0407 0x0eec  amdxata - ok
13:58:22.0412 0x0eec  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\Windows\system32\drivers\appid.sys
13:58:22.0435 0x0eec  AppID - ok
13:58:22.0463 0x0eec  [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:58:22.0486 0x0eec  AppIDSvc - ok
13:58:22.0512 0x0eec  [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo         C:\Windows\System32\appinfo.dll
13:58:22.0545 0x0eec  Appinfo - ok
13:58:22.0565 0x0eec  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\Windows\system32\drivers\arc.sys
13:58:22.0574 0x0eec  arc - ok
13:58:22.0580 0x0eec  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:58:22.0590 0x0eec  arcsas - ok
13:58:22.0629 0x0eec  [ D95E64416A4A3ED6986E0F474DA934BD, DBB4A0DED0DABE1F8FF0DB8C0E9EC4EC906A85A45DC0AEC013A8744F9BF5D40E ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
13:58:22.0653 0x0eec  aswHwid - ok
13:58:22.0713 0x0eec  [ FF1E537A3632CBB9A0BF72B9FD0878D5, B26E6A1F6E6FA5280A12861EFAD44D8F49353F47B21843EBA73E149CF613DCBC ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:58:22.0720 0x0eec  aswMonFlt - ok
13:58:22.0749 0x0eec  [ A5757DE5F9C83AB40667A53D5126EA40, 58B72B1B126CF641188703CE82E26BEB0C41AD7587CFFCCCE9E3C64CC7AACC90 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
13:58:22.0781 0x0eec  aswRdr - ok
13:58:22.0833 0x0eec  [ 645D97385F3F284FB5604F9B970F4D24, 15A9D7F0F4C1062210E4E744A9069B8645177D19F35B8740D74022639DC05F2E ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
13:58:22.0880 0x0eec  aswRvrt - ok
13:58:23.0006 0x0eec  [ B8FDEDE963B82CFD23B3A53A3084666D, 3537E5B684FB6F0AA589A5FA7CD111E1744DF384AB1A266D4114100F104ED11B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:58:23.0062 0x0eec  aswSnx - ok
13:58:23.0109 0x0eec  [ 0DEDC041DF594AEC2C3BD00417CFAF60, 0D3A8924503986546EE256D185225C0B080FDB6B0C8B0BED7516B07A7334371B ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:58:23.0139 0x0eec  aswSP - ok
13:58:23.0180 0x0eec  [ 48DED912CDE54FC0923B9858512366E1, 9B216B934408A7CB3CE2B41240B7EF01EAA3BC066211B784064FF8AC97A29B4E ] aswStm          C:\Windows\system32\drivers\aswStm.sys
13:58:23.0205 0x0eec  aswStm - ok
13:58:23.0249 0x0eec  [ 471A311745848B80339436688A8286E6, E51C57236CEC19AC38E85D115DB97875517D837811188AD2E53FA49055B53890 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:58:23.0259 0x0eec  aswVmm - ok
13:58:23.0330 0x0eec  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:58:23.0359 0x0eec  AsyncMac - ok
13:58:23.0405 0x0eec  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:58:23.0448 0x0eec  atapi - ok
13:58:23.0477 0x0eec  [ 1E71A166547A110CD66EA44326DB4552, F66502ACBB50760EB0A676CB2560A539511935F016CBA2747C554F709D3FA1FE ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
13:58:23.0544 0x0eec  AthBTPort - ok
13:58:23.0611 0x0eec  [ 7395FB31E3D1AA09EC5DBE6CE2FFE1D8, 7CD6D7A32C2C9B96B9320662C8B36C3089627A6699C7709153E30F9A79D9B7FD ] AtherosSvc      C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
13:58:23.0620 0x0eec  AtherosSvc - ok
13:58:23.0813 0x0eec  [ DCE84DFDB3820C6DD91E4257949BBA96, 9FE51498BE8B99C666EDA446871981D74320D52F5E1895B047E28D631D7A58D2 ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
13:58:23.0941 0x0eec  athr - ok
13:58:23.0981 0x0eec  [ BCD7A47EF587DC00DD61D12D9C2D1E44, 95BC9AC8BA8A86DB5C7A6317002BD9872F193B401A0C58DF252DCF3D4A7541E2 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
13:58:24.0019 0x0eec  AudioEndpointBuilder - ok
13:58:24.0083 0x0eec  [ 599B3F685A263A114FFAF3BE29C49C75, 579E9561BA8537888E061E303F3F89E2E6F8B8DED74369C3767DB10B35CD45E8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:58:24.0130 0x0eec  Audiosrv - ok
13:58:24.0196 0x0eec  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:58:24.0206 0x0eec  avast! Antivirus - ok
13:58:24.0237 0x0eec  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:58:24.0271 0x0eec  AxInstSV - ok
13:58:24.0310 0x0eec  [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:58:24.0340 0x0eec  b06bdrv - ok
13:58:24.0358 0x0eec  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
13:58:24.0389 0x0eec  BasicDisplay - ok
13:58:24.0407 0x0eec  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
13:58:24.0430 0x0eec  BasicRender - ok
13:58:24.0574 0x0eec  [ 2FE2E0EBCDF1EF22A34B44CED1E59893, CAAF05E0F2ADE9057323FCDE4452DEF1911120BCC0854B8F447F9ACCA036FB86 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl63a.sys
13:58:24.0760 0x0eec  BCM43XX - ok
13:58:24.0795 0x0eec  [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC          C:\Windows\System32\bdesvc.dll
13:58:24.0830 0x0eec  BDESVC - ok
13:58:24.0853 0x0eec  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\Windows\system32\drivers\Beep.sys
13:58:24.0882 0x0eec  Beep - ok
13:58:24.0950 0x0eec  [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE             C:\Windows\System32\bfe.dll
13:58:25.0043 0x0eec  BFE - ok
13:58:25.0091 0x0eec  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\Windows\System32\qmgr.dll
13:58:25.0189 0x0eec  BITS - ok
13:58:25.0213 0x0eec  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:58:25.0238 0x0eec  bowser - ok
13:58:25.0276 0x0eec  [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
13:58:25.0312 0x0eec  BrokerInfrastructure - ok
13:58:25.0339 0x0eec  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\Windows\System32\browser.dll
13:58:25.0383 0x0eec  Browser - ok
13:58:25.0422 0x0eec  [ C8DD6CF775A7587333EBC74D383E2AC9, 9961196EE1E7A4F54CBE2A4C53A9A1B4243E3C2B3D4C4224A7A87B326E63CEDE ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
13:58:25.0435 0x0eec  BTATH_A2DP - ok
13:58:25.0441 0x0eec  [ E54B63E59E66EE813AC974CF499DC55D, E08E180FC2172D7D75E7995F3E36229D63A51B0ED393D994AC608CD77E8D2160 ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
13:58:25.0449 0x0eec  btath_avdt - ok
13:58:25.0480 0x0eec  [ C6978F7EBA6F37D626482AC6B9390630, B4BF939AB9962A61DE9518604C20347DC2A6FCDCEB3D8AEF295AF12E6F2CDCF3 ] BTATH_BUS       C:\Windows\System32\drivers\btath_bus.sys
13:58:25.0489 0x0eec  BTATH_BUS - ok
13:58:25.0510 0x0eec  [ 4AF7C20F94DAC343C01ED671C82DCB99, 2AABD85D9D76461DE883E0F13F61C391BA81E6198FF88268B319474E25A196C8 ] BTATH_HCRP      C:\Windows\System32\drivers\btath_hcrp.sys
13:58:25.0521 0x0eec  BTATH_HCRP - ok
13:58:25.0527 0x0eec  [ 785C38070043BEEE9E9D591DE4067244, 1C8D15B8A9E80A2799E7094C4AE111FEA9FBC6EAA4A61B13EFE59314C9794949 ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
13:58:25.0534 0x0eec  BTATH_LWFLT - ok
13:58:25.0540 0x0eec  [ A6019537D6125099363F90D0C6D181F9, CA0C46AABBF71E2A29C93A477A06D33E3CACC84978DD9D729BEFB339E50D7055 ] BTATH_RCP       C:\Windows\System32\drivers\btath_rcp.sys
13:58:25.0551 0x0eec  BTATH_RCP - ok
13:58:25.0578 0x0eec  [ 524BA2CBC523773795BAC195C6341F9D, 3AE20FA58E0CE60F612797D239E297903B77D4523F0BD9C626DDDFAC38E8AA25 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
13:58:25.0602 0x0eec  BtFilter - ok
13:58:25.0631 0x0eec  [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
13:58:25.0659 0x0eec  BthAvrcpTg - ok
13:58:25.0685 0x0eec  [ A8B20D852B07AE19A13B5D47EC4E4C3B, 86571C9E2BA15BB169CAB2D24C4D0598154C02FD173638CAFC685A7F6B09472D ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
13:58:25.0711 0x0eec  BthEnum - ok
13:58:25.0729 0x0eec  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
13:58:25.0749 0x0eec  BthHFEnum - ok
13:58:25.0752 0x0eec  [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
13:58:25.0788 0x0eec  bthhfhid - ok
13:58:25.0813 0x0eec  [ 42201C346F0B8C458E1E9CDE04D68A2C, 6168FD0D10CD06B00B5C79D5D2B5C353AAC22FD99CE8D417DDBA33ED63CFB8BF ] BthLEEnum       C:\Windows\system32\DRIVERS\BthLEEnum.sys
13:58:25.0837 0x0eec  BthLEEnum - ok
13:58:25.0842 0x0eec  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
13:58:25.0879 0x0eec  BTHMODEM - ok
13:58:25.0884 0x0eec  [ 091BB978E9504D0AD14586929431A957, ACED02B879026A228E35F40847C210BC30A5AFC948FFE922DB21663E4A8DFF1D ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:58:25.0905 0x0eec  BthPan - ok
13:58:25.0958 0x0eec  [ 13795CAA34239D97A7211E7F9D96E012, C4F3402B063A7CFCE386D1AE9255975A199164BA9E7DCDB6129725213A0642B1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
13:58:26.0005 0x0eec  BTHPORT - ok
13:58:26.0033 0x0eec  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\Windows\system32\bthserv.dll
13:58:26.0063 0x0eec  bthserv - ok
13:58:26.0083 0x0eec  [ 1F715957F5236D30B6020A19A4271F6A, C06B637C2C6919E2DE1055AE249AE3EAF7B4890799F22BF5757CC10CEF145043 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
13:58:26.0110 0x0eec  BTHUSB - ok
13:58:26.0160 0x0eec  [ 58BF7714A312698108A96D0DE2BB6825, 87E0EC24520C9C421AF6A680FEF42E18911AABA373A9F927C5CE77AD50F8196F ] cbVSCService11  C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
13:58:26.0176 0x0eec  cbVSCService11 - detected UnsignedFile.Multi.Generic ( 1 )
13:58:28.0706 0x0eec  Detect skipped due to KSN trusted
13:58:28.0706 0x0eec  cbVSCService11 - ok
13:58:28.0812 0x0eec  [ 843F5EFF90A988617C5FFD8596A2B571, 69FF9731876E1CBA4BBF00557F0CBC73247165F8EB45F45A55CC0178A7B90D44 ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
13:58:28.0884 0x0eec  CCDMonitorService - ok
13:58:28.0927 0x0eec  [ E41F70406C34F1CB667B4B27D81AD162, 8869C7EB9CBF68B90640765D15DB5B8DACEF45025C1E580AA94D96E32560274B ] ccSet_NARA      C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys
13:58:28.0942 0x0eec  ccSet_NARA - ok
13:58:28.0962 0x0eec  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:58:28.0986 0x0eec  cdfs - ok
13:58:29.0001 0x0eec  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\Windows\System32\drivers\cdrom.sys
13:58:29.0034 0x0eec  cdrom - ok
13:58:29.0068 0x0eec  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:58:29.0093 0x0eec  CertPropSvc - ok
13:58:29.0121 0x0eec  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\Windows\System32\drivers\circlass.sys
13:58:29.0154 0x0eec  circlass - ok
13:58:29.0185 0x0eec  [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS            C:\Windows\system32\drivers\CLFS.sys
13:58:29.0201 0x0eec  CLFS - ok
13:58:29.0216 0x0eec  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
