Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SvcHost using a lot of memory


  • Please log in to reply
15 replies to this topic

#1 steffa

steffa

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 01 October 2014 - 02:23 PM

Hello, I have constantly 2 process of svchost.exe using 200.000 K /400.000 K of memory.

 

I try multiple scan with OTL and other software. But always I come out clean. The only file I found with a scan is pwldypow.sys and i don't know if this could be the problem.

 

I run a TaskList /svc in a cmd to see what is using my svchost and it comes out like this:

 

 

svchost.exe                    640 RpcEptMapper, RpcSs
svchost.exe                   1028 AudioSrv, Dhcp, eventlog,
                                   HomeGroupProvider, lmhosts, wscsvc
svchost.exe                   1060 AudioEndpointBuilder, hidserv, Netman,
                                   PcaSvc, SysMain, TabletInputService,
                                   TrkWks, UxSms, WdiSystemHost, Wlansvc
svchost.exe                   1092 EventSystem, fdPHost, FontCache, netprofm,
                                   nsi, SstpSvc, WdiServiceHost,
                                   WinHttpAutoProxySvc
svchost.exe                   1116 AeLookupSvc, BITS, EapHost, IKEEXT,
                                   iphlpsvc, LanmanServer, MMCSS, ProfSvc,
                                   RasMan, Schedule, seclogon, SENS,
                                   ShellHWDetection, Themes, Winmgmt, wuauserv
 
The 2 svchost that are using my memory are with PID 1060 and 1116. THanks to everyone who can help me in advance. (hope im in the right section)
 
Plus:
  • i can't turn on windows firewall
  • i can't windows update
  • i can't open image because i get : windows explorer has stopped

Edited by steffa, 01 October 2014 - 05:07 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 PM

Posted 06 October 2014 - 09:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?

#3 steffa

steffa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 06 October 2014 - 03:00 PM

Hello, and thanks a lot for your help.

 

Here is the Log:

=============================ROGUEKILLER =====================================

 

RogueKiller V9.3.0.0 (x64) [Oct  6 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Ste [Admin rights]
Mode : Remove -- Date : 10/06/2014  21:49:18
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 20 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MFE_RR (\??\C:\Users\Ste\AppData\Local\Temp\mfe_rr.sys) -> NON SELEZIONATO
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MFE_RR (\??\C:\Users\Ste\AppData\Local\Temp\mfe_rr.sys) -> NON SELEZIONATO
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MFE_RR (\??\C:\Users\Ste\AppData\Local\Temp\mfe_rr.sys) -> NON SELEZIONATO
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> NON SELEZIONATO
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> NON SELEZIONATO
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> NON SELEZIONATO
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> NON SELEZIONATO
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> NON SELEZIONATO
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> NON SELEZIONATO
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2406663899-2002043141-1354160962-1002\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> NON SELEZIONATO
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2406663899-2002043141-1354160962-1002\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> NON SELEZIONATO
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> NON SELEZIONATO
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> NON SELEZIONATO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{19836E30-2F8E-4479-9BE7-8548AB890B2B} | DhcpNameServer : 172.20.10.1  -> NON SELEZIONATO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{19836E30-2F8E-4479-9BE7-8548AB890B2B} | DhcpNameServer : 172.20.10.1  -> NON SELEZIONATO
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{19836E30-2F8E-4479-9BE7-8548AB890B2B} | DhcpNameServer : 172.20.10.1  -> NON SELEZIONATO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NON SELEZIONATO
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NON SELEZIONATO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NON SELEZIONATO
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NON SELEZIONATO
 
¤¤¤ Le attività pianificate : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 7 (Driver: LOADED) ¤¤¤
[IRP:Addr()] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_CREATE[0] : Unknown @ 0x733d2c0
[IRP:Addr()] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x733d2c0
[IRP:Addr()] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x733d2c0
[IRP:Addr()] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x733d2c0
[IRP:Addr()] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_POWER[22] : Unknown @ 0x733d2c0
[IRP:Addr()] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x733d2c0
[IRP:Addr()] \SystemRoot\system32\DRIVERS\iaStor.sys - IRP_MJ_PNP[27] : Unknown @ 0x733d2c0
 
¤¤¤ I browser Web : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 2221f63cb0140b75b37d0deb961feed5
[BSP] 50edb0fe7d4e1f5582bc1fa1e75951b2 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_09302014_222922.log - RKreport_SCN_10052014_233417.log - RKreport_SCN_10062014_2
 
 
========================================================================================
ADWCLEANER
========================================================================================
# AdwCleaner v3.311 - Rapporto creato 06/10/2014 in 21:50:29
# Aggiornato 30/09/2014 di Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nome utente : Ste - STE-PC
# In esecuzione da : C:\Users\Ste\Desktop\adwcleaner_3.311.exe
# Opzione : Scansiona
 
***** [ Servizi ] *****
 
 
***** [ File / Cartelle ] *****
 
Cartella Trovato : C:\Program Files (x86)\baidu
Cartella Trovato : C:\Program Files (x86)\Common Files\tencent
Cartella Trovato : C:\Program Files (x86)\ss helper
Cartella Trovato : C:\Program Files (x86)\tencent
Cartella Trovato : C:\Users\Public\Documents\tencent
Cartella Trovato : C:\Users\Ste\AppData\LocalLow\baidu
Cartella Trovato : C:\Users\Ste\AppData\Roaming\tencent
 
***** [ Compiti ] *****
 
Compito Trovati : MySearchDial
 
***** [ Collegamenti ] *****
 
 
***** [ Registro ] *****
 
Chiave Trovati : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EAAED308-7322-4B9B-965E-171933ADD473}
Chiave Trovati : HKCU\Software\Myfree Codec
Chiave Trovati : HKCU\Software\Softonic
Chiave Trovati : HKCU\Software\Tencent
Chiave Trovati : [x64] HKCU\Software\Myfree Codec
Chiave Trovati : [x64] HKCU\Software\Softonic
Chiave Trovati : [x64] HKCU\Software\Tencent
Chiave Trovati : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chiave Trovati : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{83335675-FCF0-45CE-A9E6-38C150EFBE63}
Chiave Trovati : HKLM\SOFTWARE\Classes\CLSID\{EAAED308-7322-4B9B-965E-171933ADD473}
Chiave Trovati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovati : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Trovati : HKLM\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}
Chiave Trovati : HKLM\SOFTWARE\Classes\TypeLib\{251DA1A7-5700-41FC-8129-9099B4B7E4D3}
Chiave Trovati : HKLM\SOFTWARE\Classes\TypeLib\{29A32150-EA24-42C2-882E-879152560C1E}
Chiave Trovati : HKLM\SOFTWARE\Classes\TypeLib\{9EE3E2DD-D4A6-4024-8AFD-C467485A0BC4}
Chiave Trovati : HKLM\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}
Chiave Trovati : HKLM\SOFTWARE\InstallCore
Chiave Trovati : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chiave Trovati : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
Chiave Trovati : HKLM\SOFTWARE\Myfree Codec
Chiave Trovati : HKLM\SOFTWARE\SP Global
Chiave Trovati : HKLM\SOFTWARE\SProtector
Chiave Trovati : HKLM\SOFTWARE\Tencent
Chiave Trovati : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chiave Trovati : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chiave Trovati : [x64] HKLM\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}
 
***** [ Browser ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3169 octets] - [06/10/2014 21:50:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3229 octets] ##########
=================================================================================
FRST
=================================================================================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Ste (administrator) on STE-PC on 06-10-2014 21:53:38
Running from C:\Users\Ste\Desktop\aa
Loaded Profile: Ste (Available profiles: Ste)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Tencent Inc.) C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Windows\AsScrPro.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [984224 2011-10-28] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2011-10-28] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-17] (Alcor Micro Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322176 2012-02-16] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-25] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-08-12] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2406663899-2002043141-1354160962-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2406663899-2002043141-1354160962-1002\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Ste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ste\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8B59800C-39A0-42F5-80A4-2774141C8E45}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files (x86)\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF Plugin-x32: @real.com/nppl3260;version=17.0.12.0 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.12 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.12.0 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{7C9C2591-51ED-44FA-8D03-450B92643F95}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-08-12]
 