13:58:29.0234 0x0eec  CmBatt - ok
13:58:29.0277 0x0eec  [ DBF9E5346431557BF56F41E7F8EC0DC1, D5FA34C873DA9BE40301D53198355556506AB5145B78B14D0AA88570A0058589 ] CNG             C:\Windows\system32\Drivers\cng.sys
13:58:29.0300 0x0eec  CNG - ok
13:58:29.0315 0x0eec  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
13:58:29.0356 0x0eec  CompositeBus - ok
13:58:29.0359 0x0eec  COMSysApp - ok
13:58:29.0375 0x0eec  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\Windows\system32\drivers\condrv.sys
13:58:29.0395 0x0eec  condrv - ok
13:58:29.0535 0x0eec  [ 3780EC14225A1F396BE7728F1E7AFDF8, DB1001792F3ADFF1FF7345401C508633FBB8A7E7BB35F2001A555017D21FD89E ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:58:29.0550 0x0eec  cphs - ok
13:58:29.0569 0x0eec  [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:58:29.0580 0x0eec  CryptSvc - ok
13:58:29.0608 0x0eec  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam             C:\Windows\system32\drivers\dam.sys
13:58:29.0617 0x0eec  dam - ok
13:58:29.0652 0x0eec  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:58:29.0697 0x0eec  DcomLaunch - ok
13:58:29.0740 0x0eec  [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc       C:\Windows\System32\defragsvc.dll
13:58:29.0778 0x0eec  defragsvc - ok
13:58:29.0816 0x0eec  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll
13:58:29.0854 0x0eec  DeviceAssociationService - ok
13:58:29.0888 0x0eec  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
13:58:29.0903 0x0eec  DeviceInstall - ok
13:58:29.0934 0x0eec  [ 431141C6859990824D17F71C30A78728, 448B3DC20C8FDD5B66217E0E01DBCC4904F94BDA0826F109D139DDD2C2D7FBF2 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
13:58:29.0954 0x0eec  Dfsc - ok
13:58:29.0984 0x0eec  [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:58:30.0018 0x0eec  Dhcp - ok
13:58:30.0045 0x0eec  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\Windows\system32\drivers\discache.sys
13:58:30.0060 0x0eec  discache - ok
13:58:30.0094 0x0eec  [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk            C:\Windows\system32\drivers\disk.sys
13:58:30.0104 0x0eec  disk - ok
13:58:30.0115 0x0eec  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
13:58:30.0137 0x0eec  dmvsc - ok
13:58:30.0167 0x0eec  [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:58:30.0194 0x0eec  Dnscache - ok
13:58:30.0213 0x0eec  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\Windows\System32\dot3svc.dll
13:58:30.0253 0x0eec  dot3svc - ok
13:58:30.0269 0x0eec  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\Windows\system32\dps.dll
13:58:30.0287 0x0eec  DPS - ok
13:58:30.0300 0x0eec  [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:58:30.0328 0x0eec  drmkaud - ok
13:58:30.0356 0x0eec  [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
13:58:30.0370 0x0eec  DsmSvc - ok
13:58:30.0434 0x0eec  [ 2BB5627EB587FA995086C3D8C21B6D3F, 871E35BBE66180781324D38823B74263B660CF9254EE348A15421FAC5667F294 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:58:30.0570 0x0eec  DXGKrnl - ok
13:58:30.0592 0x0eec  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\Windows\System32\eapsvc.dll
13:58:30.0617 0x0eec  Eaphost - ok
13:58:30.0713 0x0eec  [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:58:30.0832 0x0eec  ebdrv - ok
13:58:30.0867 0x0eec  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] EFS             C:\Windows\System32\lsass.exe
13:58:30.0896 0x0eec  EFS - ok
13:58:30.0925 0x0eec  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
13:58:30.0934 0x0eec  EhStorClass - ok
13:58:30.0946 0x0eec  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
13:58:30.0956 0x0eec  EhStorTcgDrv - ok
13:58:31.0010 0x0eec  [ 138690A45CE2EE341D00A86AFF44D95F, 79230ED8285E5A9FCB7A6C3EFE64E1BAEBC64018394F9E8849A493F4ADA5C006 ] ePowerSvc       C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
13:58:31.0026 0x0eec  ePowerSvc - ok
13:58:31.0030 0x0eec  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
13:58:31.0039 0x0eec  ErrDev - ok
13:58:31.0083 0x0eec  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\Windows\system32\es.dll
13:58:31.0116 0x0eec  EventSystem - ok
13:58:31.0135 0x0eec  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\Windows\system32\drivers\exfat.sys
13:58:31.0164 0x0eec  exfat - ok
13:58:31.0183 0x0eec  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:58:31.0194 0x0eec  fastfat - ok
13:58:31.0224 0x0eec  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\Windows\system32\fxssvc.exe
13:58:31.0254 0x0eec  Fax - ok
13:58:31.0271 0x0eec  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\Windows\System32\drivers\fdc.sys
13:58:31.0307 0x0eec  fdc - ok
13:58:31.0327 0x0eec  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:58:31.0352 0x0eec  fdPHost - ok
13:58:31.0364 0x0eec  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:58:31.0395 0x0eec  FDResPub - ok
13:58:31.0412 0x0eec  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\Windows\system32\fhsvc.dll
13:58:31.0425 0x0eec  fhsvc - ok
13:58:31.0436 0x0eec  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:58:31.0445 0x0eec  FileInfo - ok
13:58:31.0459 0x0eec  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:58:31.0485 0x0eec  Filetrace - ok
13:58:31.0514 0x0eec  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
13:58:31.0540 0x0eec  flpydisk - ok
13:58:31.0566 0x0eec  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:58:31.0582 0x0eec  FltMgr - ok
13:58:31.0655 0x0eec  [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache       C:\Windows\system32\FntCache.dll
13:58:31.0721 0x0eec  FontCache - ok
13:58:31.0800 0x0eec  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:58:31.0808 0x0eec  FontCache3.0.0.0 - ok
13:58:31.0833 0x0eec  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:58:31.0842 0x0eec  FsDepends - ok
13:58:31.0860 0x0eec  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:58:31.0868 0x0eec  Fs_Rec - ok
13:58:31.0910 0x0eec  [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:58:31.0928 0x0eec  fvevol - ok
13:58:31.0942 0x0eec  [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
13:58:31.0968 0x0eec  FxPPM - ok
13:58:31.0972 0x0eec  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:58:31.0981 0x0eec  gagp30kx - ok
13:58:32.0037 0x0eec  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
13:58:32.0047 0x0eec  GamesAppService - ok
13:58:32.0088 0x0eec  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
13:58:32.0098 0x0eec  gencounter - ok
13:58:32.0137 0x0eec  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
13:58:32.0148 0x0eec  GPIOClx0101 - ok
13:58:32.0197 0x0eec  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:58:32.0280 0x0eec  gpsvc - ok
13:58:32.0319 0x0eec  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:58:32.0326 0x0eec  gupdate - ok
13:58:32.0330 0x0eec  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:58:32.0337 0x0eec  gupdatem - ok
13:58:32.0366 0x0eec  [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:58:32.0392 0x0eec  HdAudAddService - ok
13:58:32.0422 0x0eec  [ 58CC013EFA9893057160EDA018D8ADCE, BE8AA220CFBD90202C1B130DF349C3198E3447F3C2DC7BC5FC8816F57F78BA00 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
13:58:32.0432 0x0eec  HDAudBus - ok
13:58:32.0452 0x0eec  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
13:58:32.0472 0x0eec  HidBatt - ok
13:58:32.0496 0x0eec  [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth          C:\Windows\System32\drivers\hidbth.sys
13:58:32.0522 0x0eec  HidBth - ok
13:58:32.0527 0x0eec  [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
13:58:32.0545 0x0eec  hidi2c - ok
13:58:32.0549 0x0eec  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\Windows\System32\drivers\hidir.sys
13:58:32.0567 0x0eec  HidIr - ok
13:58:32.0585 0x0eec  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\Windows\system32\hidserv.dll
13:58:32.0614 0x0eec  hidserv - ok
13:58:32.0642 0x0eec  [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
13:58:32.0662 0x0eec  HidUsb - ok
13:58:32.0693 0x0eec  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:58:32.0720 0x0eec  hkmsvc - ok
13:58:32.0728 0x0eec  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:58:32.0744 0x0eec  HomeGroupListener - ok
13:58:32.0783 0x0eec  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:58:32.0804 0x0eec  HomeGroupProvider - ok
13:58:32.0836 0x0eec  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:58:32.0846 0x0eec  HpSAMD - ok
13:58:32.0884 0x0eec  [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:58:32.0930 0x0eec  HTTP - ok
13:58:32.0950 0x0eec  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:58:32.0958 0x0eec  hwpolicy - ok
13:58:32.0976 0x0eec  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
13:58:32.0996 0x0eec  hyperkbd - ok
13:58:32.0999 0x0eec  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
13:58:33.0009 0x0eec  HyperVideo - ok
13:58:33.0032 0x0eec  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
13:58:33.0059 0x0eec  i8042prt - ok
13:58:33.0094 0x0eec  [ B9E489CC1EA3284FEED33799DC70612D, 0DD714A3A37C391B38F4EEEB3F85C3C3C056F4AAB4A5EFA63835AD967BC25B51 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
13:58:33.0111 0x0eec  iaStorA - ok
13:58:33.0158 0x0eec  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:58:33.0176 0x0eec  iaStorV - ok
13:58:33.0321 0x0eec  [ E54E5F3FC3728D1168898080A01A51E5, 1AEDFDB747410ED163D5C6F87CDE136834A367DF194A978214FBA158F0CC141A ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:58:33.0502 0x0eec  igfx - ok
13:58:33.0552 0x0eec  [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:58:33.0593 0x0eec  iirsp - ok
13:58:33.0707 0x0eec  [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:58:33.0766 0x0eec  IKEEXT - ok
13:58:33.0872 0x0eec  [ 443E340366681EFCAA7B95512EA18733, EA17A9B3B954182C99D6C1A1CD9217AC03A9718BD784FA1B5E91DF26C4ED7183 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:58:33.0967 0x0eec  IntcAzAudAddService - ok