Chrome: 
=======
CHR Profile: C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Documenti Google) - C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-29]
CHR Extension: (Google Drive) - C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-29]
CHR Extension: (YouTube) - C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-29]
CHR Extension: (Ricerca Google) - C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-29]
CHR Extension: (AdBlock) - C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-06-29]
CHR Extension: (Google Wallet) - C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Ste\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-29]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-22] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-17] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2011-10-28] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [18048 2013-10-24] (Olof Lagerkvist)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-24] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-08-12] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-24] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TxQBService; C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe [148448 2014-09-20] (Tencent Inc.)
S3 wampapache; c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe [24576 2013-06-23] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe [12867584 2013-06-23] () [File not signed]
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-28] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2011-12-21] (Windows ® Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2011-11-08] (Windows ® Win 7 DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-28] (Avira Operations GmbH & Co. KG)
R2 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [17488 2013-10-24] (Olof Lagerkvist)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-29] (DT Soft Ltd)
R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [40032 2013-10-24] (Olof Lagerkvist)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [128728 2014-09-29] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2014-03-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-07-29] (Duplex Secure Ltd.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
U3 azgxbhj8; C:\Windows\System32\Drivers\azgxbhj8.sys [0 ] (Intel Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 MFE_RR; \??\C:\Users\Ste\AppData\Local\Temp\mfe_rr.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-06 21:53 - 2014-10-06 21:53 - 00000000 ____D () C:\FRST
2014-10-06 21:52 - 2014-10-06 21:53 - 00000000 ____D () C:\Users\Ste\Desktop\aa
2014-10-06 21:51 - 2014-10-06 21:51 - 01375089 _____ () C:\Users\Ste\Downloads\adwcleaner_3.311.exe
2014-10-06 21:50 - 2014-10-06 21:50 - 00000000 ____D () C:\AdwCleaner
2014-10-06 21:49 - 2014-10-06 21:49 - 01375089 _____ () C:\Users\Ste\Desktop\adwcleaner_3.311.exe
2014-10-06 21:26 - 2014-10-06 21:26 - 05491800 _____ () C:\Users\Ste\Desktop\RogueKillerX64.exe
2014-10-05 23:26 - 2014-10-05 23:26 - 04893784 _____ () C:\Users\Ste\Desktop\RogueKiller.exe
2014-10-05 22:56 - 2014-10-05 22:57 - 00023948 _____ () C:\Users\Ste\Desktop\dds.txt
2014-10-05 22:56 - 2014-10-05 22:57 - 00009961 _____ () C:\Users\Ste\Desktop\attach.txt
2014-10-05 22:53 - 2014-10-05 22:53 - 00688992 ____R (Swearware) C:\Users\Ste\Desktop\dds.scr
2014-10-05 22:49 - 2014-10-05 22:50 - 05185536 _____ (AVAST Software) C:\Users\Ste\Downloads\aswMBR (1).exe
2014-10-05 22:39 - 2014-10-05 22:40 - 00000310 _____ () C:\Users\Ste\Downloads\RootkitRemover_20141005_223915.log
2014-10-05 22:38 - 2014-10-05 22:38 - 00783120 _____ (McAfee, Inc.) C:\Users\Ste\Downloads\rootkitremover.exe
2014-10-02 22:30 - 2014-10-02 22:30 - 02252087 _____ () C:\Users\Ste\Downloads\DispenseIG.zip
2014-09-30 23:38 - 2014-09-30 23:38 - 00033196 _____ () C:\ComboFix.txt
2014-09-30 22:48 - 2014-09-30 22:49 - 05582345 ____R (Swearware) C:\Users\Ste\Downloads\ComboFix.exe
2014-09-30 22:17 - 2014-09-30 22:17 - 00549426 _____ () C:\Users\Ste\Downloads\WhyIGotInfected.exe
2014-09-30 22:17 - 2013-12-27 11:33 - 00980480 _____ (Adlice) C:\Users\Ste\Downloads\WIGI.exe
2014-09-30 22:17 - 2013-12-27 11:33 - 00000000 ____D () C:\Users\Ste\Downloads\fr
2014-09-30 22:10 - 2014-10-06 21:29 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-30 22:10 - 2014-09-30 22:10 - 05472344 _____ () C:\Users\Ste\Downloads\RogueKillerX64.exe
2014-09-30 22:10 - 2014-09-30 22:10 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-30 22:08 - 2014-09-30 22:08 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-30 22:08 - 2014-09-30 22:08 - 00854417 _____ () C:\Users\Ste\Downloads\SecurityCheck.exe
2014-09-30 22:08 - 2014-09-30 22:08 - 00854417 _____ () C:\Users\Ste\Desktop\SecurityCheck.exe
2014-09-30 21:48 - 2014-09-30 21:48 - 11424456 _____ (Bitdefender LLC) C:\Users\Ste\Downloads\BootkitRemoval_x64.exe
2014-09-30 21:46 - 2014-09-30 21:46 - 00465298 _____ () C:\Users\Ste\Downloads\RootRepeal.rar
2014-09-30 21:42 - 2014-09-30 21:42 - 00003195 _____ () C:\Users\Ste\Desktop\Sophos Virus Removal Tool.lnk
2014-09-30 21:42 - 2014-09-30 21:42 - 00000000 ____D () C:\Users\Ste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-09-30 21:42 - 2014-09-30 21:42 - 00000000 ____D () C:\ProgramData\Sophos
2014-09-30 21:42 - 2014-09-30 21:42 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-09-30 21:38 - 2014-09-30 21:40 - 99205680 _____ (Sophos Limited) C:\Users\Ste\Downloads\Sophos Virus Removal Tool.exe
2014-09-30 21:25 - 2014-09-30 21:25 - 00380416 _____ () C:\Users\Ste\Downloads\iexplorer.exe
2014-09-30 21:24 - 2014-09-30 21:24 - 00380416 _____ () C:\Users\Ste\Downloads\7qi23i7c.exe
2014-09-30 21:02 - 2014-09-30 21:02 - 00154024 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-30 21:02 - 2014-09-30 21:02 - 00154024 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-30 08:16 - 2014-09-30 08:16 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-09-29 22:34 - 2014-09-29 22:40 - 00000000 ____D () C:\Program Files (x86)\UnHackMe
2014-09-29 22:34 - 2014-09-29 22:38 - 00000000 ____D () C:\Users\Ste\Documents\RegRun2
2014-09-29 22:34 - 2014-09-29 22:34 - 00000002 RSHOT () C:\Windows\winstart.bat
2014-09-29 22:34 - 2014-09-29 22:34 - 00000002 RSHOT () C:\Windows\SysWOW64\CONFIG.NT
2014-09-29 22:34 - 2014-09-29 22:34 - 00000002 RSHOT () C:\Windows\SysWOW64\AUTOEXEC.NT
2014-09-29 22:29 - 2014-09-29 22:29 - 00004080 _____ () C:\Users\Ste\Downloads\Result.txt
2014-09-29 21:23 - 2014-09-29 23:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-29 21:21 - 2014-09-29 23:16 - 00000000 ____D () C:\Users\Ste\Desktop\mbar
2014-09-29 21:20 - 2014-09-29 21:21 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Ste\Downloads\mbar-1.07.0.1012.exe
2014-09-29 21:10 - 2014-09-29 21:10 - 00136076 _____ () C:\Users\Ste\Downloads\WindowexeAllkiller.zip
2014-09-29 21:10 - 2014-09-29 21:10 - 00136076 _____ () C:\Users\Ste\Downloads\WindowexeAllkiller (2).zip
2014-09-29 21:10 - 2014-09-29 21:10 - 00136076 _____ () C:\Users\Ste\Downloads\WindowexeAllkiller (1).zip
2014-09-29 21:06 - 2014-09-29 21:06 - 00895488 _____ (Microsoft Corporation) C:\Users\Ste\Downloads\mssstool64.exe
2014-09-29 21:04 - 2014-09-29 21:05 - 15790435 _____ () C:\Users\Ste\Downloads\unhackme.zip
2014-09-29 21:02 - 2014-09-29 21:02 - 00000000 ____D () C:\autorun
2014-09-29 21:01 - 2014-09-29 21:01 - 00511633 _____ () C:\Users\Ste\Downloads\Autoruns.zip
2014-09-29 20:21 - 2014-09-29 20:21 - 01010176 _____ () C:\Users\Ste\Downloads\MicrosoftFixit50884.msi
2014-09-29 20:21 - 2014-09-29 20:21 - 01010176 _____ () C:\Users\Ste\Downloads\MicrosoftFixit50884 (1).msi
2014-09-29 00:43 - 2014-09-29 00:43 - 00070952 _____ () C:\Users\Ste\Desktop\Extras.Txt
2014-09-29 00:42 - 2014-09-29 22:59 - 00108568 _____ () C:\Users\Ste\Desktop\OTL.Txt
2014-09-29 00:21 - 2014-09-29 00:21 - 00957952 _____ (Farbar) C:\Users\Ste\Downloads\ListParts64.exe
2014-09-29 00:17 - 2014-09-29 00:18 - 00602112 _____ (OldTimer Tools) C:\Users\Ste\Desktop\OTL.exe
2014-09-29 00:17 - 2014-09-29 00:17 - 00001578 _____ () C:\Users\Ste\Desktop\aswMBR.txt
2014-09-29 00:17 - 2014-09-29 00:17 - 00000512 _____ () C:\Users\Ste\Desktop\MBR.dat
2014-09-29 00:16 - 2014-09-29 00:15 - 05185536 _____ (AVAST Software) C:\Users\Ste\Desktop\aswMBR.exe
2014-09-29 00:15 - 2014-09-29 00:15 - 05185536 _____ (AVAST Software) C:\Users\Ste\Downloads\aswMBR.exe
2014-09-29 00:11 - 2014-09-29 00:11 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ste\Downloads\tdsskiller.exe
2014-09-28 02:26 - 2014-09-29 22:28 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-28 02:26 - 2014-09-29 22:28 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-28 02:26 - 2014-09-28 02:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-28 02:26 - 2014-09-28 02:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-28 02:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-21 23:34 - 2014-09-21 23:56 - 263192576 _____ () C:\Users\Ste\Downloads\Flashback_China_Nightclub_Sexy_Pussy_Dancing_Show.part1.rar
2014-09-20 15:25 - 2014-09-22 21:08 - 00000000 ____D () C:\Users\Ste\Documents\Tencent Files
2014-09-20 15:25 - 2014-09-20 15:25 - 00000000 ____D () C:\Users\Public\Documents\Tencent
2014-09-20 15:23 - 2014-09-20 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
2014-09-20 15:16 - 2014-09-20 15:22 - 49880760 _____ (Tencent) C:\Users\Ste\Downloads\QQintl2.11.exe
2014-09-20 15:01 - 2014-09-20 15:01 - 04760992 _____ (Tencent Inc.) C:\Users\Ste\Downloads\QQBrowser_Setup_8.0.1374.400.exe
2014-09-20 15:01 - 2014-09-20 15:01 - 00002199 _____ () C:\Users\Ste\Desktop\QQ浏览器.lnk
2014-09-20 15:01 - 2014-09-20 15:01 - 00002103 _____ () C:\Users\Ste\Desktop\上网导航.lnk
2014-09-20 15:01 - 2014-09-20 15:01 - 00000292 _____ () C:\Windows\Tasks\QQBrowser Udpater Task(Core).job
2014-09-20 15:01 - 2014-09-20 15:01 - 00000288 _____ () C:\Windows\Tasks\QQBrowser Udpater Task.job
2014-09-20 15:01 - 2014-09-20 15:01 - 00000000 ____D () C:\Users\Ste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2014-09-20 02:42 - 2014-09-20 02:43 - 00000045 _____ () C:\Users\Ste\Desktop\kk++.txt
2014-09-16 00:00 - 2014-09-16 00:04 - 00000000 ____D () C:\Users\Ste\Downloads\ChinesePod Elementary By MrChang
2014-09-15 23:58 - 2014-09-16 00:01 - 00000000 ____D () C:\Users\Ste\Downloads\Rocket Chinese
2014-09-15 23:58 - 2014-09-15 23:58 - 00053944 _____ () C:\Users\Ste\Downloads\[kickass.to]learn.chinese.chinesepod.elementary.level.by.mrchang.torrent
2014-09-15 23:57 - 2014-09-16 00:05 - 00000000 ____D () C:\Users\Ste\Downloads\ChinesePOD
2014-09-15 23:57 - 2014-09-15 23:57 - 00015511 _____ () C:\Users\Ste\Downloads\[kickass.to]rocket.chinese.learning.course.torrent
2014-09-15 23:55 - 2014-09-16 00:04 - 00000000 ____D () C:\Users\Ste\Downloads\Chinese Language Learning Pack
2014-09-15 23:55 - 2014-09-15 23:55 - 00060945 _____ () C:\Users\Ste\Downloads\[kickass.to]chinese.learning.resources.chinesepod.lessons.001.100.torrent
2014-09-15 23:53 - 2014-09-15 23:53 - 00146749 _____ () C:\Users\Ste\Downloads\[kickass.to]chinese.language.learning.pack.torrent
2014-09-14 16:07 - 2014-09-14 16:07 - 00013583 _____ () C:\Users\Ste\Downloads\TR 2014-09-1Q.xlsx
2014-09-14 16:07 - 2014-09-14 16:07 - 00013583 _____ () C:\Users\Ste\Downloads\TR 2014-09-1Q (1).xlsx
2014-09-14 16:07 - 2014-09-14 16:07 - 00000165 ____H () C:\Users\Ste\Downloads\~$TR 2014-09-1Q (1).xlsx
2014-09-10 21:04 - 2014-09-10 21:04 - 00296256 _____ () C:\Windows\Minidump\091014-46379-01.dmp
2014-09-08 20:52 - 2014-09-08 20:53 - 01146672 _____ () C:\Windows\Minidump\090814-22807-01.dmp
2014-09-07 22:48 - 2014-09-07 22:48 - 01308492 _____ () C:\Users\Ste\Downloads\ABAS - FY14 Modello Organizzativo 231.zip
2014-09-07 03:26 - 2014-09-01 04:07 - 590024704 _____ () C:\Users\Ste\Desktop\Horny_Couple_bleep_At_Mall_Fitting_Room.mpeg
2014-09-07 02:57 - 2014-09-07 03:25 - 63639903 _____ () C:\Users\Ste\Downloads\Horny_Couple_bleep_At_Mall_Fitting_Room.part3.rar
2014-09-07 02:08 - 2014-09-07 02:30 - 263192576 _____ () C:\Users\Ste\Downloads\Horny_Couple_bleep_At_Mall_Fitting_Room.part2.rar
2014-09-07 01:25 - 2014-09-07 01:25 - 00000000 ____D () C:\Users\Ste\Documents\New Folder
2014-09-07 01:15 - 2014-09-07 01:37 - 263192576 _____ () C:\Users\Ste\Downloads\Horny_Couple_bleep_At_Mall_Fitting_Room.part1.rar
2014-09-07 00:54 - 2014-09-07 01:25 - 82209288 _____ () C:\Users\Ste\Downloads\Asian bleeptoy Bodywriting Humiliation And Bondage Kinky Play.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-06 21:47 - 2013-06-29 11:54 - 01380759 _____ () C:\Windows\WindowsUpdate.log
2014-10-06 21:34 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-06 21:34 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-06 21:29 - 2013-06-29 03:46 - 00000000 ____D () C:\Users\Ste\Documents\Bluetooth Folder
2014-10-06 21:26 - 2011-02-19 06:35 - 00759452 _____ () C:\Windows\system32\perfh010.dat
2014-10-06 21:26 - 2011-02-19 06:35 - 00153814 _____ () C:\Windows\system32\perfc010.dat
2014-10-06 21:26 - 2009-07-14 07:13 - 01710290 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-06 21:25 - 2013-07-02 22:15 - 00000000 ____D () C:\Users\Ste\AppData\Roaming\Dropbox
2014-10-06 21:21 - 2013-06-29 15:31 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-06 21:21 - 2013-06-29 12:01 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-10-06 21:21 - 2013-06-29 03:43 - 00000380 _____ () C:\Users\Ste\AppData\Roaming\sp_data.sys
2014-10-06 21:20 - 2009-07-14 06:51 - 00125685 _____ () C:\Windows\setupact.log
2014-10-06 21:19 - 2013-06-29 12:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-06 21:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-05 23:42 - 2013-06-29 16:36 - 00000000 ____D () C:\Users\Ste\AppData\Roaming\TS3Client
2014-10-05 23:17 - 2013-06-29 15:31 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-05 23:08 - 2013-08-10 20:45 - 00000978 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-05 22:48 - 2013-07-01 15:55 - 00000000 ____D () C:\Users\Ste\AppData\Local\CrashDumps
2014-10-05 17:08 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-05 17:04 - 2013-06-29 16:34 - 00000000 ____D () C:\Users\Ste\AppData\Roaming\vlc
2014-10-05 16:48 - 2013-06-29 12:01 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-10-02 21:41 - 2014-06-16 01:29 - 00000600 _____ () C:\Users\Ste\AppData\Local\PUTTY.RND
2014-10-02 21:41 - 2014-05-22 22:17 - 00000000 ____D () C:\Users\Ste\Documents\accenturo progettore
2014-09-30 23:38 - 2013-10-07 20:26 - 00000000 ____D () C:\Qoobox
2014-09-30 23:28 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-30 23:26 - 2013-06-29 12:16 - 00002098 _____ () C:\Windows\system32\ServiceFilter.ini
2014-09-30 23:26 - 2011-10-19 05:20 - 01054394 _____ () C:\Windows\PFRO.log
2014-09-30 23:24 - 2013-10-07 20:24 - 00000000 ____D () C:\Windows\erdnt
2014-09-30 22:08 - 2013-08-10 20:45 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-30 22:08 - 2013-08-10 20:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-30 21:06 - 2009-07-14 07:08 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-30 21:02 - 2014-03-09 18:22 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-09-30 21:01 - 2014-08-22 21:46 - 00001135 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-30 21:01 - 2014-03-04 22:25 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-30 21:01 - 2013-06-29 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-30 21:01 - 2013-06-29 15:44 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-29 22:24 - 2013-11-07 10:53 - 00000000 ____D () C:\Users\Ste\.gimp-2.8
2014-09-29 22:20 - 2013-07-25 11:32 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-29 22:20 - 2013-07-25 11:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-29 00:06 - 2013-07-29 13:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-29 00:05 - 2013-07-12 23:26 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-29 00:00 - 2013-06-29 05:13 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-28 23:52 - 2013-07-25 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-28 22:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SchCache
2014-09-28 02:26 - 2013-10-07 19:26 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-28 02:26 - 2013-10-07 19:26 - 00000000 ____D () C:\Users\Ste\AppData\Roaming\Malwarebytes
2014-09-28 02:26 - 2013-10-07 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-28 02:26 - 2013-10-07 19:26 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-28 02:10 - 2014-08-13 21:11 - 00015579 _____ () C:\Users\Ste\Desktop\hijackthis.log
2014-09-27 21:25 - 2014-05-04 19:45 - 00000000 ____D () C:\TEMP
2014-09-25 21:20 - 2013-06-29 15:33 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-21 22:16 - 2013-11-10 02:29 - 00000000 ____D () C:\Users\Ste\AppData\Local\Battle.net
2014-09-20 15:23 - 2013-07-13 13:54 - 00000000 ____D () C:\Users\Ste\AppData\Roaming\Tencent
2014-09-20 15:01 - 2013-07-13 13:54 - 00000000 ____D () C:\Program Files (x86)\Tencent
2014-09-20 14:31 - 2013-07-03 16:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-20 02:32 - 2013-06-30 12:08 - 00000000 ____D () C:\Users\Ste\Documents\Biblioteca di calibre
2014-09-20 02:31 - 2013-06-30 12:07 - 00000000 ____D () C:\Users\Ste\AppData\Roaming\calibre
2014-09-20 02:30 - 2013-07-02 22:16 - 00001013 _____ () C:\Users\Ste\Desktop\Dropbox.lnk
2014-09-20 02:30 - 2013-07-02 22:15 - 00000000 ____D () C:\Users\Ste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-17 21:21 - 2014-04-06 23:47 - 00007590 _____ () C:\Users\Ste\AppData\Local\Resmon.ResmonCfg
2014-09-17 21:02 - 2013-07-10 12:38 - 00000000 ____D () C:\Users\Ste\AppData\Roaming\uTorrent
2014-09-15 09:06 - 2013-06-29 04:42 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 01:59 - 2013-09-18 16:29 - 00000000 ____D () C:\Eclipse
2014-09-14 00:46 - 2014-03-13 19:53 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-09-10 21:04 - 2014-06-09 19:43 - 00000000 ____D () C:\Windows\Minidump
 
Some content of TEMP:
====================
C:\Users\Ste\AppData\Local\Temp\avgnt.exe
C:\Users\Ste\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphv68gh.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-29 20:58
 
==================== End Of Log ============================

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 PM

Posted 07 October 2014 - 08:14 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frg01_14_24_ch&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyE0ByB0FyE0A0DtDtDyDtN0D0Tzu0SzzzyyBtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0DtB0AtDyEzy0CtGtAtBtAyDtG0AyBzz0FtGtC0AzyyDtGtD0F0D0F0F0Fzy0AyEzztDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0F0ByBtDtByDtGyD0F0DzytGzztBtB0BtGyE0DyDtAtGyC0BtD0F0DzytCtAyDyB0B0A2QtN1B1L1H1Ezu1O2U1M1B&cr=205242997&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frg01_14_24_ch&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyE0ByB0FyE0A0DtDtDyDtN0D0Tzu0SzzzyyBtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0DtB0AtDyEzy0CtGtAtBtAyDtG0AyBzz0FtGtC0AzyyDtGtD0F0D0F0F0Fzy0AyEzztDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0F0ByBtDtByDtGyD0F0DzytGzztBtB0BtGyE0DyDtAtGyC0BtD0F0DzytCtAyDyB0B0A2QtN1B1L1H1Ezu1O2U1M1B&cr=205242997&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frg01_14_24_ch&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyE0ByB0FyE0A0DtDtDyDtN0D0Tzu0SzzzyyBtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0DtB0AtDyEzy0CtGtAtBtAyDtG0AyBzz0FtGtC0AzyyDtGtD0F0D0F0F0Fzy0AyEzztDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0F0ByBtDtByDtGyD0F0DzytGzztBtB0BtGyE0DyDtAtGyC0BtD0F0DzytCtAyDyB0B0A2QtN1B1L1H1Ezu1O2U1M1B&cr=205242997&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=frg01_14_24_ch&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtDyE0ByB0FyE0A0DtDtDyDtN0D0Tzu0SzzzyyBtN1L2XzutBtFtBtCtFyEtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StB0DtB0AtDyEzy0CtGtAtBtAyDtG0AyBzz0FtGtC0AzyyDtGtD0F0D0F0F0Fzy0AyEzztDyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0F0ByBtDtByDtGyD0F0DzytGzztBtB0BtGyE0DyDtAtGyC0BtD0F0DzytCtAyDyB0B0A2QtN1B1L1H1Ezu1O2U1M1B&cr=205242997&ir=
SearchScopes: HKCU - {B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2} URL = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=96010038_adr
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
U3 azgxbhj8; C:\Windows\System32\Drivers\azgxbhj8.sys [0 ] (Intel Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 MFE_RR; \??\C:\Users\Ste\AppData\Local\Temp\mfe_rr.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
Task: {AD434214-5D5D-441D-B0A0-CA898BC097AB} - \MySearchDial No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:A66AF87B
C:\Windows\System32\Drivers\azgxbhj8.sys

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#5 steffa

steffa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 07 October 2014 - 01:58 PM

Svchost is still at 200k :(
 
I still can't windows update. And when i click on a folder or image in windows explorer, appear windows explorer has stopped working.
 
I have also some link to image folder in documents, but when i click on them it tells me Access Denied
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by Ste at 2014-10-07 20:31:32 Run:1
Running from C:\Users\Ste\Desktop\aa
Loaded Profile: Ste (Available profiles: Ste)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
U3 azgxbhj8; C:\Windows\System32\Drivers\azgxbhj8.sys [0 ] (Intel Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 MFE_RR; \??\C:\Users\Ste\AppData\Local\Temp\mfe_rr.sys [X]
U0 Partizan; system32\drivers\Partizan.sys [X]
Task: {AD434214-5D5D-441D-B0A0-CA898BC097AB} - \MySearchDial No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:A66AF87B
C:\Windows\System32\Drivers\azgxbhj8.sys
 
End
*****************
 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}" => Key deleted successfully.
"HKCR\CLSID\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
azgxbhj8 => Service deleted successfully.
catchme => Service deleted successfully.
dgderdrv => Service deleted successfully.
MFE_RR => Service deleted successfully.
Partizan => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD434214-5D5D-441D-B0A0-CA898BC097AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD434214-5D5D-441D-B0A0-CA898BC097AB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial" => Key deleted successfully.
C:\ProgramData\Temp => ":A66AF87B" ADS removed successfully.
Could not move "C:\Windows\System32\Drivers\azgxbhj8.sys" => Scheduled to move on reboot.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-07 20:37:00)<=
 
C:\Windows\System32\Drivers\azgxbhj8.sys => Is moved successfully.
 
==== End of Fixlog ====

Edited by steffa, 07 October 2014 - 02:04 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 PM

Posted 08 October 2014 - 08:09 AM

Lets check your BIOS and MASTER BOOT RECORD.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

#7 steffa

steffa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 08 October 2014 - 03:57 PM