13:58:34.0001 0x0eec  [ 0E0B99617ED3FDB6C5F0E2D62709B5DF, A656CA3A60E62BE16A015150B23136CE150F9876B4035E9E8D8E73D1707B37A4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
13:58:34.0034 0x0eec  IntcDAud - ok
13:58:34.0096 0x0eec  [ DDA8E5AD97231AB50B81FED04C28F64C, 5C9E8F7CC45A9AE7FF12A02641562E271D84894DFA7C50218AC2AAA298251B60 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
13:58:34.0139 0x0eec  Intel® Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
13:58:37.0108 0x0eec  Detect skipped due to KSN trusted
13:58:37.0108 0x0eec  Intel® Capability Licensing Service Interface - ok
13:58:37.0139 0x0eec  [ 86FE509640D77FB0998FC8B1FF5523C6, 13E895DEB9B84379251699D7E52C5E3FD888994425DE01B6C4634F9E959D5584 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
13:58:37.0170 0x0eec  Intel® Capability Licensing Service TCP IP Interface - ok
13:58:37.0204 0x0eec  [ 726BFAF3DC2071218F0AE53C919A4D3B, 7934BB42C16F1DAA80AB92FA4AF4BFDD2B8AF73EF55D95950E4A77DBB3DCBF4A ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
13:58:37.0212 0x0eec  Intel® ME Service - ok
13:58:37.0226 0x0eec  [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:58:37.0234 0x0eec  intelide - ok
13:58:37.0261 0x0eec  [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
13:58:37.0290 0x0eec  intelppm - ok
13:58:37.0307 0x0eec  [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:58:37.0329 0x0eec  IpFilterDriver - ok
13:58:37.0372 0x0eec  [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:58:37.0427 0x0eec  iphlpsvc - ok
13:58:37.0453 0x0eec  [ A4071DA3AE419F9694BFCB267C7DB8D7, 392DEE1DA51606C29418A98D2861F115E9F67C688B4281C53E87BA73A98809FB ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
13:58:37.0479 0x0eec  IPMIDRV - ok
13:58:37.0510 0x0eec  [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:58:37.0538 0x0eec  IPNAT - ok
13:58:37.0557 0x0eec  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:58:37.0567 0x0eec  IRENUM - ok
13:58:37.0571 0x0eec  [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:58:37.0578 0x0eec  isapnp - ok
13:58:37.0607 0x0eec  [ E6530FD4F61B40F338BF4355A21B9A09, FE9BF039B9901BEC260A69F7C49ACFA9881AD470DCCBA70C7EC36F518DA71702 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
13:58:37.0621 0x0eec  iScsiPrt - ok
13:58:37.0653 0x0eec  [ 1128B38EEC9DAF1B36373B65E87C00A3, 071E9454B9B442C2C3272FBC1AE5E92911A23CDB99F1C718C34067A70B99F910 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
13:58:37.0661 0x0eec  jhi_service - ok
13:58:37.0670 0x0eec  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
13:58:37.0679 0x0eec  kbdclass - ok
13:58:37.0695 0x0eec  [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
13:58:37.0715 0x0eec  kbdhid - ok
13:58:37.0737 0x0eec  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
13:58:37.0745 0x0eec  kdnic - ok
13:58:37.0753 0x0eec  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] KeyIso          C:\Windows\system32\lsass.exe
13:58:37.0763 0x0eec  KeyIso - ok
13:58:37.0794 0x0eec  [ 8B3EB6372436195B8EA8AE09A184BCE2, 9AFB7A9D6AEEBF5994C85B355155024768116E2D537C9FA169BC3F4594ECD35C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:58:37.0803 0x0eec  KSecDD - ok
13:58:37.0818 0x0eec  [ 3DD9C86EA88E8B5A51904AD87E1F2E78, F9EC9A571212117C01934CD29057EB1B3FA095F670294244AF7D9387D3F6E555 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:58:37.0831 0x0eec  KSecPkg - ok
13:58:37.0853 0x0eec  [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:58:37.0862 0x0eec  ksthunk - ok
13:58:37.0892 0x0eec  [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:58:37.0934 0x0eec  KtmRm - ok
13:58:37.0967 0x0eec  [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:58:38.0000 0x0eec  LanmanServer - ok
13:58:38.0025 0x0eec  [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:58:38.0052 0x0eec  LanmanWorkstation - ok
13:58:38.0074 0x0eec  [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:58:38.0101 0x0eec  lltdio - ok
13:58:38.0138 0x0eec  [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:58:38.0175 0x0eec  lltdsvc - ok
13:58:38.0197 0x0eec  [ 95DD1E89A772A383E0FDC677A2E2ED44, 94701ACC1F4D5422CB7084609BC25D34A05F68829DB5030AA6697BD7DBC3B0B2 ] LMDriver        C:\Windows\System32\drivers\LMDriver.sys
13:58:38.0203 0x0eec  LMDriver - ok
13:58:38.0208 0x0eec  [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:58:38.0237 0x0eec  lmhosts - ok
13:58:38.0281 0x0eec  [ 60471C88EB4906DB0C2026B3290EE4B6, D51752E4149A5BA578BF9F8DA83443BFF0719BAA34D91BD938DAC831BC0BA6DC ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:58:38.0292 0x0eec  LMS - ok
13:58:38.0322 0x0eec  [ 287979F25EBBE306F1D972643D273905, 6C62706A8CF03017F3A0D55134D02111C3E1E765EE18AD2199852E00DB3987FC ] LMSvc           C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
13:58:38.0334 0x0eec  LMSvc - ok
13:58:38.0355 0x0eec  [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:58:38.0365 0x0eec  LSI_SAS - ok
13:58:38.0369 0x0eec  [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:58:38.0379 0x0eec  LSI_SAS2 - ok
13:58:38.0404 0x0eec  [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:58:38.0414 0x0eec  LSI_SCSI - ok
13:58:38.0418 0x0eec  [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
13:58:38.0427 0x0eec  LSI_SSS - ok
13:58:38.0472 0x0eec  [ 1DC9B701F8EB7D67774035AC9C3104F6, 77371267CDA605F78674BF8FA14B134B22299CD96EADA60A68762207595F0B46 ] LSM             C:\Windows\System32\lsm.dll
13:58:38.0501 0x0eec  LSM - ok
13:58:38.0520 0x0eec  [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:58:38.0546 0x0eec  luafv - ok
13:58:38.0570 0x0eec  [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
13:58:38.0578 0x0eec  MBAMProtector - ok
13:58:38.0665 0x0eec  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
13:58:38.0713 0x0eec  MBAMScheduler - ok
13:58:38.0749 0x0eec  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
13:58:38.0770 0x0eec  MBAMService - ok
13:58:38.0818 0x0eec  [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
13:58:38.0826 0x0eec  MBAMSwissArmy - ok
13:58:38.0850 0x0eec  [ 0664F6335F108F38FE08C3CA747311EE, 04C5F31C57573DC4ABFC609D3F7C589835CE5C528AF5EE07FB25E35F72DF98A4 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
13:58:38.0857 0x0eec  MBAMWebAccessControl - ok
13:58:38.0873 0x0eec  [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:58:38.0882 0x0eec  megasas - ok
13:58:38.0890 0x0eec  [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:58:38.0910 0x0eec  MegaSR - ok
13:58:38.0942 0x0eec  [ 6FE7B681F1840366B2E4E8B15BE8E2CB, D60DB52345FB17160C1761AE5BF6C8CF56B350FC626A40C985CA2AE5C88B2F50 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
13:58:38.0950 0x0eec  MEIx64 - ok
13:58:38.0970 0x0eec  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS           C:\Windows\system32\mmcss.dll
13:58:38.0994 0x0eec  MMCSS - ok
13:58:39.0023 0x0eec  [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem           C:\Windows\system32\drivers\modem.sys
13:58:39.0053 0x0eec  Modem - ok
13:58:39.0086 0x0eec  [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor         C:\Windows\System32\drivers\monitor.sys
13:58:39.0110 0x0eec  monitor - ok
13:58:39.0128 0x0eec  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
13:58:39.0136 0x0eec  mouclass - ok
13:58:39.0173 0x0eec  [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
13:58:39.0195 0x0eec  mouhid - ok
13:58:39.0223 0x0eec  [ E7E9DBFDD3F25ED0C05B99AE9FA18BDE, 6D0204BA271FD3262DAE6E6BF9C12C0D49E3C9AF40EB1E072BD5CA5E2B8598D5 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:58:39.0233 0x0eec  mountmgr - ok
13:58:39.0268 0x0eec  [ 707E98CC15C2224C078C9E71FF1889BC, 958416FE081436FDBF7F2BEBBB2795C54CC4F3F349D6DF463296A7BBA3404F13 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:58:39.0276 0x0eec  MozillaMaintenance - ok
13:58:39.0307 0x0eec  [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:58:39.0318 0x0eec  mpsdrv - ok
13:58:39.0350 0x0eec  [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:58:39.0405 0x0eec  MpsSvc - ok
13:58:39.0453 0x0eec  [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:58:39.0466 0x0eec  MRxDAV - ok
13:58:39.0510 0x0eec  [ 7A761AEE58658378BBA45D360F874CB0, 31972E63D93E07D92EF69571B7ED1E69B1358DCA5BEED62A9372F6411B4DFDB3 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:58:39.0536 0x0eec  mrxsmb - ok
13:58:39.0553 0x0eec  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:58:39.0567 0x0eec  mrxsmb10 - ok
13:58:39.0597 0x0eec  [ 697B78CE3925E4FBFC544232A5E9E2EB, 2D03425513572F6098BAAF82C0EDB49EBAB88438971D349CA1917DA0BDB76334 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:58:39.0620 0x0eec  mrxsmb20 - ok
13:58:39.0654 0x0eec  [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
13:58:39.0676 0x0eec  MsBridge - ok
13:58:39.0696 0x0eec  [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC           C:\Windows\System32\msdtc.exe
13:58:39.0718 0x0eec  MSDTC - ok
13:58:39.0745 0x0eec  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:58:39.0756 0x0eec  Msfs - ok
13:58:39.0763 0x0eec  [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
13:58:39.0771 0x0eec  msgpiowin32 - ok
13:58:39.0784 0x0eec  [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:58:39.0817 0x0eec  mshidkmdf - ok
13:58:39.0830 0x0eec  [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
13:58:39.0854 0x0eec  mshidumdf - ok
13:58:39.0867 0x0eec  [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:58:39.0875 0x0eec  msisadrv - ok
13:58:39.0905 0x0eec  [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:58:39.0929 0x0eec  MSiSCSI - ok
13:58:39.0933 0x0eec  msiserver - ok
13:58:39.0954 0x0eec  [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:58:39.0981 0x0eec  MSKSSRV - ok
13:58:40.0009 0x0eec  [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
13:58:40.0019 0x0eec  MsLldp - ok
13:58:40.0022 0x0eec  [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:58:40.0056 0x0eec  MSPCLOCK - ok
13:58:40.0059 0x0eec  [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:58:40.0076 0x0eec  MSPQM - ok
13:58:40.0101 0x0eec  [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:58:40.0118 0x0eec  MsRPC - ok