22:37:56.0593 0x1940  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
22:37:56.0593 0x1940  UEFI system
22:38:01.0387 0x1940  ============================================================
22:38:01.0387 0x1940  Current date / time: 2014/10/08 22:38:01.0387
22:38:01.0387 0x1940  SystemInfo:
22:38:01.0387 0x1940  
22:38:01.0387 0x1940  OS Version: 6.1.7601 ServicePack: 1.0
22:38:01.0387 0x1940  Product type: Workstation
22:38:01.0387 0x1940  ComputerName: STE-PC
22:38:01.0387 0x1940  UserName: Ste
22:38:01.0387 0x1940  Windows directory: C:\Windows
22:38:01.0387 0x1940  System windows directory: C:\Windows
22:38:01.0387 0x1940  Running under WOW64
22:38:01.0387 0x1940  Processor architecture: Intel x64
22:38:01.0387 0x1940  Number of processors: 8
22:38:01.0387 0x1940  Page size: 0x1000
22:38:01.0387 0x1940  Boot type: Normal boot
22:38:01.0387 0x1940  ============================================================
22:38:01.0472 0x1940  KLMD registered as C:\Windows\system32\drivers\53407563.sys
22:38:01.0789 0x1940  System UUID: {9A1F6441-A6AE-9402-985D-F42D6D8165AC}
22:38:02.0363 0x1940  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:38:02.0366 0x1940  Drive \Device\Harddisk1\DR3 - Size: 0x1DDD00000 ( 7.47 Gb ), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:38:02.0368 0x1940  ============================================================
22:38:02.0368 0x1940  \Device\Harddisk0\DR0:
22:38:02.0368 0x1940  GPT partitions:
22:38:02.0368 0x1940  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {1FD7CC89-8309-472E-B75D-A7C8826AD408}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x64000
22:38:02.0368 0x1940  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {AA9F6408-3822-40CC-AC31-01322BE947C9}, Name: Microsoft reserved partition, StartLBA 0x64800, BlocksNum 0x40000
22:38:02.0369 0x1940  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C2ADCF50-2174-4809-B43D-3778F7A9AFC6}, Name: Basic data partition, StartLBA 0xA4800, BlocksNum 0x2B7BE000
22:38:02.0369 0x1940  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E7C782EC-F99C-41CD-ABA9-BE0496AC7E9C}, Name: Basic data partition, StartLBA 0x2B862800, BlocksNum 0x45DD0800
22:38:02.0369 0x1940  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {7083FBB3-718C-4E30-811C-64CC0C5937DE}, Name: Basic data partition, StartLBA 0x71633000, BlocksNum 0x30D39A2
22:38:02.0369 0x1940  MBR partitions:
22:38:02.0369 0x1940  \Device\Harddisk1\DR3:
22:38:02.0369 0x1940  MBR partitions:
22:38:02.0369 0x1940  \Device\Harddisk1\DR3\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEEE7C1
22:38:02.0369 0x1940  ============================================================
22:38:02.0450 0x1940  C: <-> \Device\Harddisk0\DR0\Partition3
22:38:02.0506 0x1940  D: <-> \Device\Harddisk0\DR0\Partition4
22:38:02.0507 0x1940  ============================================================
22:38:02.0507 0x1940  Initialize success
22:38:02.0507 0x1940  ============================================================
22:38:12.0894 0x1814  ============================================================
22:38:12.0894 0x1814  Scan started
22:38:12.0894 0x1814  Mode: Manual; 
22:38:12.0894 0x1814  ============================================================
22:38:12.0894 0x1814  KSN ping started
22:38:15.0658 0x1814  KSN ping finished: true
22:38:17.0546 0x1814  ================ Scan system memory ========================
22:38:17.0546 0x1814  System memory - ok
22:38:17.0546 0x1814  ================ Scan services =============================
22:38:17.0691 0x1814  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:38:17.0703 0x1814  1394ohci - ok
22:38:17.0749 0x1814  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:38:17.0757 0x1814  ACPI - ok
22:38:17.0790 0x1814  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:38:17.0793 0x1814  AcpiPmi - ok
22:38:17.0863 0x1814  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:38:17.0864 0x1814  AdobeARMservice - ok
22:38:17.0956 0x1814  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:38:17.0960 0x1814  AdobeFlashPlayerUpdateSvc - ok
22:38:18.0004 0x1814  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:38:18.0021 0x1814  adp94xx - ok
22:38:18.0055 0x1814  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:38:18.0068 0x1814  adpahci - ok
22:38:18.0084 0x1814  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:38:18.0091 0x1814  adpu320 - ok
22:38:18.0165 0x1814  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:38:18.0167 0x1814  AeLookupSvc - ok
22:38:18.0225 0x1814  [ 69FD46FAC0D9C4A8ECD522AC6A7481F5, 048FA3F77423D43346A35F142DBD0ACEC190F5E68F79960856C325B3CA7DD6C9 ] AFBAgent        C:\Windows\system32\FBAgent.exe
22:38:18.0230 0x1814  AFBAgent - ok
22:38:18.0296 0x1814  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
22:38:18.0312 0x1814  AFD - ok
22:38:18.0351 0x1814  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
22:38:18.0356 0x1814  agp440 - ok
22:38:18.0418 0x1814  [ 16F6F6B7903B913AB41AB848C8BB5658, 7304257048CB42E5274B3F6400F4A053A38E3B70A157662FE9D2B7C5979DE851 ] AiCharger       C:\Windows\system32\DRIVERS\AiCharger.sys
22:38:18.0421 0x1814  AiCharger - ok
22:38:18.0458 0x1814  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
22:38:18.0463 0x1814  ALG - ok
22:38:18.0500 0x1814  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:38:18.0503 0x1814  aliide - ok
22:38:18.0538 0x1814  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:38:18.0541 0x1814  amdide - ok
22:38:18.0585 0x1814  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:38:18.0590 0x1814  AmdK8 - ok
22:38:18.0604 0x1814  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:38:18.0610 0x1814  AmdPPM - ok
22:38:18.0635 0x1814  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:38:18.0641 0x1814  amdsata - ok
22:38:18.0653 0x1814  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:38:18.0667 0x1814  amdsbs - ok
22:38:18.0687 0x1814  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:38:18.0691 0x1814  amdxata - ok
22:38:18.0733 0x1814  [ 92A848F962DA91C631147D566414BB7E, 8F3161A7C1930610819DA3529635B1D28C27E37BE75B2552402C97C78CA33477 ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS
22:38:18.0739 0x1814  AmUStor - ok
22:38:18.0773 0x1814  [ 3CF7A4350C9646D92F147D620EC0D363, 0C09A5B3656BCC98151BF3F1F6B827DD5189D89AFFE0730187E5FDB2D84EC4B4 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
22:38:18.0777 0x1814  androidusb - ok
22:38:18.0864 0x1814  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:38:18.0871 0x1814  AntiVirSchedulerService - ok
22:38:18.0932 0x1814  [ 0327A6CE0934C324E3E82920E9EC0EE4, B4A1E6A77032F7DF97FED3C01E76E2BD3270A3FFC500C7C9A118C0E2EB675D75 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:38:18.0938 0x1814  AntiVirService - ok
22:38:18.0982 0x1814  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
22:38:18.0986 0x1814  AppID - ok
22:38:19.0012 0x1814  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:38:19.0039 0x1814  AppIDSvc - ok
22:38:19.0091 0x1814  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
22:38:19.0093 0x1814  Appinfo - ok
22:38:19.0172 0x1814  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:38:19.0173 0x1814  Apple Mobile Device - ok
22:38:19.0216 0x1814  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
22:38:19.0222 0x1814  arc - ok
22:38:19.0235 0x1814  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:38:19.0241 0x1814  arcsas - ok
22:38:19.0319 0x1814  [ A3626C6D3F2DC95497F3F61842D7FD89, BB95BAFD3BE22136595D889DADAD67C68ACE6A6EAB02B026C254D97C9E9F2E62 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
22:38:19.0321 0x1814  ASLDRService - ok
22:38:19.0362 0x1814  [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
22:38:19.0365 0x1814  ASMMAP64 - ok
22:38:19.0474 0x1814  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:38:19.0611 0x1814  aspnet_state - ok
22:38:19.0693 0x1814  [ 52436245AAEF3B65DF7859949AB6A14E, F132E47ABB34A2D9FB7C9331DE6397F2F36BD23F6695B351AF4ED10B91F7244D ] ASUS InstantOn  C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
22:38:19.0697 0x1814  ASUS InstantOn - ok
22:38:19.0733 0x1814  [ CBF4C9263F35A9E80E4AD5CBBAE6049C, 5C0871C95DB9E6FF3D1CBDCB1B76BB3CE20ADA23B6C2C8435D7BCE7E71C43346 ] AsusVBus        C:\Windows\system32\DRIVERS\AsusVBus.sys
22:38:19.0734 0x1814  AsusVBus - ok
22:38:19.0792 0x1814  [ C951F6F1D909E1AAD7160D9EE860A3F1, D8E3DDD6EB4516CE3D3C4DBA2AE9B77EBFEDDE817035B40447F63CF3DCF1275D ] AsusVTouch      C:\Windows\system32\DRIVERS\AsusVTouch.sys
22:38:19.0795 0x1814  AsusVTouch - ok
22:38:19.0853 0x1814  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:38:19.0856 0x1814  AsyncMac - ok
22:38:19.0918 0x1814  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:38:19.0922 0x1814  atapi - ok
22:38:19.0972 0x1814  [ 185F180536188C1A4ED605234721A5B9, FF06E13656E3442D66F8092CA2CF5AC474EFF7DC9C530E8DD87843E8322EF5C5 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
22:38:19.0973 0x1814  AthBTPort - ok
22:38:20.0048 0x1814  [ 846DBF46408C30941E6182E2EF084223, 40D7B9B2807902C7A601F71D849571431D96B3716ACC5538FC458A79E884D04B ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
22:38:20.0049 0x1814  AtherosSvc - ok
22:38:20.0142 0x1814  [ 039D54BF6783741930736F6BE7E52FF5, 53FEB23041A346C0DA0EA517146D7BF2FDE7503849B04D07BAE19D0E08EDDFBC ] athr            C:\Windows\system32\DRIVERS\athrx.sys
22:38:20.0276 0x1814  athr - ok
22:38:20.0305 0x1814  [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
22:38:20.0307 0x1814  ATKGFNEXSrv - ok
22:38:20.0369 0x1814  [ 41CEAFFCF3550785E59E3EC9BEE8D97A, 89FE604088B65B82AA794E1DA8429033CD2F05FFB2D7EFAAC7B967C7A83D1B1E ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
22:38:20.0372 0x1814  ATKWMIACPIIO - ok
22:38:20.0417 0x1814  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:38:20.0428 0x1814  AudioEndpointBuilder - ok
22:38:20.0445 0x1814  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:38:20.0454 0x1814  AudioSrv - ok
22:38:20.0530 0x1814  [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:38:20.0537 0x1814  avgntflt - ok
22:38:20.0584 0x1814  [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:38:20.0591 0x1814  avipbb - ok
22:38:20.0705 0x1814  [ 05ABC09DC0DFA5DF79A0BB39F60636B7, FEDE900D991F1FB40BA0A44E05181A6A506DC8B5F365E78E523CB6DF2CDACC15 ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
22:38:20.0708 0x1814  Avira.OE.ServiceHost - ok
22:38:20.0734 0x1814  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:38:20.0739 0x1814  avkmgr - ok
22:38:20.0827 0x1814  [ 39ACC79EAF9A8FD25706B797C60670C4, 14C8C2CBD4DCBFCDB56AE7A94632B7A0625DDBCBB297CF3B98766A6F8216C262 ] AWEAlloc        C:\Windows\system32\DRIVERS\awealloc.sys
22:38:20.0831 0x1814  AWEAlloc - ok
22:38:20.0884 0x1814  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:38:20.0893 0x1814  AxInstSV - ok
22:38:20.0931 0x1814  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:38:20.0945 0x1814  b06bdrv - ok
22:38:21.0005 0x1814  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:38:21.0017 0x1814  b57nd60a - ok
22:38:21.0069 0x1814  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:38:21.0076 0x1814  BDESVC - ok
22:38:21.0115 0x1814  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:38:21.0117 0x1814  Beep - ok
22:38:21.0210 0x1814  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
22:38:21.0222 0x1814  BFE - ok
22:38:21.0269 0x1814  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
22:38:21.0284 0x1814  BITS - ok
22:38:21.0313 0x1814  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:38:21.0317 0x1814  blbdrive - ok
22:38:21.0450 0x1814  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:38:21.0458 0x1814  Bonjour Service - ok
22:38:21.0498 0x1814  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:38:21.0504 0x1814  bowser - ok
22:38:21.0537 0x1814  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:38:21.0541 0x1814  BrFiltLo - ok
22:38:21.0569 0x1814  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:38:21.0571 0x1814  BrFiltUp - ok
22:38:21.0606 0x1814  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
22:38:21.0611 0x1814  BridgeMP - ok
22:38:21.0689 0x1814  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
22:38:21.0691 0x1814  Browser - ok
22:38:21.0721 0x1814  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:38:21.0733 0x1814  Brserid - ok
22:38:21.0750 0x1814  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:38:21.0754 0x1814  BrSerWdm - ok
22:38:21.0763 0x1814  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:38:21.0766 0x1814  BrUsbMdm - ok
22:38:21.0790 0x1814  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:38:21.0793 0x1814  BrUsbSer - ok
22:38:21.0823 0x1814  [ 58C4425368625D275BFC412B59363CE9, 2ABD3865ADAC44A7B81B752AF4631448480007F26DB53D75E60CA92F589436DB ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
22:38:21.0828 0x1814  BTATH_A2DP - ok
22:38:21.0833 0x1814  [ 31D4AC3BE7BD37328D49885C380EC506, CB3469FDC56779B9620CDB9E6B3E7DA3BD3576CAEE56707AFD9B5E14F980A918 ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
22:38:21.0835 0x1814  btath_avdt - ok
22:38:21.0875 0x1814  [ E6B734A37ADE36FE1A77035F4E484C8C, 7F3AB1E0CF9F348633B3B325F5F365CCD4C7FF7E4564BDE02C2DA27A499D0234 ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
22:38:21.0876 0x1814  BTATH_BUS - ok
22:38:21.0913 0x1814  [ FB3833E63FF602B69C2FF085846DCF43, 468BC9580341AD4C65F0BBB3A11F3E39C1DD0F9694D098AB3647A181C03E4E11 ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
22:38:21.0915 0x1814  BTATH_HCRP - ok
22:38:21.0942 0x1814  [ 371A11C1333BA526263A987A93ACDE3D, 80E15B815F2B6F4AFBDDB115C4F54126F5D2796F6ACB387DEA9C4A1C061EB7EB ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
22:38:21.0944 0x1814  BTATH_LWFLT - ok
22:38:21.0982 0x1814  [ ABCD3C16CA850A7594CEB9AD5D966810, DB0EAF000BB6F12F2AA550B66F5C61E08F2C6E58A18DA40BE69DD2B662D1EC60 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
22:38:21.0986 0x1814  BTATH_RCP - ok
22:38:22.0040 0x1814  [ 0EE0D4ECFE459C5937FEC7639C13E26E, 1CCBB713D53A9ECCC3E98FB697E24ED806432297919601CA242D8D1F0BF629D5 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
22:38:22.0047 0x1814  BtFilter - ok
22:38:22.0085 0x1814  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
22:38:22.0086 0x1814  BthEnum - ok
22:38:22.0126 0x1814  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:38:22.0131 0x1814  BTHMODEM - ok
22:38:22.0144 0x1814  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:38:22.0146 0x1814  BthPan - ok
22:38:22.0195 0x1814  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
22:38:22.0204 0x1814  BTHPORT - ok
22:38:22.0244 0x1814  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
22:38:22.0246 0x1814  bthserv - ok
22:38:22.0268 0x1814  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
22:38:22.0269 0x1814  BTHUSB - ok
22:38:22.0284 0x1814  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:38:22.0289 0x1814  cdfs - ok
22:38:22.0349 0x1814  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:38:22.0357 0x1814  cdrom - ok
22:38:22.0395 0x1814  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:38:22.0396 0x1814  CertPropSvc - ok
22:38:22.0421 0x1814  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:38:22.0426 0x1814  circlass - ok
22:38:22.0459 0x1814  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
22:38:22.0466 0x1814  CLFS - ok
22:38:22.0539 0x1814  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:38:22.0546 0x1814  clr_optimization_v2.0.50727_32 - ok
22:38:22.0609 0x1814  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:38:22.0615 0x1814  clr_optimization_v2.0.50727_64 - ok
22:38:22.0679 0x1814  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:38:22.0956 0x1814  clr_optimization_v4.0.30319_32 - ok
22:38:23.0017 0x1814  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:38:23.0021 0x1814  clr_optimization_v4.0.30319_64 - ok
22:38:23.0058 0x1814  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:38:23.0061 0x1814  CmBatt - ok
22:38:23.0086 0x1814  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:38:23.0090 0x1814  cmdide - ok
22:38:23.0157 0x1814  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
22:38:23.0173 0x1814  CNG - ok
22:38:23.0211 0x1814  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:38:23.0214 0x1814  Compbatt - ok
22:38:23.0247 0x1814  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:38:23.0251 0x1814  CompositeBus - ok
22:38:23.0268 0x1814  COMSysApp - ok
22:38:23.0339 0x1814  [ DF3E8C2C443D3618260DFF5705CE2DF5, 054AA381ECD171566F7922611B79449472247B7515A0BFAE81FD1639B6DB69BF ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
22:38:23.0365 0x1814  cphs - ok
22:38:23.0396 0x1814  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:38:23.0400 0x1814  crcdisk - ok
22:38:23.0436 0x1814  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:38:23.0439 0x1814  CryptSvc - ok
22:38:23.0496 0x1814  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:38:23.0506 0x1814  DcomLaunch - ok
22:38:23.0540 0x1814  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
22:38:23.0552 0x1814  defragsvc - ok
22:38:23.0591 0x1814  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:38:23.0597 0x1814  DfsC - ok
22:38:23.0658 0x1814  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
22:38:23.0663 0x1814  dg_ssudbus - ok
22:38:23.0684 0x1814  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:38:23.0691 0x1814  Dhcp - ok
22:38:23.0712 0x1814  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
22:38:23.0716 0x1814  discache - ok
22:38:23.0743 0x1814  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
22:38:23.0749 0x1814  Disk - ok
22:38:23.0787 0x1814  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:38:23.0790 0x1814  Dnscache - ok
22:38:23.0798 0x1814  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:38:23.0809 0x1814  dot3svc - ok
22:38:23.0835 0x1814  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
22:38:23.0837 0x1814  DPS - ok
22:38:23.0900 0x1814  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:38:23.0903 0x1814  drmkaud - ok
22:38:23.0941 0x1814  [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:38:23.0948 0x1814  dtsoftbus01 - ok
22:38:23.0995 0x1814  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:38:24.0017 0x1814  DXGKrnl - ok
22:38:24.0061 0x1814  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
22:38:24.0064 0x1814  EapHost - ok
22:38:24.0172 0x1814  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:38:24.0236 0x1814  ebdrv - ok
22:38:24.0296 0x1814  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
22:38:24.0298 0x1814  EFS - ok
22:38:24.0377 0x1814  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:38:24.0397 0x1814  ehRecvr - ok
22:38:24.0407 0x1814  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
22:38:24.0415 0x1814  ehSched - ok
22:38:24.0476 0x1814  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:38:24.0490 0x1814  elxstor - ok
22:38:24.0582 0x1814  [ B5581646636759D0DAFA8B008881C079, 0CADE029ABDCDE3A89C0786F1698C93D9A7CC981EFB3761CF243E19E178FF611 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
22:38:24.0584 0x1814  EPSON_EB_RPCV4_01 - ok
22:38:24.0598 0x1814  [ 1E345F2A2D95DA3190596E691CDE9342, 9D1D48F3B749ADA598D155E11E63CD52A4EEABF9BE92A1D997D25D07CF350084 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
22:38:24.0600 0x1814  EPSON_PM_RPCV4_01 - ok
22:38:24.0615 0x1814  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:38:24.0618 0x1814  ErrDev - ok
22:38:24.0690 0x1814  [ 42B4D3D746B3625EF42233C3897E1F68, B496B5CDF687936D49C8F87D01D261310F9F45F84577F1C3EEACEADE18535B34 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
22:38:24.0697 0x1814  ETD - ok
22:38:24.0773 0x1814  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
22:38:24.0781 0x1814  EventSystem - ok
22:38:24.0806 0x1814  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:38:24.0814 0x1814  exfat - ok
22:38:24.0834 0x1814  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:38:24.0841 0x1814  fastfat - ok
22:38:24.0886 0x1814  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
22:38:24.0898 0x1814  Fax - ok
22:38:24.0915 0x1814  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
22:38:24.0918 0x1814  fdc - ok
22:38:24.0931 0x1814  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
22:38:24.0932 0x1814  fdPHost - ok
22:38:24.0940 0x1814  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:38:24.0942 0x1814  FDResPub - ok
22:38:24.0967 0x1814  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:38:24.0972 0x1814  FileInfo - ok
22:38:24.0986 0x1814  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:38:24.0989 0x1814  Filetrace - ok
22:38:25.0009 0x1814  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:38:25.0012 0x1814  flpydisk - ok
22:38:25.0035 0x1814  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:38:25.0046 0x1814  FltMgr - ok
22:38:25.0113 0x1814  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
22:38:25.0134 0x1814  FontCache - ok
22:38:25.0195 0x1814  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:38:25.0196 0x1814  FontCache3.0.0.0 - ok
22:38:25.0211 0x1814  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:38:25.0216 0x1814  FsDepends - ok
22:38:25.0262 0x1814  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:38:25.0266 0x1814  Fs_Rec - ok
22:38:25.0311 0x1814  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:38:25.0323 0x1814  fvevol - ok
22:38:25.0360 0x1814  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:38:25.0365 0x1814  gagp30kx - ok
22:38:25.0412 0x1814  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:38:25.0416 0x1814  GEARAspiWDM - ok
22:38:25.0454 0x1814  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:38:25.0467 0x1814  gpsvc - ok
22:38:25.0557 0x1814  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:38:25.0558 0x1814  gupdate - ok
22:38:25.0574 0x1814  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:38:25.0575 0x1814  gupdatem - ok
22:38:25.0608 0x1814  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:38:25.0612 0x1814  hcw85cir - ok
22:38:25.0643 0x1814  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:38:25.0655 0x1814  HdAudAddService - ok
22:38:25.0698 0x1814  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:38:25.0701 0x1814  HDAudBus - ok
22:38:25.0705 0x1814  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:38:25.0708 0x1814  HidBatt - ok
22:38:25.0713 0x1814  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:38:25.0719 0x1814  HidBth - ok
22:38:25.0747 0x1814  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:38:25.0751 0x1814  HidIr - ok
22:38:25.0778 0x1814  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
22:38:25.0779 0x1814  hidserv - ok
22:38:25.0809 0x1814  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:38:25.0812 0x1814  HidUsb - ok
22:38:25.0836 0x1814  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:38:25.0838 0x1814  hkmsvc - ok
22:38:25.0886 0x1814  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:38:25.0898 0x1814  HomeGroupListener - ok
22:38:25.0922 0x1814  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:38:25.0925 0x1814  HomeGroupProvider - ok
22:38:25.0956 0x1814  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:38:25.0962 0x1814  HpSAMD - ok
22:38:26.0004 0x1814  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:38:26.0024 0x1814  HTTP - ok
22:38:26.0048 0x1814  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:38:26.0051 0x1814  hwpolicy - ok
22:38:26.0091 0x1814  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:38:26.0097 0x1814  i8042prt - ok
22:38:26.0155 0x1814  [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
22:38:26.0162 0x1814  iaStor - ok
22:38:26.0196 0x1814  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:38:26.0209 0x1814  iaStorV - ok
22:38:26.0284 0x1814  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:38:26.0312 0x1814  idsvc - ok
22:38:26.0329 0x1814  IEEtwCollectorService - ok
22:38:26.0676 0x1814  [ 276EE9CDAB16C50E1DF0E4CEFA882F5F, 320D677A9576F27D5BA8C6EA9191C8A5ED9EF9947A48F5B98B09AA3CE9C02682 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:38:27.0056 0x1814  igfx - ok
22:38:27.0101 0x1814  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:38:27.0105 0x1814  iirsp - ok
22:38:27.0158 0x1814  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
22:38:27.0173 0x1814  IKEEXT - ok
22:38:27.0229 0x1814  [ A1C21FC8A90C2D0660BF62DBDE110C70, 6FFA50D1F3C83CA656472248FAACD0C03C6B83F21004F5C7C92D07FC76A4C599 ] ImDisk          C:\Windows\system32\DRIVERS\imdisk.sys
22:38:27.0234 0x1814  ImDisk - ok
22:38:27.0284 0x1814  [ 5FA3C312FAC37162C3B5A7A753DF2BC2, 6D2AC6F09691892F381C3EA71F6144773AA7F16E5D1391E19BBE70DBBC001268 ] ImDskSvc        C:\Windows\system32\imdsksvc.exe
22:38:27.0285 0x1814  ImDskSvc - ok
22:38:27.0443 0x1814  [ 059DDDEDBE5701DC3B779D32798108AC, 4735C52D5F7A7AC07985835C17955C96418BB3C3316264CF6A44F6150E10755B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:38:27.0556 0x1814  IntcAzAudAddService - ok
22:38:27.0686 0x1814  [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:38:27.0696 0x1814  Intel® Capability Licensing Service Interface - ok
22:38:27.0824 0x1814  [ 896AA2F1D79662B17D5DBBE588E24E30, 834257B3C247ECA0130A55FB8E5F906F54B94A124FBB842DB7D679C030BD439B ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
22:38:27.0825 0x1814  Intel® ME Service - ok
22:38:27.0863 0x1814  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:38:27.0867 0x1814  intelide - ok
22:38:27.0920 0x1814  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:38:27.0922 0x1814  intelppm - ok
22:38:27.0950 0x1814  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:38:27.0958 0x1814  IPBusEnum - ok
22:38:27.0970 0x1814  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:38:27.0976 0x1814  IpFilterDriver - ok
22:38:28.0024 0x1814  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:38:28.0034 0x1814  iphlpsvc - ok
22:38:28.0057 0x1814  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:38:28.0063 0x1814  IPMIDRV - ok
22:38:28.0068 0x1814  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:38:28.0074 0x1814  IPNAT - ok
22:38:28.0132 0x1814  [ 0FA89CB1B99AD494CE36DD2DE717D696, 5B35B26C625306A7AD5A00FCAC46FD6D60061F1C8171352B5EF1C916A667AC92 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:38:28.0143 0x1814  iPod Service - ok
22:38:28.0166 0x1814  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:38:28.0169 0x1814  IRENUM - ok
22:38:28.0182 0x1814  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:38:28.0186 0x1814  isapnp - ok
22:38:28.0224 0x1814  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:38:28.0235 0x1814  iScsiPrt - ok
22:38:28.0359 0x1814  [ 6BCEF45131C8B8E1C558BE540B190B3C, DFFED7FD9DCC15808184E65065DE6138FE010AC01217E5016B2D20A5B89AC570 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
22:38:28.0362 0x1814  iusb3hcs - ok
22:38:28.0378 0x1814  [ F080EADA8715F811B58BD35BB774F2F9, 06D5A70CBA89561A71B9CB64D7A298767F098395411A7022F414C7D0AC89A44D ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
22:38:28.0393 0x1814  iusb3hub - ok
22:38:28.0429 0x1814  [ 0F1756D9396740F053221FA6260FCE66, 0B722BF6BCF66BBD49DE0E92555742976AB33319CF504461A50181BF7A77E886 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
22:38:28.0451 0x1814  iusb3xhc - ok
22:38:28.0506 0x1814  [ 3C6630473DD42FFC57D9F5564F533127, 1B2BBB8CF7AD5BF3F99565DA49F51B1E15D4B35698C105C0597DDBEB2DA61A83 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
22:38:28.0509 0x1814  jhi_service - ok
22:38:28.0537 0x1814  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:38:28.0543 0x1814  kbdclass - ok
22:38:28.0560 0x1814  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:38:28.0564 0x1814  kbdhid - ok
22:38:28.0615 0x1814  [ E63EF8C3271D014F14E2469CE75FECB4, 3A8DFA4B446AFDC35F01FD5218D0BEBC510A1E3DE9976210F00D19767D0F9069 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
22:38:28.0618 0x1814  kbfiltr - ok
22:38:28.0645 0x1814  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
22:38:28.0646 0x1814  KeyIso - ok
22:38:28.0688 0x1814  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:38:28.0693 0x1814  KSecDD - ok
22:38:28.0709 0x1814  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:38:28.0717 0x1814  KSecPkg - ok
22:38:28.0727 0x1814  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:38:28.0730 0x1814  ksthunk - ok
22:38:28.0761 0x1814  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:38:28.0775 0x1814  KtmRm - ok
22:38:28.0826 0x1814  [ 3CE6A9BEF066BF9488E6BC4D6C62F77E, CDE0A0DCD9A5A2E49DE55E720B5A6FFF502EE139C0EC8793638560E75BF2118C ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
22:38:28.0831 0x1814  L1C - ok
22:38:28.0869 0x1814  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:38:28.0873 0x1814  LanmanServer - ok
22:38:28.0893 0x1814  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:38:28.0896 0x1814  LanmanWorkstation - ok
22:38:28.0933 0x1814  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:38:28.0938 0x1814  lltdio - ok
22:38:28.0962 0x1814  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:38:28.0974 0x1814  lltdsvc - ok
22:38:28.0995 0x1814  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:38:28.0997 0x1814  lmhosts - ok
22:38:29.0052 0x1814  [ 2B23FAA39D8F949ED5EEE03ECA50BCD5, 7CEF2455D21A355542B290F4F18EDBC444F3704A31E569652D96A0A3E6799826 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:38:29.0057 0x1814  LMS - ok
22:38:29.0097 0x1814  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:38:29.0103 0x1814  LSI_FC - ok
22:38:29.0116 0x1814  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:38:29.0122 0x1814  LSI_SAS - ok
22:38:29.0126 0x1814  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:38:29.0130 0x1814  LSI_SAS2 - ok
22:38:29.0135 0x1814  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:38:29.0141 0x1814  LSI_SCSI - ok
22:38:29.0153 0x1814  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
22:38:29.0159 0x1814  luafv - ok
22:38:29.0195 0x1814  [ B96CE1C01E17DA93AE6831587700B04B, 1C188D843A9A3DD87954494A6E57830FC6A413F587FC3DD7727368122126ADF1 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
22:38:29.0201 0x1814  MBAMSwissArmy - ok
22:38:29.0225 0x1814  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:38:29.0232 0x1814  Mcx2Svc - ok
22:38:29.0235 0x1814  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:38:29.0239 0x1814  megasas - ok
22:38:29.0258 0x1814  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:38:29.0267 0x1814  MegaSR - ok
22:38:29.0323 0x1814  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
22:38:29.0328 0x1814  MEIx64 - ok
22:38:29.0385 0x1814  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:38:29.0406 0x1814  Microsoft Office Groove Audit Service - ok
22:38:29.0434 0x1814  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
22:38:29.0436 0x1814  MMCSS - ok
22:38:29.0442 0x1814  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
22:38:29.0446 0x1814  Modem - ok
22:38:29.0457 0x1814  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:38:29.0458 0x1814  monitor - ok
22:38:29.0485 0x1814  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:38:29.0490 0x1814  mouclass - ok
22:38:29.0505 0x1814  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:38:29.0508 0x1814  mouhid - ok
22:38:29.0528 0x1814  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:38:29.0534 0x1814  mountmgr - ok
22:38:29.0549 0x1814  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:38:29.0557 0x1814  mpio - ok
22:38:29.0579 0x1814  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:38:29.0583 0x1814  mpsdrv - ok
22:38:29.0637 0x1814  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:38:29.0651 0x1814  MpsSvc - ok
22:38:29.0673 0x1814  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:38:29.0680 0x1814  MRxDAV - ok
22:38:29.0704 0x1814  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:38:29.0711 0x1814  mrxsmb - ok
22:38:29.0732 0x1814  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:38:29.0741 0x1814  mrxsmb10 - ok
22:38:29.0758 0x1814  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:38:29.0765 0x1814  mrxsmb20 - ok
22:38:29.0787 0x1814  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:38:29.0791 0x1814  msahci - ok
22:38:29.0806 0x1814  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:38:29.0813 0x1814  msdsm - ok
22:38:29.0837 0x1814  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
22:38:29.0845 0x1814  MSDTC - ok
22:38:29.0868 0x1814  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:38:29.0871 0x1814  Msfs - ok
22:38:29.0892 0x1814  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:38:29.0895 0x1814  mshidkmdf - ok
22:38:29.0904 0x1814  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:38:29.0907 0x1814  msisadrv - ok
22:38:29.0946 0x1814  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:38:29.0954 0x1814  MSiSCSI - ok
22:38:29.0957 0x1814  msiserver - ok
22:38:29.0992 0x1814  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:38:29.0994 0x1814  MSKSSRV - ok
22:38:30.0010 0x1814  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:38:30.0012 0x1814  MSPCLOCK - ok
22:38:30.0024 0x1814  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:38:30.0026 0x1814  MSPQM - ok
22:38:30.0065 0x1814  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:38:30.0075 0x1814  MsRPC - ok
22:38:30.0085 0x1814  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:38:30.0086 0x1814  mssmbios - ok
22:38:30.0102 0x1814  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:38:30.0104 0x1814  MSTEE - ok
22:38:30.0116 0x1814  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:38:30.0119 0x1814  MTConfig - ok
22:38:30.0130 0x1814  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
22:38:30.0135 0x1814  Mup - ok
22:38:30.0167 0x1814  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
22:38:30.0175 0x1814  napagent - ok
22:38:30.0214 0x1814  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:38:30.0225 0x1814  NativeWifiP - ok
22:38:30.0291 0x1814  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:38:30.0307 0x1814  NDIS - ok
22:38:30.0321 0x1814  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:38:30.0325 0x1814  NdisCap - ok
22:38:30.0347 0x1814  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:38:30.0350 0x1814  NdisTapi - ok
22:38:30.0374 0x1814  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:38:30.0379 0x1814  Ndisuio - ok
22:38:30.0392 0x1814  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:38:30.0400 0x1814  NdisWan - ok
22:38:30.0409 0x1814  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:38:30.0414 0x1814  NDProxy - ok