13:58:40.0132 0x0eec  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
13:58:40.0140 0x0eec  mssmbios - ok
13:58:40.0151 0x0eec  [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:58:40.0183 0x0eec  MSTEE - ok
13:58:40.0187 0x0eec  [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
13:58:40.0209 0x0eec  MTConfig - ok
13:58:40.0213 0x0eec  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup             C:\Windows\system32\Drivers\mup.sys
13:58:40.0223 0x0eec  Mup - ok
13:58:40.0227 0x0eec  [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
13:58:40.0236 0x0eec  mvumis - ok
13:58:40.0264 0x0eec  [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent        C:\Windows\system32\qagentRT.dll
13:58:40.0303 0x0eec  napagent - ok
13:58:40.0331 0x0eec  [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:58:40.0366 0x0eec  NativeWifiP - ok
13:58:40.0433 0x0eec  [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate        c:\Program Files (x86)\Nero\Update\NASvc.exe
13:58:40.0451 0x0eec  NAUpdate - ok
13:58:40.0475 0x0eec  [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc          C:\Windows\System32\ncasvc.dll
13:58:40.0500 0x0eec  NcaSvc - ok
13:58:40.0515 0x0eec  [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
13:58:40.0527 0x0eec  NcdAutoSetup - ok
13:58:40.0582 0x0eec  [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:58:40.0629 0x0eec  NDIS - ok
13:58:40.0647 0x0eec  [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:58:40.0670 0x0eec  NdisCap - ok
13:58:40.0694 0x0eec  [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
13:58:40.0705 0x0eec  NdisImPlatform - ok
13:58:40.0723 0x0eec  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:58:40.0743 0x0eec  NdisTapi - ok
13:58:40.0766 0x0eec  [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:58:40.0776 0x0eec  Ndisuio - ok
13:58:40.0781 0x0eec  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:58:40.0809 0x0eec  NdisWan - ok
13:58:40.0814 0x0eec  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
13:58:40.0827 0x0eec  NDISWANLEGACY - ok
13:58:40.0858 0x0eec  [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:58:40.0887 0x0eec  NDProxy - ok
13:58:40.0892 0x0eec  [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu             C:\Windows\system32\drivers\Ndu.sys
13:58:40.0906 0x0eec  Ndu - ok
13:58:40.0911 0x0eec  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:58:40.0939 0x0eec  NetBIOS - ok
13:58:40.0948 0x0eec  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:58:40.0971 0x0eec  NetBT - ok
13:58:40.0985 0x0eec  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] Netlogon        C:\Windows\system32\lsass.exe
13:58:40.0998 0x0eec  Netlogon - ok
13:58:41.0017 0x0eec  [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman          C:\Windows\System32\netman.dll
13:58:41.0044 0x0eec  Netman - ok
13:58:41.0081 0x0eec  [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm        C:\Windows\System32\netprofmsvc.dll
13:58:41.0112 0x0eec  netprofm - ok
13:58:41.0165 0x0eec  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:58:41.0188 0x0eec  NetTcpPortSharing - ok
13:58:41.0211 0x0eec  [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:58:41.0219 0x0eec  nfrd960 - ok
13:58:41.0254 0x0eec  [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:58:41.0283 0x0eec  NlaSvc - ok
13:58:41.0336 0x0eec  [ 9B79193AEF6F4E9FD369687AFACDF487, 17C91141DCBB5747D271D64902D87345E39898918A1CF88F436E8909D22BF635 ] nldrv           C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys
13:58:41.0345 0x0eec  nldrv - ok
13:58:41.0382 0x0eec  [ 8042C45AE2C9C42735EC7EC50FA5FB0B, CAB8A4F17AC1605774AD6F8C67B763C09428FDB62856CBDE3714A9ECD313F221 ] nlsvc           C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
13:58:41.0392 0x0eec  nlsvc - ok
13:58:41.0524 0x0eec  [ 9B70CE32DD84A674B100BEA37F756016, 4B52FDA1FB24B02AE149AC70F46F3605B85A2A8AC5B948260BF53A5F076A674A ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
13:58:41.0597 0x0eec  NOBU - ok
13:58:41.0634 0x0eec  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF             C:\Windows\system32\drivers\npf.sys
13:58:41.0640 0x0eec  NPF - ok
13:58:41.0660 0x0eec  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:58:41.0685 0x0eec  Npfs - ok
13:58:41.0703 0x0eec  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
13:58:41.0733 0x0eec  npsvctrig - ok
13:58:41.0754 0x0eec  [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi             C:\Windows\system32\nsisvc.dll
13:58:41.0781 0x0eec  nsi - ok
13:58:41.0802 0x0eec  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:58:41.0828 0x0eec  nsiproxy - ok
13:58:41.0897 0x0eec  [ 7BE3EDFFA3216F989A6BDCB14795DD08, 19A2D0120C46CA9BCFBC16DC3E65687ACDDCBA33B79128188652BA2AFAA2EE2F ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:58:41.0973 0x0eec  Ntfs - ok
13:58:41.0992 0x0eec  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null            C:\Windows\system32\drivers\Null.sys
13:58:42.0002 0x0eec  Null - ok
13:58:42.0262 0x0eec  [ 2C32BF1B8D31545243092F48A3BE009B, B70AAB5D4F44A925B81412F63E0DD9817DC474B3870694774FDC4E9EBAC6D7D7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:58:42.0558 0x0eec  nvlddmkm - ok
13:58:42.0594 0x0eec  [ CB189CC57439DD021389078217998637, 2AA3B3C0A8A460899B56A8191238BBED3F28D864615665C73201F38B48185865 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
13:58:42.0600 0x0eec  nvpciflt - ok
13:58:42.0611 0x0eec  [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:58:42.0622 0x0eec  nvraid - ok
13:58:42.0628 0x0eec  [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:58:42.0638 0x0eec  nvstor - ok
13:58:42.0724 0x0eec  [ EEF28E45F38C5B15EA65C2C84B2BA707, 0D2D4B01B9B0DB85F7666566CD47CFD23DC28B923E925F418D809A30539CB7FC ] nvsvc           C:\Windows\system32\nvvsvc.exe
13:58:42.0746 0x0eec  nvsvc - ok
13:58:42.0812 0x0eec  [ B6F9FE250620D993DBF1AF7D53236DD4, D9FE19922130CA9527E1E039BC31EA3436C38C78A7FE103038F9C229900C4F53 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:58:42.0838 0x0eec  nvUpdatusService - ok
13:58:42.0860 0x0eec  [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:58:42.0870 0x0eec  nv_agp - ok
13:58:42.0929 0x0eec  [ B9C125314A025127FE562C116D614AA3, 79C46C0BACEBBB5B8E1C162766B21587365A100BBAD01171C77B995C514BC7D6 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:58:42.0939 0x0eec  ose64 - ok
13:58:42.0970 0x0eec  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:58:42.0988 0x0eec  p2pimsvc - ok
13:58:43.0024 0x0eec  [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:58:43.0045 0x0eec  p2psvc - ok
13:58:43.0077 0x0eec  [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport         C:\Windows\System32\drivers\parport.sys
13:58:43.0089 0x0eec  Parport - ok
13:58:43.0107 0x0eec  [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:58:43.0116 0x0eec  partmgr - ok
13:58:43.0140 0x0eec  [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:58:43.0174 0x0eec  PcaSvc - ok
13:58:43.0181 0x0eec  [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci             C:\Windows\system32\drivers\pci.sys
13:58:43.0216 0x0eec  pci - ok
13:58:43.0230 0x0eec  [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide          C:\Windows\system32\drivers\pciide.sys
13:58:43.0238 0x0eec  pciide - ok
13:58:43.0245 0x0eec  [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:58:43.0258 0x0eec  pcmcia - ok
13:58:43.0261 0x0eec  [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw             C:\Windows\system32\drivers\pcw.sys
13:58:43.0269 0x0eec  pcw - ok
13:58:43.0294 0x0eec  [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc             C:\Windows\system32\drivers\pdc.sys
13:58:43.0303 0x0eec  pdc - ok
13:58:43.0355 0x0eec  [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:58:43.0397 0x0eec  PEAUTH - ok
13:58:43.0452 0x0eec  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:58:43.0480 0x0eec  PerfHost - ok
13:58:43.0547 0x0eec  [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla             C:\Windows\system32\pla.dll
13:58:43.0625 0x0eec  pla - ok
13:58:43.0660 0x0eec  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:58:43.0673 0x0eec  PlugPlay - ok
13:58:43.0683 0x0eec  [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:58:43.0703 0x0eec  PNRPAutoReg - ok
13:58:43.0724 0x0eec  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:58:43.0739 0x0eec  PNRPsvc - ok
13:58:43.0772 0x0eec  [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:58:43.0802 0x0eec  PolicyAgent - ok
13:58:43.0838 0x0eec  [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power           C:\Windows\system32\umpo.dll
13:58:43.0971 0x0eec  Power - ok
13:58:43.0998 0x0eec  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:58:44.0029 0x0eec  PptpMiniport - ok
13:58:44.0136 0x0eec  [ 9D59831262CAD44E709D695FC9D5E7AB, F95C5475F91DA667C8D5C96253944CE8A0F2C9B1ED4DF8703E5D1D47A0C730B5 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
13:58:44.0221 0x0eec  PrintNotify - ok
13:58:44.0244 0x0eec  [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor       C:\Windows\System32\drivers\processr.sys
13:58:44.0270 0x0eec  Processor - ok
13:58:44.0299 0x0eec  [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc         C:\Windows\system32\profsvc.dll
13:58:44.0335 0x0eec  ProfSvc - ok
13:58:44.0358 0x0eec  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:58:44.0380 0x0eec  Psched - ok
13:58:44.0405 0x0eec  [ A5B22EACF1DA28E19CC9F80D37978657, 9543615574D540AC825DBE8D1581DFC8CC0B7A1113420903F6747E3789EEACDA ] QRDCIO          C:\Windows\System32\drivers\QRDCIO.sys
13:58:44.0423 0x0eec  QRDCIO - ok
13:58:44.0462 0x0eec  [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE           C:\Windows\system32\qwave.dll
13:58:44.0490 0x0eec  QWAVE - ok
13:58:44.0505 0x0eec  [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:58:44.0529 0x0eec  QWAVEdrv - ok
13:58:44.0551 0x0eec  [ E94067155C8AA4EF134CB2528E0C9CD7, 6EEF603F64827AB138930DFE379BF8E48E64AE8AA5EE7B9E0CA369022BAAA2EA ] RadioShim       C:\Windows\System32\drivers\RadioShim.sys