22:38:30.0451 0x1814  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
22:38:30.0455 0x1814  Netaapl - ok
22:38:30.0475 0x1814  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:38:30.0479 0x1814  NetBIOS - ok
22:38:30.0500 0x1814  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:38:30.0510 0x1814  NetBT - ok
22:38:30.0541 0x1814  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
22:38:30.0543 0x1814  Netlogon - ok
22:38:30.0583 0x1814  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
22:38:30.0589 0x1814  Netman - ok
22:38:30.0653 0x1814  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:38:30.0758 0x1814  NetMsmqActivator - ok
22:38:30.0762 0x1814  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:38:30.0765 0x1814  NetPipeActivator - ok
22:38:30.0792 0x1814  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
22:38:30.0799 0x1814  netprofm - ok
22:38:30.0804 0x1814  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:38:30.0806 0x1814  NetTcpActivator - ok
22:38:30.0810 0x1814  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:38:30.0812 0x1814  NetTcpPortSharing - ok
22:38:30.0845 0x1814  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:38:30.0850 0x1814  nfrd960 - ok
22:38:30.0958 0x1814  [ 91CE3F9C53AB08ADAFBAAE443BA0AD1A, 33FC0D2D843EFFC602617789D2ED2342F5E830F06A7D33E5F281F0D129B66F83 ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
22:38:30.0961 0x1814  NitroReaderDriverReadSpool3 - ok
22:38:30.0972 0x1814  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:38:30.0978 0x1814  NlaSvc - ok
22:38:31.0033 0x1814  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF             C:\Windows\system32\drivers\npf.sys
22:38:31.0037 0x1814  NPF - ok
22:38:31.0051 0x1814  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:38:31.0055 0x1814  Npfs - ok
22:38:31.0086 0x1814  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
22:38:31.0087 0x1814  nsi - ok
22:38:31.0114 0x1814  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:38:31.0118 0x1814  nsiproxy - ok
22:38:31.0188 0x1814  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:38:31.0225 0x1814  Ntfs - ok
22:38:31.0236 0x1814  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
22:38:31.0238 0x1814  Null - ok
22:38:31.0310 0x1814  [ 554964B900AE2954B8B589B6287034AC, C6C9EA3ADAFEBBF2AF944E4A0656BD795AD37706008CC0CA3F2150BD709476E7 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
22:38:31.0318 0x1814  NVHDA - ok
22:38:31.0351 0x1814  [ 32A9069A60F8AD846920BE1E0F59672B, D991399999104E6739A7BA1E7D06E4548BCB3D226D1CA6F30BF550B8BC52CEFD ] nvkflt          C:\Windows\system32\DRIVERS\nvkflt.sys
22:38:31.0361 0x1814  nvkflt - ok
22:38:31.0703 0x1814  [ 757ACE4D4C9FF0571F86AA5D586B45E8, E7F23CC1DE26E2DAA690B78B05FC001EE0051F0ED9B9BCE9E7FA4E9684D4F3D4 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:38:32.0115 0x1814  nvlddmkm - ok
22:38:32.0227 0x1814  [ 6F5D2728019DCE7BFF3BAC1885CC0449, D62ECFE384361F04E6AF446CBB8CF64A58556AEFC0E04204F81073B016960EB8 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
22:38:32.0251 0x1814  NvNetworkService - ok
22:38:32.0327 0x1814  [ 445422B928D2FE322BB6B956EA77DC7B, 101D940D323BE6086FE0743B34C8717C573B07566334843E571CE6365BEE16D4 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
22:38:32.0332 0x1814  nvpciflt - ok
22:38:32.0365 0x1814  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:38:32.0372 0x1814  nvraid - ok
22:38:32.0377 0x1814  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:38:32.0384 0x1814  nvstor - ok
22:38:32.0878 0x1814  [ F9C2484E42EDB56E1FFE8378DA3AA778, FB200D950A3BC92B5207A31E9B8255F1DA3989F2DEA160FB653AD1D283FFBFC4 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
22:38:33.0253 0x1814  NvStreamSvc - ok
22:38:33.0340 0x1814  [ 1C7CC708AC4A02A3BE8915539780534A, 0EBDE100880963BF1EC05002BA244CA7700693E958D1974CDD2AC3927D93224F ] nvsvc           C:\Windows\system32\nvvsvc.exe
22:38:33.0354 0x1814  nvsvc - ok
22:38:33.0392 0x1814  [ 939C0FAE9CC0CDD69E6508BDE4C11FE5, 1E82FF4A8797A0EC5DF0E54DE7F358542C73FFFBECADDF86ED66839182E3B55D ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
22:38:33.0396 0x1814  nvvad_WaveExtensible - ok
22:38:33.0422 0x1814  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:38:33.0429 0x1814  nv_agp - ok
22:38:33.0505 0x1814  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:38:33.0521 0x1814  odserv - ok
22:38:33.0530 0x1814  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:38:33.0535 0x1814  ohci1394 - ok
22:38:33.0569 0x1814  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:38:33.0599 0x1814  ose - ok
22:38:33.0626 0x1814  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:38:33.0633 0x1814  p2pimsvc - ok
22:38:33.0666 0x1814  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
22:38:33.0675 0x1814  p2psvc - ok
22:38:33.0693 0x1814  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
22:38:33.0698 0x1814  Parport - ok
22:38:33.0717 0x1814  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:38:33.0722 0x1814  partmgr - ok
22:38:33.0741 0x1814  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:38:33.0745 0x1814  PcaSvc - ok
22:38:33.0771 0x1814  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
22:38:33.0773 0x1814  pci - ok
22:38:33.0809 0x1814  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:38:33.0813 0x1814  pciide - ok
22:38:33.0830 0x1814  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:38:33.0839 0x1814  pcmcia - ok
22:38:33.0851 0x1814  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:38:33.0855 0x1814  pcw - ok
22:38:33.0879 0x1814  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:38:33.0899 0x1814  PEAUTH - ok
22:38:33.0984 0x1814  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:38:33.0989 0x1814  PerfHost - ok
22:38:34.0044 0x1814  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
22:38:34.0076 0x1814  pla - ok
22:38:34.0119 0x1814  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:38:34.0126 0x1814  PlugPlay - ok
22:38:34.0137 0x1814  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:38:34.0144 0x1814  PNRPAutoReg - ok
22:38:34.0152 0x1814  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:38:34.0158 0x1814  PNRPsvc - ok
22:38:34.0191 0x1814  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:38:34.0207 0x1814  PolicyAgent - ok
22:38:34.0235 0x1814  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
22:38:34.0239 0x1814  Power - ok
22:38:34.0275 0x1814  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:38:34.0281 0x1814  PptpMiniport - ok
22:38:34.0311 0x1814  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
22:38:34.0316 0x1814  Processor - ok
22:38:34.0357 0x1814  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:38:34.0361 0x1814  ProfSvc - ok
22:38:34.0368 0x1814  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:38:34.0370 0x1814  ProtectedStorage - ok
22:38:34.0397 0x1814  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:38:34.0399 0x1814  Psched - ok
22:38:34.0458 0x1814  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:38:34.0489 0x1814  ql2300 - ok
22:38:34.0497 0x1814  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:38:34.0504 0x1814  ql40xx - ok
22:38:34.0525 0x1814  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
22:38:34.0536 0x1814  QWAVE - ok
22:38:34.0559 0x1814  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:38:34.0563 0x1814  QWAVEdrv - ok
22:38:34.0581 0x1814  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:38:34.0583 0x1814  RasAcd - ok
22:38:34.0609 0x1814  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:38:34.0613 0x1814  RasAgileVpn - ok
22:38:34.0621 0x1814  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
22:38:34.0629 0x1814  RasAuto - ok
22:38:34.0645 0x1814  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:38:34.0652 0x1814  Rasl2tp - ok
22:38:34.0668 0x1814  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
22:38:34.0675 0x1814  RasMan - ok
22:38:34.0689 0x1814  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:38:34.0695 0x1814  RasPppoe - ok
22:38:34.0711 0x1814  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:38:34.0717 0x1814  RasSstp - ok
22:38:34.0737 0x1814  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:38:34.0748 0x1814  rdbss - ok
22:38:34.0765 0x1814  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:38:34.0768 0x1814  rdpbus - ok
22:38:34.0795 0x1814  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:38:34.0797 0x1814  RDPCDD - ok
22:38:34.0824 0x1814  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:38:34.0827 0x1814  RDPENCDD - ok
22:38:34.0832 0x1814  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:38:34.0834 0x1814  RDPREFMP - ok
22:38:34.0885 0x1814  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:38:34.0888 0x1814  RdpVideoMiniport - ok
22:38:34.0917 0x1814  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:38:34.0925 0x1814  RDPWD - ok
22:38:34.0961 0x1814  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:38:34.0970 0x1814  rdyboost - ok
22:38:35.0042 0x1814  [ 5DDAB1319ACA5F9DAED11F27D8B615BB, 26A9F2E2EB7A6B8221714C3AA4798C1155A45D5CB5ED69380871B7C40FB54388 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
22:38:35.0043 0x1814  RealNetworks Downloader Resolver Service - ok
22:38:35.0156 0x1814  [ 79D99CA9DBD21DBE9CA0C4ACB4BAD419, 30F85370542B280BB5F4041FF669D5FBC681364B7A95BB51EEC740B564E2F6E7 ] RealPlayer Cloud Service C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
22:38:35.0173 0x1814  RealPlayer Cloud Service - ok
22:38:35.0225 0x1814  [ A1AC400C87A5B819285899645FE12DAE, 75D0D3C408144AD01C7A3A54FC552261C4308F8A77FA70E9CB4DD7A046CC16C5 ] RealPlayerUpdateSvc C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
22:38:35.0226 0x1814  RealPlayerUpdateSvc - ok
22:38:35.0255 0x1814  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:38:35.0262 0x1814  RemoteAccess - ok
22:38:35.0294 0x1814  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:38:35.0302 0x1814  RemoteRegistry - ok
22:38:35.0331 0x1814  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:38:35.0337 0x1814  RFCOMM - ok
22:38:35.0406 0x1814  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
22:38:35.0429 0x1814  rpcapd - ok
22:38:35.0455 0x1814  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:38:35.0457 0x1814  RpcEptMapper - ok
22:38:35.0480 0x1814  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
22:38:35.0483 0x1814  RpcLocator - ok
22:38:35.0510 0x1814  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\System32\rpcss.dll
22:38:35.0518 0x1814  RpcSs - ok
22:38:35.0546 0x1814  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:38:35.0551 0x1814  rspndr - ok
22:38:35.0566 0x1814  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
22:38:35.0568 0x1814  SamSs - ok
22:38:35.0583 0x1814  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:38:35.0589 0x1814  sbp2port - ok
22:38:35.0605 0x1814  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:38:35.0615 0x1814  SCardSvr - ok
22:38:35.0630 0x1814  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:38:35.0635 0x1814  scfilter - ok
22:38:35.0667 0x1814  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
22:38:35.0685 0x1814  Schedule - ok
22:38:35.0707 0x1814  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:38:35.0709 0x1814  SCPolicySvc - ok
22:38:35.0762 0x1814  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
22:38:35.0768 0x1814  sdbus - ok
22:38:35.0789 0x1814  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:38:35.0800 0x1814  SDRSVC - ok
22:38:35.0820 0x1814  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:38:35.0824 0x1814  secdrv - ok
22:38:35.0843 0x1814  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
22:38:35.0844 0x1814  seclogon - ok
22:38:35.0855 0x1814  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
22:38:35.0857 0x1814  SENS - ok
22:38:35.0868 0x1814  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:38:35.0874 0x1814  SensrSvc - ok
22:38:35.0916 0x1814  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:38:35.0920 0x1814  Serenum - ok
22:38:35.0943 0x1814  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
22:38:35.0949 0x1814  Serial - ok
22:38:35.0960 0x1814  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:38:35.0964 0x1814  sermouse - ok
22:38:35.0984 0x1814  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
22:38:35.0987 0x1814  SessionEnv - ok
22:38:36.0003 0x1814  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:38:36.0006 0x1814  sffdisk - ok
22:38:36.0022 0x1814  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:38:36.0025 0x1814  sffp_mmc - ok
22:38:36.0039 0x1814  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:38:36.0042 0x1814  sffp_sd - ok
22:38:36.0053 0x1814  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:38:36.0056 0x1814  sfloppy - ok
22:38:36.0107 0x1814  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:38:36.0121 0x1814  SharedAccess - ok
22:38:36.0154 0x1814  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:38:36.0160 0x1814  ShellHWDetection - ok
22:38:36.0182 0x1814  [ 1BC348CF6BAA90EC8E533EF6E6A69933, 2B26F6EB701F48E092DED6A7B888F24736F2899EE81D54DD4B1E9DF7CFD36E7A ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSG664.sys
22:38:36.0187 0x1814  SiSGbeLH - ok
22:38:36.0198 0x1814  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:38:36.0202 0x1814  SiSRaid2 - ok
22:38:36.0206 0x1814  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:38:36.0211 0x1814  SiSRaid4 - ok
22:38:36.0238 0x1814  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:38:36.0243 0x1814  Smb - ok
22:38:36.0267 0x1814  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:38:36.0271 0x1814  SNMPTRAP - ok
22:38:36.0295 0x1814  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:38:36.0299 0x1814  spldr - ok
22:38:36.0356 0x1814  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
22:38:36.0365 0x1814  Spooler - ok
22:38:36.0466 0x1814  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
22:38:36.0526 0x1814  sppsvc - ok
22:38:36.0572 0x1814  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:38:36.0579 0x1814  sppuinotify - ok
22:38:36.0619 0x1814  [ D6AB7C13FCDD2E4CAC35244D2C172D9A, 64A66368F5336B7A5879D083C2FE57DFD384410ADCC18004F327A4004A4F4300 ] sptd            C:\Windows\System32\Drivers\sptd.sys
22:38:36.0663 0x1814  sptd - ok
22:38:36.0701 0x1814  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:38:36.0716 0x1814  srv - ok
22:38:36.0740 0x1814  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:38:36.0754 0x1814  srv2 - ok
22:38:36.0773 0x1814  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:38:36.0782 0x1814  srvnet - ok
22:38:36.0833 0x1814  [ 52D6F40B50ECFC051979FEC68E74F0F8, 9C8C65AC69BA5C9885CF2A4BD72B869754948377AA3FED2680E7BF8C5639F2A2 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
22:38:36.0841 0x1814  ssadbus - ok
22:38:36.0876 0x1814  [ D6CFD3B2EABCF9327DE39C62BABFA1E3, C748AF55B07FCB9C5A3E3E0CB783CE6387A2C5D646BCA6B5F5FFF37ACCE82AD3 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:38:36.0880 0x1814  ssadmdfl - ok
22:38:36.0907 0x1814  [ 5EB01E6148742C3EC2185AC92F6D16FD, 5BD22C745D9BD47C60929F9C556E4B262F9415866EFE9F9263EAD916D74ECAE0 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
22:38:36.0915 0x1814  ssadmdm - ok
22:38:36.0945 0x1814  [ FF20F67DD5644BD1D2E7FCD95AF7F03B, 23615E776D6A8C406C7DDF0E694ED3B5A2D30913AFD3C0F86A788C5004299845 ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
22:38:36.0952 0x1814  ssadserd - ok
22:38:36.0983 0x1814  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:38:36.0987 0x1814  SSDPSRV - ok
22:38:36.0999 0x1814  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:38:37.0001 0x1814  SstpSvc - ok
22:38:37.0058 0x1814  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
22:38:37.0067 0x1814  ssudmdm - ok
22:38:37.0096 0x1814  StarOpen - ok
22:38:37.0179 0x1814  [ CDA9313E34887A111B8309B55BCDCD82, AC070AA093B7013E4D1B29F4FAF9B469C3C261E4D3D1512B4F77CC609CBD1484 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:38:37.0184 0x1814  Stereo Service - ok
22:38:37.0205 0x1814  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:38:37.0209 0x1814  stexstor - ok
22:38:37.0258 0x1814  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
22:38:37.0269 0x1814  stisvc - ok
22:38:37.0290 0x1814  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:38:37.0293 0x1814  swenum - ok
22:38:37.0325 0x1814  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
22:38:37.0342 0x1814  swprv - ok
22:38:37.0386 0x1814  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
22:38:37.0415 0x1814  SysMain - ok
22:38:37.0431 0x1814  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:38:37.0433 0x1814  TabletInputService - ok
22:38:37.0441 0x1814  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:38:37.0447 0x1814  TapiSrv - ok
22:38:37.0469 0x1814  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
22:38:37.0471 0x1814  TBS - ok
22:38:37.0556 0x1814  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:38:37.0601 0x1814  Tcpip - ok
22:38:37.0639 0x1814  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:38:37.0664 0x1814  TCPIP6 - ok
22:38:37.0684 0x1814  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:38:37.0689 0x1814  tcpipreg - ok