13:58:44.0557 0x0eec  RadioShim - ok
13:58:44.0576 0x0eec  [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:58:44.0604 0x0eec  RasAcd - ok
13:58:44.0628 0x0eec  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:58:44.0641 0x0eec  RasAgileVpn - ok
13:58:44.0670 0x0eec  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto         C:\Windows\System32\rasauto.dll
13:58:44.0695 0x0eec  RasAuto - ok
13:58:44.0727 0x0eec  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:58:44.0759 0x0eec  Rasl2tp - ok
13:58:44.0788 0x0eec  [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan          C:\Windows\System32\rasmans.dll
13:58:44.0808 0x0eec  RasMan - ok
13:58:44.0812 0x0eec  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:58:44.0826 0x0eec  RasPppoe - ok
13:58:44.0844 0x0eec  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:58:44.0858 0x0eec  RasSstp - ok
13:58:44.0897 0x0eec  [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:58:44.0916 0x0eec  rdbss - ok
13:58:44.0926 0x0eec  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
13:58:44.0935 0x0eec  rdpbus - ok
13:58:44.0947 0x0eec  [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:58:44.0968 0x0eec  RDPDR - ok
13:58:44.0983 0x0eec  [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:58:44.0993 0x0eec  RdpVideoMiniport - ok
13:58:45.0005 0x0eec  [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:58:45.0037 0x0eec  RDPWD - ok
13:58:45.0065 0x0eec  [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:58:45.0080 0x0eec  rdyboost - ok
13:58:45.0106 0x0eec  [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:58:45.0133 0x0eec  RemoteAccess - ok
13:58:45.0160 0x0eec  [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:58:45.0191 0x0eec  RemoteRegistry - ok
13:58:45.0222 0x0eec  [ CCBFCABDFE2BC22F0645CEAADDB36004, 279EA9075079F91165027CEFD4FBC61A213CA602EE7DE106F7D2D243468706AA ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
13:58:45.0250 0x0eec  RFCOMM - ok
13:58:45.0294 0x0eec  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
13:58:45.0302 0x0eec  rpcapd - ok
13:58:45.0331 0x0eec  [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:58:45.0362 0x0eec  RpcEptMapper - ok
13:58:45.0387 0x0eec  [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator      C:\Windows\system32\locator.exe
13:58:45.0403 0x0eec  RpcLocator - ok
13:58:45.0426 0x0eec  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs           C:\Windows\system32\rpcss.dll
13:58:45.0455 0x0eec  RpcSs - ok
13:58:45.0473 0x0eec  [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:58:45.0498 0x0eec  rspndr - ok
13:58:45.0540 0x0eec  [ BC1FD4C82BF2922A8A6E8661DD1B8CE8, 254A790F0F10AD15C7C585D2918D4333C577EED848BA9FE4E2C4498E32494418 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
13:58:45.0570 0x0eec  RTL8168 - ok
13:58:45.0606 0x0eec  [ C3FCFB3072F5AB95C31D4E80978C3CA1, 5F08B8A0151EC30594E12F432B2F3DA81DF1DB8E034DD032760FDB25B6B4FACA ] RTSPER          C:\Windows\system32\DRIVERS\RtsPer.sys
13:58:45.0626 0x0eec  RTSPER - ok
13:58:45.0649 0x0eec  [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
13:58:45.0674 0x0eec  s3cap - ok
13:58:45.0700 0x0eec  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] SamSs           C:\Windows\system32\lsass.exe
13:58:45.0713 0x0eec  SamSs - ok
13:58:45.0796 0x0eec  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:58:45.0801 0x0eec  SASDIFSV - ok
13:58:45.0807 0x0eec  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:58:45.0812 0x0eec  SASKUTIL - ok
13:58:45.0839 0x0eec  [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:58:45.0849 0x0eec  sbp2port - ok
13:58:45.0871 0x0eec  [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:58:45.0898 0x0eec  SCardSvr - ok
13:58:45.0916 0x0eec  [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:58:45.0938 0x0eec  scfilter - ok
13:58:45.0990 0x0eec  [ 201C397A73DFEE109490F4BA1168CFC2, 74FC2A30CBF2E2197E75860A3B308CDCBEB3C28794ABED388B493505A2D84BAA ] Schedule        C:\Windows\system32\schedsvc.dll
13:58:46.0057 0x0eec  Schedule - ok
13:58:46.0094 0x0eec  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:58:46.0108 0x0eec  SCPolicySvc - ok
13:58:46.0140 0x0eec  [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
13:58:46.0152 0x0eec  sdbus - ok
13:58:46.0181 0x0eec  [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:58:46.0209 0x0eec  SDRSVC - ok
13:58:46.0243 0x0eec  [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor          C:\Windows\System32\drivers\sdstor.sys
13:58:46.0252 0x0eec  sdstor - ok
13:58:46.0267 0x0eec  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:58:46.0291 0x0eec  secdrv - ok
13:58:46.0307 0x0eec  [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon        C:\Windows\system32\seclogon.dll
13:58:46.0335 0x0eec  seclogon - ok
13:58:46.0348 0x0eec  [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS            C:\Windows\System32\sens.dll
13:58:46.0383 0x0eec  SENS - ok
13:58:46.0403 0x0eec  [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:58:46.0417 0x0eec  SensrSvc - ok
13:58:46.0432 0x0eec  [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
13:58:46.0463 0x0eec  SerCx - ok
13:58:46.0482 0x0eec  [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum         C:\Windows\System32\drivers\serenum.sys
13:58:46.0492 0x0eec  Serenum - ok
13:58:46.0496 0x0eec  [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial          C:\Windows\System32\drivers\serial.sys
13:58:46.0518 0x0eec  Serial - ok
13:58:46.0522 0x0eec  [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
13:58:46.0539 0x0eec  sermouse - ok
13:58:46.0574 0x0eec  [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:58:46.0591 0x0eec  SessionEnv - ok
13:58:46.0595 0x0eec  [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
13:58:46.0621 0x0eec  sfloppy - ok
13:58:46.0679 0x0eec  [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:58:46.0712 0x0eec  SharedAccess - ok
13:58:46.0773 0x0eec  [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:58:46.0826 0x0eec  ShellHWDetection - ok
13:58:46.0855 0x0eec  [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:58:46.0864 0x0eec  SiSRaid2 - ok
13:58:46.0868 0x0eec  [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:58:46.0877 0x0eec  SiSRaid4 - ok
13:58:46.0903 0x0eec  [ 05452E6C539CD69EDF28B5027BFDEF1F, 94067D03D5E6CD09EDB586EA658A3A13B1D2B594A150D7002A31F4E119B5AB06 ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
13:58:46.0909 0x0eec  SmbDrvI - ok
13:58:46.0931 0x0eec  [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:58:46.0962 0x0eec  SNMPTRAP - ok
13:58:47.0017 0x0eec  [ D56F7986AA56D58A26644B562803970B, 13B21C8425D235282F4A338C4BAD1162CFBBA9E23AB136AEAE060439DF30CE37 ] SophosVirusRemovalTool C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
13:58:47.0025 0x0eec  SophosVirusRemovalTool - ok
13:58:47.0060 0x0eec  [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
13:58:47.0074 0x0eec  spaceport - ok
13:58:47.0107 0x0eec  [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
13:58:47.0128 0x0eec  SpbCx - ok
13:58:47.0181 0x0eec  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\Windows\SysWOW64\speedfan.sys
13:58:47.0189 0x0eec  speedfan - ok
13:58:47.0228 0x0eec  [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler         C:\Windows\System32\spoolsv.exe
13:58:47.0252 0x0eec  Spooler - ok
13:58:47.0410 0x0eec  [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc          C:\Windows\system32\sppsvc.exe
13:58:47.0569 0x0eec  sppsvc - ok
13:58:47.0596 0x0eec  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:58:47.0630 0x0eec  srv - ok
13:58:47.0677 0x0eec  [ 8504ADDE9C146C6295B16D13A0007560, 715E3752AE4A276FA8DAFA3B52B699C45D97E747CB25FE4AE307241D206319B7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:58:47.0698 0x0eec  srv2 - ok
13:58:47.0735 0x0eec  [ BB0F9E19C5CE4DC765B263E2A5561DE1, F7DBC96E049625E4312D8F588FCF2B4AC6318C04D04758982FE9B51DABEC2DAE ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:58:47.0761 0x0eec  srvnet - ok
13:58:47.0810 0x0eec  [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:58:47.0830 0x0eec  SSDPSRV - ok
13:58:47.0835 0x0eec  [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:58:47.0866 0x0eec  SstpSvc - ok
13:58:47.0933 0x0eec  [ AFE32AFD30464FC59CB8E88DC72F66FA, 24644F8AA47E61B98EF867BE18A9BE383822D64F3AADF2ED35E42FBFBA7B340F ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
13:58:47.0961 0x0eec  Steam Client Service - ok
13:58:47.0982 0x0eec  [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:58:47.0990 0x0eec  stexstor - ok
13:58:48.0015 0x0eec  [ F38F79114380246B6D40CD53FB2CA28D, 5F4001F6D97903DCBB2399B3AC36329A515823D44CDEE784613F2976398DB950 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
13:58:48.0045 0x0eec  StillCam - ok
13:58:48.0085 0x0eec  [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc          C:\Windows\System32\wiaservc.dll
13:58:48.0134 0x0eec  stisvc - ok
13:58:48.0162 0x0eec  [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci        C:\Windows\system32\drivers\storahci.sys
13:58:48.0172 0x0eec  storahci - ok
13:58:48.0196 0x0eec  [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
13:58:48.0205 0x0eec  storflt - ok
13:58:48.0240 0x0eec  [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc         C:\Windows\system32\storsvc.dll
13:58:48.0268 0x0eec  StorSvc - ok
13:58:48.0295 0x0eec  [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:58:48.0304 0x0eec  storvsc - ok
13:58:48.0312 0x0eec  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc           C:\Windows\system32\svsvc.dll
13:58:48.0342 0x0eec  svsvc - ok
13:58:48.0362 0x0eec  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum          C:\Windows\System32\drivers\swenum.sys
13:58:48.0370 0x0eec  swenum - ok
13:58:48.0399 0x0eec  [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv           C:\Windows\System32\swprv.dll
13:58:48.0459 0x0eec  swprv - ok
13:58:48.0495 0x0eec  [ 4D4FA3967D50C44318BD8CD978520049, 5A93CAE62538F335E5CA694314CB00CC85C39D99CDA263D6090696DAE797D6F8 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
13:58:48.0511 0x0eec  SynTP - ok
13:58:48.0565 0x0eec  [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain         C:\Windows\system32\sysmain.dll
13:58:48.0631 0x0eec  SysMain - ok
13:58:48.0659 0x0eec  [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
13:58:48.0683 0x0eec  SystemEventsBroker - ok
13:58:48.0714 0x0eec  [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\Windows\System32\TabSvc.dll
13:58:48.0738 0x0eec  TabletInputService - ok
13:58:48.0762 0x0eec  [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:58:48.0794 0x0eec  TapiSrv - ok
13:58:48.0876 0x0eec  [ 0E0C16EE82E2F4EBC2FBCA24C8F00D9E, F8B2A0257442E00C5D7C5A15BBD84194D0F0C071424656CA4B8EC850B6898D10 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:58:48.0960 0x0eec  Tcpip - ok
13:58:49.0019 0x0eec  [ 0E0C16EE82E2F4EBC2FBCA24C8F00D9E, F8B2A0257442E00C5D7C5A15BBD84194D0F0C071424656CA4B8EC850B6898D10 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:58:49.0100 0x0eec  TCPIP6 - ok
13:58:49.0141 0x0eec  [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:58:49.0191 0x0eec  tcpipreg - ok
13:58:49.0234 0x0eec  [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:58:49.0246 0x0eec  tdx - ok
13:58:49.0280 0x0eec  [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
13:58:49.0291 0x0eec  terminpt - ok
13:58:49.0407 0x0eec  [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService     C:\Windows\System32\termsrv.dll
13:58:49.0497 0x0eec  TermService - ok
13:58:49.0534 0x0eec  [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes          C:\Windows\system32\themeservice.dll
13:58:49.0579 0x0eec  Themes - ok
13:58:49.0609 0x0eec  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER     C:\Windows\system32\mmcss.dll
13:58:49.0621 0x0eec  THREADORDER - ok
13:58:49.0665 0x0eec  [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
13:58:49.0694 0x0eec  TimeBroker - ok
13:58:49.0743 0x0eec  [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM             C:\Windows\system32\drivers\tpm.sys
13:58:49.0775 0x0eec  TPM - ok
13:58:49.0800 0x0eec  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks          C:\Windows\System32\trkwks.dll
13:58:49.0818 0x0eec  TrkWks - ok
13:58:49.0876 0x0eec  [ 370A6907DDF79532A39319492B1FA38A, 46AECC5160F04FC3FFE4D37B404CCBBD1C5DC1501C2CEEE8284FF544DBDF10F8 ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
13:58:49.0887 0x0eec  truecrypt - ok
13:58:49.0946 0x0eec  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:58:49.0969 0x0eec  TrustedInstaller - ok
13:58:50.0005 0x0eec  [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:58:50.0017 0x0eec  TsUsbFlt - ok
13:58:50.0021 0x0eec  [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
13:58:50.0046 0x0eec  TsUsbGD - ok
13:58:50.0087 0x0eec  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:58:50.0111 0x0eec  tunnel - ok
13:58:50.0125 0x0eec  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:58:50.0154 0x0eec  uagp35 - ok
13:58:50.0159 0x0eec  [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
13:58:50.0169 0x0eec  UASPStor - ok
13:58:50.0197 0x0eec  [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
13:58:50.0210 0x0eec  UCX01000 - ok
13:58:50.0245 0x0eec  [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:58:50.0272 0x0eec  udfs - ok
13:58:50.0298 0x0eec  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:58:50.0312 0x0eec  UI0Detect - ok
13:58:50.0339 0x0eec  [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:58:50.0348 0x0eec  uliagpkx - ok
13:58:50.0362 0x0eec  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus           C:\Windows\System32\drivers\umbus.sys
13:58:50.0390 0x0eec  umbus - ok
13:58:50.0393 0x0eec  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass          C:\Windows\System32\drivers\umpass.sys
13:58:50.0403 0x0eec  UmPass - ok
13:58:50.0419 0x0eec  [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:58:50.0452 0x0eec  UmRdpService - ok
13:58:50.0465 0x0eec  [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost        C:\Windows\System32\upnphost.dll
13:58:50.0492 0x0eec  upnphost - ok
13:58:50.0521 0x0eec  [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
13:58:50.0551 0x0eec  usbccgp - ok
13:58:50.0568 0x0eec  [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir          C:\Windows\System32\drivers\usbcir.sys
13:58:50.0597 0x0eec  usbcir - ok
13:58:50.0635 0x0eec  [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
13:58:50.0644 0x0eec  usbehci - ok
13:58:50.0683 0x0eec  [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
13:58:50.0713 0x0eec  usbhub - ok
13:58:50.0750 0x0eec  [ E5F7328B1D29BCE791862CD3C0DD382A, E520D75CA6E4EDB06F576D97FB6B7CFD46A3EF3A3AC881537DE3BB8C862FE8C3 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
13:58:50.0768 0x0eec  USBHUB3 - ok
13:58:50.0782 0x0eec  [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci         C:\Windows\System32\drivers\usbohci.sys
13:58:50.0806 0x0eec  usbohci - ok
13:58:50.0829 0x0eec  [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
13:58:50.0856 0x0eec  usbprint - ok
13:58:50.0884 0x0eec  [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
13:58:50.0895 0x0eec  USBSTOR - ok
13:58:50.0929 0x0eec  [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
13:58:50.0950 0x0eec  usbuhci - ok
13:58:50.0966 0x0eec  [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:58:50.0991 0x0eec  usbvideo - ok
13:58:51.0021 0x0eec  [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
13:58:51.0037 0x0eec  USBXHCI - ok
13:58:51.0070 0x0eec  [ F1DA34D64F2BA200D28A7451804E2FEE, 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB ] VaultSvc        C:\Windows\system32\lsass.exe
13:58:51.0081 0x0eec  VaultSvc - ok
13:58:51.0101 0x0eec  [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:58:51.0114 0x0eec  vdrvroot - ok
13:58:51.0161 0x0eec  [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds             C:\Windows\System32\vds.exe
13:58:51.0256 0x0eec  vds - ok
13:58:51.0273 0x0eec  [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
13:58:51.0289 0x0eec  VerifierExt - ok
13:58:51.0330 0x0eec  [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
13:58:51.0362 0x0eec  vhdmp - ok
13:58:51.0380 0x0eec  [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:58:51.0390 0x0eec  viaide - ok
13:58:51.0407 0x0eec  [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:58:51.0418 0x0eec  vmbus - ok
13:58:51.0422 0x0eec  [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
13:58:51.0450 0x0eec  VMBusHID - ok
13:58:51.0484 0x0eec  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
13:58:51.0502 0x0eec  vmicheartbeat - ok
13:58:51.0510 0x0eec  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\Windows\System32\ICSvc.dll
13:58:51.0531 0x0eec  vmickvpexchange - ok
13:58:51.0540 0x0eec  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv         C:\Windows\System32\ICSvc.dll
13:58:51.0557 0x0eec  vmicrdv - ok
13:58:51.0566 0x0eec  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown    C:\Windows\System32\ICSvc.dll
13:58:51.0582 0x0eec  vmicshutdown - ok
13:58:51.0590 0x0eec  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync    C:\Windows\System32\ICSvc.dll
13:58:51.0607 0x0eec  vmictimesync - ok
13:58:51.0615 0x0eec  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss         C:\Windows\System32\ICSvc.dll
13:58:51.0632 0x0eec  vmicvss - ok
13:58:51.0650 0x0eec  [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:58:51.0659 0x0eec  volmgr - ok
13:58:51.0670 0x0eec  [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:58:51.0687 0x0eec  volmgrx - ok
13:58:51.0711 0x0eec  [ 78A5BBA3819FFFC62FFEC3E2220D102D, A95797B97D576374C2CDA8A09E6C51A89BADE428AAA89D5093579C85062E5874 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:58:51.0728 0x0eec  volsnap - ok
13:58:51.0742 0x0eec  [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci            C:\Windows\System32\drivers\vpci.sys
13:58:51.0754 0x0eec  vpci - ok
13:58:51.0761 0x0eec  [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:58:51.0775 0x0eec  vsmraid - ok
13:58:51.0845 0x0eec  [ D0C69E44BC1E1D4AD290FD84104623D8, 4C86760EA4BD2A64FFD42D89284EC3E5048CB2F0F6F3B80D017B41C0D2456A90 ] VSS             C:\Windows\system32\vssvc.exe
13:58:51.0908 0x0eec  VSS - ok
13:58:51.0918 0x0eec  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
13:58:51.0940 0x0eec  VSTXRAID - ok
13:58:51.0956 0x0eec  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:58:51.0970 0x0eec  vwifibus - ok
13:58:51.0986 0x0eec  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:58:52.0015 0x0eec  vwififlt - ok
13:58:52.0026 0x0eec  [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
13:58:52.0055 0x0eec  vwifimp - ok
13:58:52.0087 0x0eec  [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time         C:\Windows\system32\w32time.dll
13:58:52.0121 0x0eec  W32Time - ok
13:58:52.0140 0x0eec  [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
13:58:52.0169 0x0eec  WacomPen - ok
13:58:52.0203 0x0eec  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:58:52.0214 0x0eec  Wanarp - ok
13:58:52.0218 0x0eec  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:58:52.0232 0x0eec  Wanarpv6 - ok
13:58:52.0277 0x0eec  [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine        C:\Windows\system32\wbengine.exe
13:58:52.0355 0x0eec  wbengine - ok
13:58:52.0376 0x0eec  [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:58:52.0410 0x0eec  WbioSrvc - ok
13:58:52.0436 0x0eec  [ AF1349386D4C6786EF4E34FACEF15042, 6B33778409BC54C1955B92508ADDEBAFD629141961B71C94A91DC4CFE8391A13 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
13:58:52.0454 0x0eec  Wcmsvc - ok
13:58:52.0466 0x0eec  [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:58:52.0501 0x0eec  wcncsvc - ok
13:58:52.0521 0x0eec  [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:58:52.0548 0x0eec  WcsPlugInService - ok
13:58:52.0574 0x0eec  [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd              C:\Windows\system32\drivers\wd.sys
13:58:52.0583 0x0eec  Wd - ok