22:38:37.0730 0x1814  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:38:37.0733 0x1814  TDPIPE - ok
22:38:37.0765 0x1814  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:38:37.0769 0x1814  TDTCP - ok
22:38:37.0788 0x1814  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:38:37.0794 0x1814  tdx - ok
22:38:37.0826 0x1814  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:38:37.0831 0x1814  TermDD - ok
22:38:37.0868 0x1814  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
22:38:37.0881 0x1814  TermService - ok
22:38:37.0903 0x1814  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
22:38:37.0905 0x1814  Themes - ok
22:38:37.0920 0x1814  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
22:38:37.0922 0x1814  THREADORDER - ok
22:38:37.0943 0x1814  [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM             C:\Windows\system32\drivers\tpm.sys
22:38:37.0947 0x1814  TPM - ok
22:38:37.0969 0x1814  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
22:38:37.0971 0x1814  TrkWks - ok
22:38:38.0040 0x1814  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:38:38.0043 0x1814  TrustedInstaller - ok
22:38:38.0066 0x1814  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:38:38.0070 0x1814  tssecsrv - ok
22:38:38.0102 0x1814  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:38:38.0107 0x1814  TsUsbFlt - ok
22:38:38.0127 0x1814  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:38:38.0132 0x1814  TsUsbGD - ok
22:38:38.0171 0x1814  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:38:38.0174 0x1814  tunnel - ok
22:38:38.0258 0x1814  [ 147BEF8DE7722B3DF25AAAD45548AC36, 81501435FAFD7F4E7686875A361F942ACDC3ED94698CA35E9162B448019E076A ] TxQBService     C:\Program Files (x86)\Tencent\QQBrowser\TsService.exe
22:38:38.0261 0x1814  TxQBService - ok
22:38:38.0305 0x1814  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:38:38.0310 0x1814  uagp35 - ok
22:38:38.0333 0x1814  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:38:38.0344 0x1814  udfs - ok
22:38:38.0370 0x1814  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:38:38.0376 0x1814  UI0Detect - ok
22:38:38.0400 0x1814  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:38:38.0405 0x1814  uliagpkx - ok
22:38:38.0432 0x1814  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:38:38.0437 0x1814  umbus - ok
22:38:38.0467 0x1814  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:38:38.0470 0x1814  UmPass - ok
22:38:38.0641 0x1814  [ 3C5405EF78576E8E4D791EB18F6856A8, 18FD6A5C0ACD045B324F46C7C596D537D52F43B7F2896F0D54CEBEFF4886CAEC ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:38:38.0646 0x1814  UNS - ok
22:38:38.0688 0x1814  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
22:38:38.0695 0x1814  upnphost - ok
22:38:38.0740 0x1814  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:38:38.0744 0x1814  USBAAPL64 - ok
22:38:38.0792 0x1814  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:38:38.0797 0x1814  usbccgp - ok
22:38:38.0844 0x1814  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:38:38.0851 0x1814  usbcir - ok
22:38:38.0897 0x1814  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:38:38.0902 0x1814  usbehci - ok
22:38:38.0959 0x1814  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:38:38.0973 0x1814  usbhub - ok
22:38:39.0023 0x1814  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:38:39.0027 0x1814  usbohci - ok
22:38:39.0060 0x1814  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:38:39.0061 0x1814  usbprint - ok
22:38:39.0078 0x1814  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:38:39.0079 0x1814  usbscan - ok
22:38:39.0113 0x1814  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:38:39.0114 0x1814  USBSTOR - ok
22:38:39.0149 0x1814  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:38:39.0153 0x1814  usbuhci - ok
22:38:39.0179 0x1814  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:38:39.0186 0x1814  usbvideo - ok
22:38:39.0205 0x1814  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
22:38:39.0207 0x1814  UxSms - ok
22:38:39.0216 0x1814  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
22:38:39.0217 0x1814  VaultSvc - ok
22:38:39.0232 0x1814  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:38:39.0237 0x1814  vdrvroot - ok
22:38:39.0261 0x1814  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
22:38:39.0276 0x1814  vds - ok
22:38:39.0302 0x1814  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:38:39.0306 0x1814  vga - ok
22:38:39.0321 0x1814  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:38:39.0325 0x1814  VgaSave - ok
22:38:39.0347 0x1814  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:38:39.0357 0x1814  vhdmp - ok
22:38:39.0394 0x1814  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:38:39.0398 0x1814  viaide - ok
22:38:39.0435 0x1814  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:38:39.0441 0x1814  volmgr - ok
22:38:39.0459 0x1814  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:38:39.0471 0x1814  volmgrx - ok
22:38:39.0488 0x1814  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:38:39.0498 0x1814  volsnap - ok
22:38:39.0529 0x1814  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:38:39.0536 0x1814  vsmraid - ok
22:38:39.0609 0x1814  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
22:38:39.0643 0x1814  VSS - ok
22:38:39.0658 0x1814  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:38:39.0662 0x1814  vwifibus - ok
22:38:39.0669 0x1814  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:38:39.0675 0x1814  vwififlt - ok
22:38:39.0707 0x1814  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:38:39.0710 0x1814  vwifimp - ok
22:38:39.0750 0x1814  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
22:38:39.0757 0x1814  W32Time - ok
22:38:39.0777 0x1814  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:38:39.0781 0x1814  WacomPen - ok
22:38:39.0868 0x1814  [ D970AF80B98927A8C63DBA235E69DF7E, CA8A3ADF3A64B63AB88EA07D452FB12D3498B05C4DFF10434FBFE8A3E688C50B ] wampapache      c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
22:38:39.0873 0x1814  wampapache - ok
22:38:39.0951 0x1814  wampmysqld - ok
22:38:39.0982 0x1814  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:38:39.0988 0x1814  WANARP - ok
22:38:39.0991 0x1814  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:38:39.0993 0x1814  Wanarpv6 - ok
22:38:40.0055 0x1814  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:38:40.0091 0x1814  WatAdminSvc - ok
22:38:40.0155 0x1814  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
22:38:40.0189 0x1814  wbengine - ok
22:38:40.0201 0x1814  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:38:40.0211 0x1814  WbioSrvc - ok
22:38:40.0228 0x1814  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:38:40.0235 0x1814  wcncsvc - ok
22:38:40.0252 0x1814  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:38:40.0258 0x1814  WcsPlugInService - ok
22:38:40.0270 0x1814  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
22:38:40.0274 0x1814  Wd - ok
22:38:40.0323 0x1814  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:38:40.0344 0x1814  Wdf01000 - ok
22:38:40.0361 0x1814  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:38:40.0364 0x1814  WdiServiceHost - ok
22:38:40.0368 0x1814  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:38:40.0370 0x1814  WdiSystemHost - ok
22:38:40.0397 0x1814  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
22:38:40.0408 0x1814  WebClient - ok
22:38:40.0439 0x1814  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:38:40.0452 0x1814  Wecsvc - ok
22:38:40.0469 0x1814  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:38:40.0472 0x1814  wercplsupport - ok
22:38:40.0497 0x1814  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:38:40.0500 0x1814  WerSvc - ok
22:38:40.0529 0x1814  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:38:40.0531 0x1814  WfpLwf - ok
22:38:40.0558 0x1814  [ 52DED146E4797E6CCF94799E8E22BB2A, 57A29260D81AA3AD3F8C29E9CFA7CE3970D7A8BF673ADD9B256EE76C7DEC080E ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
22:38:40.0564 0x1814  WimFltr - ok
22:38:40.0571 0x1814  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:38:40.0575 0x1814  WIMMount - ok
22:38:40.0603 0x1814  WinDefend - ok
22:38:40.0617 0x1814  WinHttpAutoProxySvc - ok
22:38:40.0675 0x1814  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:38:40.0680 0x1814  Winmgmt - ok
22:38:40.0741 0x1814  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:38:40.0784 0x1814  WinRM - ok
22:38:40.0814 0x1814  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:38:40.0819 0x1814  WinUsb - ok
22:38:40.0862 0x1814  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:38:40.0877 0x1814  Wlansvc - ok
22:38:40.0908 0x1814  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:38:40.0909 0x1814  WmiAcpi - ok
22:38:40.0937 0x1814  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:38:40.0945 0x1814  wmiApSrv - ok
22:38:40.0979 0x1814  WMPNetworkSvc - ok
22:38:41.0010 0x1814  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:38:41.0015 0x1814  WPCSvc - ok
22:38:41.0023 0x1814  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:38:41.0027 0x1814  WPDBusEnum - ok
22:38:41.0033 0x1814  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:38:41.0037 0x1814  ws2ifsl - ok
22:38:41.0048 0x1814  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
22:38:41.0051 0x1814  wscsvc - ok
22:38:41.0053 0x1814  WSearch - ok
22:38:41.0138 0x1814  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:38:41.0180 0x1814  wuauserv - ok
22:38:41.0228 0x1814  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:38:41.0229 0x1814  WudfPf - ok
22:38:41.0244 0x1814  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:38:41.0247 0x1814  WUDFRd - ok
22:38:41.0294 0x1814  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:38:41.0297 0x1814  wudfsvc - ok
22:38:41.0341 0x1814  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:38:41.0354 0x1814  WwanSvc - ok
22:38:41.0431 0x1814  [ 28B051B78471FC290C1790623D5908E1, 01B711DAC7290B5DBBA5AF49E69FC906BE0A1BF40EFB372A0DA1FB59F0BA9983 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
22:38:41.0433 0x1814  ZAtheros Bt&Wlan Coex Agent - ok
22:38:41.0483 0x1814  [ 67BB3DC074C640AD609B19E0BBA42BDC, 452CCC94F361A9BE5C032DEA16742B788AF1BA44277E9C8B27A259347C0AB358 ] ZAtheros Wlan Agent C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe
22:38:41.0484 0x1814  ZAtheros Wlan Agent - ok
22:38:41.0523 0x1814  ================ Scan global ===============================
22:38:41.0548 0x1814  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
22:38:41.0580 0x1814  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
22:38:41.0590 0x1814  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
22:38:41.0623 0x1814  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
22:38:41.0654 0x1814  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
22:38:41.0660 0x1814  [ Global ] - ok
22:38:41.0660 0x1814  ================ Scan MBR ==================================
22:38:41.0668 0x1814  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
22:38:41.0672 0x1814  \Device\Harddisk0\DR0 - ok
22:38:41.0676 0x1814  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR3
22:38:41.0681 0x1814  \Device\Harddisk1\DR3 - ok
22:38:41.0681 0x1814  ================ Scan VBR ==================================
22:38:41.0697 0x1814  [ D5D927270CCB2DA0CA461DE912264701 ] \Device\Harddisk0\DR0\Partition1
22:38:41.0755 0x1814  \Device\Harddisk0\DR0\Partition1 - ok
22:38:41.0777 0x1814  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
22:38:41.0777 0x1814  \Device\Harddisk0\DR0\Partition2 - ok
22:38:41.0787 0x1814  [ 15DF1D55A6237CB5C5800C53EA00C482 ] \Device\Harddisk0\DR0\Partition3
22:38:41.0834 0x1814  \Device\Harddisk0\DR0\Partition3 - ok
22:38:41.0858 0x1814  [ CD0FB6E9A02A273764A3E0B1E237BFF5 ] \Device\Harddisk0\DR0\Partition4
22:38:41.0859 0x1814  \Device\Harddisk0\DR0\Partition4 - ok
22:38:41.0882 0x1814  [ 408FD52B0D4A7D6DF68EA3932A092B0C ] \Device\Harddisk0\DR0\Partition5
22:38:41.0883 0x1814  \Device\Harddisk0\DR0\Partition5 - ok
22:38:41.0886 0x1814  [ 7239B2C7B825E11FFBF4E77469CCF7A0 ] \Device\Harddisk1\DR3\Partition1
22:38:41.0887 0x1814  \Device\Harddisk1\DR3\Partition1 - ok
22:38:41.0888 0x1814  ================ Scan generic autorun ======================
22:38:41.0935 0x1814  [ 3DEBDAF997B535D514F44DDDB12D5648, 8BF5530B711943CC7300D2A64B144E944A49952BE4C6A64639710E73793EBF69 ] C:\Windows\system32\igfxtray.exe
22:38:41.0938 0x1814  IgfxTray - ok
22:38:41.0990 0x1814  [ 16CAF784927001633F86C377C906F25E, 90AC219181F7C66D2C534043EAD9F44C4A8F5B49B396B7948C3D26D690BC6B39 ] C:\Windows\system32\hkcmd.exe
22:38:41.0996 0x1814  HotKeysCmds - ok
22:38:42.0022 0x1814  ETDCtrl - ok
22:38:42.0090 0x1814  [ B1DDCBE7D17DE94045FE9E40EB3D0170, 76EAF208139160C10937FEB4CB47A9890BF66414A3958289DDDCE62EA6E701FC ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
22:38:42.0110 0x1814  RtHDVBg - ok
22:38:42.0175 0x1814  [ A891488C2469CDCCFF142BD4C58F124E, 4F807B56D45120A74CEA19C923A1EDED0EAB2924FBC9CF1E13F23BC71D3D9DB6 ] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
22:38:42.0192 0x1814  AtherosBtStack - ok
22:38:42.0242 0x1814  [ A5A217DE2236297B8C0CB2A78FBD49E0, 255F1C25568C34DE84029645CF05B4074A1797301B68CC195E0F4AD084E3CCC0 ] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
22:38:42.0256 0x1814  AthBtTray - ok
22:38:42.0315 0x1814  [ 4490896F4491FD5F1BE601BA9C8245BD, 53709493AFDDE795A08F5E54FCF210479304B998522A06054AA9FAF514C8F1C6 ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
22:38:42.0320 0x1814  AmIcoSinglun64 - ok
22:38:42.0408 0x1814  [ EE316C8D7C1B99412F2C8F1C64268182, F297F1AB3493FE73B40A3B3F9B20612C33E4F155D35B18CAB4256FB6E62C320A ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
22:38:42.0442 0x1814  NvBackend - ok
22:38:42.0467 0x1814  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
22:38:42.0469 0x1814  ShadowPlay - ok
22:38:42.0592 0x1814  [ 4D241A6A8F6BA9FA32FF836551FFDCEA, DEE87DFB6A8E87D40E3653435223B54AF2AB232DDC02D22468C126C54096F006 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
22:38:42.0596 0x1814  USB3MON - ok
22:38:42.0703 0x1814  [ D9AB754613208112B840C75B6762B909, 6869D2E42852A24BF7E34C396E790808729CFCF1086F8AF18E0EBD1071C4C2EF ] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
22:38:42.0707 0x1814  ATKOSD2 - ok
22:38:42.0731 0x1814  [ BC31B27061F27E8968CD0435C038F712, E2FAB6AF6CFFB7762B9A82E156D9D63B53B278D72BC4CCA870AC9016917ED683 ] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
22:38:42.0733 0x1814  ATKMEDIA - ok
22:38:42.0754 0x1814  [ 5AEBF6FA9805C9101220AA4FB4FA17E7, A9B2FC41380211A6C44E839A95676A5BA868CEEBB56D83A780230434C2A20836 ] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
22:38:42.0756 0x1814  HControlUser - ok
22:38:42.0832 0x1814  [ 2AA5DD75EA1281432C40D22B5FD87D3A, 9868D4176C8F08EB72B0B992D3E2A480C587930CA025B4FDF3212F99B79C3017 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
22:38:42.0844 0x1814  avgnt - ok
22:38:42.0903 0x1814  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
22:38:42.0916 0x1814  Adobe ARM - ok
22:38:42.0955 0x1814  [ 0E34B7BB1FCF22BCC1E394D16F9E992B, 382CA8E6BAC301E2F277F8EDA03D263FF71272796A8EED582C36294EEE9191F9 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
22:38:42.0956 0x1814  GrooveMonitor - ok
22:38:43.0021 0x1814  [ 603668084332DDB58D8C5AACE30B04FC, B6FA6BBE18D433F41F96640726444B7CB9D669BAE87A545E1408391B9469EDB9 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
22:38:43.0023 0x1814  iTunesHelper - ok
22:38:43.0109 0x1814  [ 2FC7F940F7E687B717875AA30CE163FB, 310C296067CDE147369E63709F33CC13777DC789B965F4F0BE6FCAE90239B5FA ] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
22:38:43.0112 0x1814  TkBellExe - ok
22:38:43.0181 0x1814  [ 845EB283583BD3C89F09636A10114EF3, BCB3002B867052FB381B1E44D31E381200751E1AD3F991EB4233B73E3E034A0E ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
22:38:43.0183 0x1814  Avira Systray - ok
22:38:43.0243 0x1814  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
22:38:43.0294 0x1814  Sidebar - ok
22:38:43.0336 0x1814  ISUSPM - ok
22:38:43.0362 0x1814  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
22:38:43.0369 0x1814  mctadmin - ok
22:38:43.0497 0x1814  [ AFE3883FB37A5567C913E7DFCF2924A5, 3CA38EE302E0FF343DB87AE90DA868DCE5B7B490C2AA32164AF8DD4773482265 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
22:38:43.0556 0x1814  DAEMON Tools Lite - ok
22:38:43.0650 0x1814  [ F5ED26AB8BDD951BFAC8BBD0D68BA3E9, 418A80F9213A6E830777DE6E8A0F5E5B4BE5B36F4767B056827682EC7F3C8BBF ] C:\Program Files (x86)\Samsung\Kies\Kies.exe
22:38:43.0675 0x1814  KiesPreload - ok
22:38:43.0677 0x1814  Waiting for KSN requests completion. In queue: 128
22:38:44.0677 0x1814  Waiting for KSN requests completion. In queue: 128
22:38:45.0677 0x1814  Waiting for KSN requests completion. In queue: 128
22:38:46.0738 0x1814  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.6.548 ), 0x40000 ( disabled : updated )
22:38:46.0741 0x1814  Win FW state via NFP2: enabled
22:38:49.0495 0x1814  ============================================================
22:38:49.0495 0x1814  Scan finished
22:38:49.0495 0x1814  ============================================================
22:38:49.0500 0x211c  Detected object count: 0
22:38:49.0500 0x211c  Actual detected object count: 0
 