13:58:52.0621 0x0eec  [ 3772FF85F0098686B0DCD77076AE0786, 8B0221F6003C53856676FFD9CDCFF43DF29B410AB2F340C10BB858F0E6EC14CE ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
13:58:52.0630 0x0eec  WdBoot - ok
13:58:52.0675 0x0eec  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:58:52.0706 0x0eec  Wdf01000 - ok
13:58:52.0791 0x0eec  [ AB6F7DE8BFBF61A42F8764D9A621BD8B, DEFDC9FDC0B234403EE1339105B8D12B486D77B3BA01A703339B5DB8B95FA4D8 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
13:58:52.0806 0x0eec  WdFilter - ok
13:58:52.0822 0x0eec  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:58:52.0858 0x0eec  WdiServiceHost - ok
13:58:52.0862 0x0eec  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:58:52.0879 0x0eec  WdiSystemHost - ok
13:58:52.0911 0x0eec  [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient       C:\Windows\System32\webclnt.dll
13:58:52.0946 0x0eec  WebClient - ok
13:58:52.0968 0x0eec  [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:58:53.0001 0x0eec  Wecsvc - ok
13:58:53.0025 0x0eec  [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:58:53.0063 0x0eec  wercplsupport - ok
13:58:53.0068 0x0eec  [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:58:53.0094 0x0eec  WerSvc - ok
13:58:53.0126 0x0eec  [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
13:58:53.0137 0x0eec  WFPLWFS - ok
13:58:53.0149 0x0eec  [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc          C:\Windows\System32\wiarpc.dll
13:58:53.0186 0x0eec  WiaRpc - ok
13:58:53.0217 0x0eec  [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:58:53.0227 0x0eec  WIMMount - ok
13:58:53.0252 0x0eec  WinDefend - ok
13:58:53.0294 0x0eec  [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
13:58:53.0326 0x0eec  WinHttpAutoProxySvc - ok
13:58:53.0381 0x0eec  [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:58:53.0450 0x0eec  Winmgmt - ok
13:58:53.0542 0x0eec  [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:58:53.0665 0x0eec  WinRM - ok
13:58:53.0729 0x0eec  [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc         C:\Windows\System32\wlansvc.dll
13:58:53.0797 0x0eec  WlanSvc - ok
13:58:53.0862 0x0eec  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
13:58:53.0939 0x0eec  wlidsvc - ok
13:58:53.0966 0x0eec  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
13:58:53.0975 0x0eec  WmiAcpi - ok
13:58:53.0996 0x0eec  [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:58:54.0024 0x0eec  wmiApSrv - ok
13:58:54.0052 0x0eec  WMPNetworkSvc - ok
13:58:54.0065 0x0eec  [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
13:58:54.0086 0x0eec  wpcfltr - ok
13:58:54.0115 0x0eec  [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:58:54.0143 0x0eec  WPCSvc - ok
13:58:54.0172 0x0eec  [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:58:54.0186 0x0eec  WPDBusEnum - ok
13:58:54.0195 0x0eec  [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
13:58:54.0214 0x0eec  WpdUpFltr - ok
13:58:54.0246 0x0eec  [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:58:54.0266 0x0eec  ws2ifsl - ok
13:58:54.0298 0x0eec  [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:58:54.0323 0x0eec  wscsvc - ok
13:58:54.0325 0x0eec  WSearch - ok
13:58:54.0398 0x0eec  [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService       C:\Windows\System32\WSService.dll
13:58:54.0484 0x0eec  WSService - ok
13:58:54.0581 0x0eec  [ 10EA2DBD2820A504D98D19F5EDAAFC04, 5B84D7C169CBAEBCE4A03BB89426E74DBF5AFCA1F8FDE2A5BC1006A8464D7E24 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:58:54.0687 0x0eec  wuauserv - ok
13:58:54.0702 0x0eec  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:58:54.0726 0x0eec  WudfPf - ok
13:58:54.0753 0x0eec  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
13:58:54.0783 0x0eec  WUDFRd - ok
13:58:54.0803 0x0eec  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:58:54.0834 0x0eec  wudfsvc - ok
13:58:54.0840 0x0eec  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
13:58:54.0852 0x0eec  WUDFWpdFs - ok
13:58:54.0902 0x0eec  [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:58:54.0936 0x0eec  WwanSvc - ok
13:58:54.0943 0x0eec  ================ Scan global ===============================
13:58:54.0972 0x0eec  [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\Windows\system32\basesrv.dll
13:58:54.0998 0x0eec  [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\Windows\system32\winsrv.dll
13:58:55.0015 0x0eec  [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\Windows\system32\sxssrv.dll
13:58:55.0043 0x0eec  [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\Windows\system32\services.exe
13:58:55.0052 0x0eec  [ Global ] - ok
13:58:55.0052 0x0eec  ================ Scan MBR ==================================
13:58:55.0067 0x0eec  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
13:58:55.0158 0x0eec  \Device\Harddisk0\DR0 - ok
13:58:55.0159 0x0eec  ================ Scan VBR ==================================
13:58:55.0208 0x0eec  [ D3EF031F9733EB7485D77F9FE01C5F2D ] \Device\Harddisk0\DR0\Partition1
13:58:55.0287 0x0eec  \Device\Harddisk0\DR0\Partition1 - ok
13:58:55.0345 0x0eec  [ F382A56B557F3FFB0095E0D426F794C1 ] \Device\Harddisk0\DR0\Partition2
13:58:55.0446 0x0eec  \Device\Harddisk0\DR0\Partition2 - ok
13:58:55.0518 0x0eec  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
13:58:55.0524 0x0eec  \Device\Harddisk0\DR0\Partition3 - ok
13:58:55.0531 0x0eec  [ 8539E36E7E5952CB54AA3E2CD54B677C ] \Device\Harddisk0\DR0\Partition4
13:58:55.0606 0x0eec  \Device\Harddisk0\DR0\Partition4 - ok
13:58:55.0625 0x0eec  [ F126229F3C2335058CBBFA032FD3F9A5 ] \Device\Harddisk0\DR0\Partition5
13:58:55.0632 0x0eec  \Device\Harddisk0\DR0\Partition5 - ok
13:58:55.0661 0x0eec  [ 78A744D9FCFEFBD304591FE1FC3ED431 ] \Device\Harddisk0\DR0\Partition6
13:58:55.0662 0x0eec  \Device\Harddisk0\DR0\Partition6 - ok
13:58:55.0662 0x0eec  ================ Scan generic autorun ======================
13:58:55.0700 0x0eec  [ 23A15852EFB8632E653BAAF153B802DF, E5523FF477DD316042CAD7F105D980562BA3DEA77908E2CAA8B066C630D78AB1 ] C:\Windows\system32\igfxtray.exe
13:58:55.0710 0x0eec  IgfxTray - ok
13:58:55.0735 0x0eec  [ BB204BCB9B90A3760F81762B1C6285CC, EDF7E1D0D2B96BFF7FCCF31133CAF5E67A3D1CEF6E5C2431C583CDAFDD401ED5 ] C:\Windows\system32\hkcmd.exe
13:58:55.0748 0x0eec  HotKeysCmds - ok
13:58:55.0769 0x0eec  [ 6F5CD78B981ECAA4C33ACD5BFF6158A9, DCC11207439B97B0B9AF0215DE0B12C97D8691E6559F178DB928FFBDB23463DB ] C:\Windows\system32\igfxpers.exe
13:58:55.0783 0x0eec  Persistence - ok
13:58:56.0132 0x0eec  [ 6121FAB614C910769E7DF2A3F4DE15E1, 41A895A03D98C15B56A3B9B3F7BADB54CBDA517108C22941CE375C98F039E79D ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
13:58:56.0384 0x0eec  RtHDVCpl - ok
13:58:56.0515 0x0eec  [ 1061A6E95A99375F1322A8874EC9BE91, 112F4B523A89D173A0A21C22F29D8D1223EC17077282C2ECD380E8A9F4046456 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
13:58:56.0542 0x0eec  RtHDVBg_Dolby - ok
13:58:56.0645 0x0eec  [ C46229075C0CE88B2BB71AC5664601CE, 0B8CAD993148AF73EA07D375AA9A1EAA1EADC409DF3E21ECBACF91204D191125 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
13:58:56.0698 0x0eec  Norton Online Backup - ok
13:58:56.0846 0x0eec  [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:58:56.0973 0x0eec  AvastUI.exe - ok
13:58:57.0040 0x0eec  [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
13:58:57.0047 0x0eec  HP Software Update - ok
13:58:57.0137 0x0eec  [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
13:58:57.0148 0x0eec  SunJavaUpdateSched - ok
13:58:57.0448 0x0eec  [ 72D5D103CA1BA73D2A5F6D0BAEA13771, 0E9B85692315D4D8F4CE6B4FDE2A67508DC77F264D59523E223114BA6A5509F4 ] C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
13:58:57.0767 0x0eec  GarenaPlus - ok
13:58:57.0866 0x0eec  [ 0EC83E2DA29365048CBEB9A9A963BDFA, 49A41056403042B21AF3C1936489942B703BE609CB7DFC3303C417A5702501B9 ] C:\Users\Redacted\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
13:58:57.0883 0x0eec  SkyDrive - ok
13:58:57.0884 0x0eec  Akamai NetSession Interface - ok
13:58:58.0579 0x0eec  [ AB8A460FCEF1AFBFF25F35069795E521, 3F4F97FE5DAD758E58262C431498BEB136AA85929F2BEA9F47C56D805E1CC45F ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
13:58:58.0745 0x0eec  SUPERAntiSpyware - ok
13:58:58.0893 0x0eec  [ 4BBE56904109AE46F1045ED8A6632AB9, EA6E80458FC5B89D1477234797A9204DCD758290A117226F7BF58F09E21FD7CA ] C:\Users\Redacted\AppData\Roaming\BitTorrent\BitTorrent.exe
13:58:58.0974 0x0eec  BitTorrent - ok
13:58:59.0061 0x0eec  [ 8896DF2F0E79096A6C6428A87543CC98, 8880046941FB8CE1449B073D226029C7455E08ED93282DF53CE781299D04AEEA ] C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe
13:58:59.0069 0x0eec  NetLimiter - ok
13:58:59.0107 0x0eec  [ BF93A2F9901E9B3DFCA8A7982F4A9868, 858A5766A2DE54A6908A2CA30DD5983790B8C63614A455292613B129877223E9 ] C:\Windows\system32\cmd.exe
13:58:59.0130 0x0eec  Uninstall C:\Users\Redacted\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64 - ok
13:58:59.0151 0x0eec  [ BF93A2F9901E9B3DFCA8A7982F4A9868, 858A5766A2DE54A6908A2CA30DD5983790B8C63614A455292613B129877223E9 ] C:\Windows\system32\cmd.exe
13:58:59.0187 0x0eec  Uninstall C:\Users\Redacted\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64 - ok
13:58:59.0188 0x0eec  Waiting for KSN requests completion. In queue: 131
13:59:00.0189 0x0eec  Waiting for KSN requests completion. In queue: 131
13:59:01.0189 0x0eec  Waiting for KSN requests completion. In queue: 131
13:59:02.0190 0x0eec  Waiting for KSN requests completion. In queue: 131
13:59:03.0224 0x0eec  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.5.218.0 ), 0x60100 ( disabled : updated )
13:59:03.0238 0x0eec  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x41000 ( enabled : updated )
13:59:03.0241 0x0eec  Win FW state via NFP2: enabled
13:59:05.0937 0x0eec  ============================================================
13:59:05.0937 0x0eec  Scan finished
13:59:05.0937 0x0eec  ============================================================
13:59:05.0943 0x0890  Detected object count: 0
13:59:05.0943 0x0890  Actual detected object count: 0
 


#13 Fromto

Fromto
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 09 October 2014 - 03:52 AM

Hi nasdaq. I did a full scan of C:\ with aswMBR.exe, but in the midst of scanning it suddenly stopped working. This happened when it was scanning the temporary folders. I'm now doing a Quick Scan instead and I will put up the quick scan log once it's completed unless it fails.



#14 Fromto

Fromto
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:51 AM

Posted 09 October 2014 - 08:57 AM

Here's the log from the Quick Scan. It was completed successfully, but strange thing is when I play any music while the scan was running, there were small explosion like sounds from the speaker. No idea why.
 
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-09 16:24:37
-----------------------------
16:24:37.766    OS Version: Windows x64 6.2.9200 
16:24:37.766    Number of processors: 4 586 0x4501
16:24:37.767    ComputerName: ACER  UserName: 
16:24:39.451    Initialize success
16:24:39.452    VM: initialized successfully
16:24:39.701    VM: Intel CPU supported virtualized 
16:24:41.270    VM: disk I/O iaStorA.sys
16:24:44.144    AVAST engine defs: 14100802
16:24:56.262    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
16:24:56.263    Disk 0 Vendor: WDC_WD10SPCX-22HWST0 01.01A01 Size: 953869MB BusType: 11
16:24:56.679    Disk 0 MBR read successfully
16:24:56.681    Disk 0 MBR scan
16:24:56.683    Disk 0 unknown MBR code
16:24:56.687    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
16:24:57.188    Disk 0 scanning C:\Windows\system32\drivers
16:26:22.971    Service scanning
16:26:56.413    Modules scanning
16:26:56.417    Disk 0 trace - called modules:
16:26:56.776    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
16:26:56.778    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008506060]
16:26:56.781    3 CLASSPNP.SYS[fffff88002051e0a] -> nt!IofCallDriver -> [0xfffffa800812ae40]
16:26:56.784    5 ACPI.sys[fffff88001001a91] -> nt!IofCallDriver -> \Device\00000038[0xfffffa8008099060]
16:26:58.865    AVAST engine scan C:\Windows
16:27:52.164    AVAST engine scan C:\Windows\system32
16:40:42.251    AVAST engine scan C:\Windows\system32\drivers
16:43:45.500    AVAST engine scan C:\Users\Redacted
21:04:18.077    Disk 0 MBR has been saved successfully to "C:\Users\Redacted\Desktop\MBR.dat"
21:04:18.098    The log file has been saved successfully to "C:\Users\Redacted\Desktop\aswMBR.txt"
21:09:08.435    AVAST engine scan C:\ProgramData
21:12:03.936    Scan finished successfully
21:47:19.809    Disk 0 MBR has been saved successfully to "C:\Users\Redacted\Desktop\MBR.dat"
21:47:19.842    The log file has been saved successfully to "C:\Users\Redacted\Desktop\aswMBR.txt"
21:51:08.854    Disk 0 MBR has been saved successfully to "C:\Users\Redacted\Desktop\MBR.dat"
21:51:08.858    The log file has been saved successfully to "C:\Users\Redacted\Desktop\aswMBR.txt"
 
 

Attached Files

  • Attached File  MBR.zip   143bytes   0 downloads


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:51 PM

Posted 09 October 2014 - 09:21 AM


Nothing suspicious was found in the last 2 logs.

Lets check further on this file MRT.exe

Please run Farbar Service Scanner.
Type the following in the edit box after "Search:".

MRT.exe

Click Search Files button and post the log (FSS.txt) it makes to your reply.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users