 
I can't post the log from AswMBR because after a while, during the scan process pop up a window that says that asw has stopped working and must be closed.
 
Actually I already Used some of this program by myself before post here, i dunno if it is bad.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 PM

Posted 09 October 2014 - 08:21 AM

This may be the cause of AswMBR is not completing the scan.

If you have a CD Emulator Software (Daemon Tools, Alcohol etc) installed, the drivers this software uses can interfere with the Anti-Rootkit tools we use. These interferences can take a few forms, like GMER crashing or causing BSODs, or Rootkit scans produces large amounts of FPs and general dross. This 'dross' often makes it hard to differentiate between genuine malicious Rootkits, and the legitimate drivers used by CM Emulators.

Disable the CD emulators....

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed. Or when this computer is clean.

    HOW TO: Enable the CD Emulators... < restore only when we are finished.

    To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

    Your Emulation drivers are now re-enabled.[/list]


#9 steffa

steffa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 09 October 2014 - 02:23 PM

I disable it but it still stop work after a while



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 PM

Posted 10 October 2014 - 07:02 AM


Delete the file in bold.

C:\Users\Zanna\AppData\Local\Temp\proxy_vole8767324365365333582.dll
===

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

Please run Farbar Service Scanner.
Type the following in the edit box after "Search:".

pwldypow.sys.

Click Search Files button and post the log (FSS.txt) it makes to your reply.
===

#11 steffa

steffa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 10 October 2014 - 03:36 PM

Sorry, I can't find any file called

C:\Users\Zanna\AppData\Local\Temp\proxy_vole8767324365365333582.dll

 

Also I don't know what is farbar, i need to download it?


Edited by steffa, 10 October 2014 - 03:38 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 PM

Posted 11 October 2014 - 06:59 AM

C:\Users\Zanna\AppData\Local\Temp\proxy_vole8767324365365333582.dll

Also I don't know what is farbar, i need to download it?


Forget about the temporary file for now.

As for the Farbar tool look at my post No. 2. You have downloaded it and used it.

Run the Rkill tool and then search for the pwldypow.sys file.

Post the logs for my review.

#13 steffa

steffa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 11 October 2014 - 05:55 PM

Rkill 2.6.8 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 10/12/2014 12:28:20 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
 
 
Farbar Recovery Scan Tool (x64) Version: 11-10-2014
Ran by Ste at 2014-10-12 00:48:13
Running from C:\Users\Ste\Desktop
Boot Mode: Normal
 
================== Search Files: "pwldypow.sys" =============
 
====== End Of Search ======
 
  127.0.0.1       localhost
 
Program finished at: 10/12/2014 12:43:29 AM
Execution time: 0 hours(s), 15 minute(s), and 8 seconds(s)
 
Btw what is TrkWks

Edited by steffa, 11 October 2014 - 06:25 PM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:32 PM

Posted 12 October 2014 - 08:10 AM


Btw what is TrkWks

Does my computer need the Distributed Link Tracking Client (TrkWks) service?
http://maximumpcguides.com/windows-7/what-is-the-distributed-link-tracking-client-trkwks-service/

It can also be malware. However the TDSSKiller tool reported you version as good.
http://www.bleepingcomputer.com/startups/trkw.dll-11804.html

I do not see this service running in your logs.

Open the TaskManager and see if that service is running.

===

Please run the ComboFix tool. If you still have an old version installed you will be promted to update. Please do.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#15 steffa

steffa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 12 October 2014 - 01:59 PM

This is my Task Manager, i see that svchost taking 170.000kb and that is the PID

 

Combofix log (I already used combofix before i dunno if this is bad for the log)

 

 

 

ComboFix 14-10-04.01 - Ste 12/10/2014  21:03:13.4.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.8078.5194 [GMT 2:00]
Eseguito da: c:\users\Ste\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ste\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
(((((((((((((((((((((((((   Files Creati Da 2014-09-12 al 2014-10-12  )))))))))))))))))))))))))))))))))))
.
.
2014-10-12 19:13 . 2014-10-12 19:13 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-10-12 19:13 . 2014-10-12 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-12 00:04 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6CE99AA5-B2A6-43FB-A052-478FD633E12C}\mpengine.dll
2014-10-06 19:53 . 2014-10-11 23:15 -------- d-----w- C:\FRST
2014-10-06 19:50 . 2014-10-06 19:50 -------- d-----w- C:\AdwCleaner
2014-09-30 20:10 . 2014-10-06 19:29 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-30 20:10 . 2014-09-30 20:10 -------- d-----w- c:\programdata\RogueKiller
2014-09-30 20:08 . 2014-09-30 20:08 3675824 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-30 19:42 . 2014-09-30 19:42 -------- d-----w- c:\programdata\Sophos
2014-09-30 19:42 . 2014-09-30 19:42 73728 ----a-r- c:\users\Ste\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-09-30 19:42 . 2014-09-30 19:42 73728 ----a-r- c:\users\Ste\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-09-30 19:42 . 2014-09-30 19:42 73728 ----a-r- c:\users\Ste\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-09-30 19:42 . 2014-09-30 19:42 -------- d-----w- c:\program files (x86)\Sophos
2014-09-30 06:16 . 2014-09-30 06:16 -------- d-----w- c:\windows\Microsoft Antimalware
2014-09-29 20:34 . 2014-09-29 20:34 2 --shatr- c:\windows\winstart.bat
2014-09-29 19:23 . 2014-09-29 21:16 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-29 19:02 . 2014-09-29 19:02 -------- d-----w- C:\autorun
2014-09-28 00:26 . 2014-09-29 20:28 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-28 00:26 . 2014-09-29 20:28 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-28 00:26 . 2014-09-28 00:26 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-28 00:26 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-12 19:18 . 2013-06-29 01:43 380 ----a-w- c:\users\Ste\AppData\Roaming\sp_data.sys
2014-09-30 20:08 . 2013-08-10 18:45 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-30 20:08 . 2013-08-10 18:45 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-30 19:02 . 2014-03-09 16:22 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2014-09-28 22:00 . 2013-06-29 03:13 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-09-15 07:06 . 2013-06-29 02:42 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-08-12 20:29 . 2014-08-12 20:29 505416 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-08-12 20:29 . 2014-08-12 20:29 353864 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-07-15 18:50 . 2013-06-29 13:48 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-15 18:50 . 2013-06-29 13:44 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-02-14 1564992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2012-02-16 322176]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-22 751184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2014-08-12 296520]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-08-27 164656]
.
c:\users\Ste\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ste\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-13 36414624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
RealPlayer Cloud Service UI.lnk - c:\program files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe [2014-8-12 1022048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys;c:\windows\SYSNATIVE\DRIVERS\awealloc.sys [x]
S2 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys;c:\windows\SYSNATIVE\DRIVERS\imdisk.sys [x]
S2 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe;c:\windows\SYSNATIVE\imdsksvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [x]
S2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros WiFi Driver Installation\Ath_WlanAgent.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AsusVBus;AsusVBus;c:\windows\system32\DRIVERS\AsusVBus.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVBus.sys [x]
S3 AsusVTouch;AsusVTouch;c:\windows\system32\DRIVERS\AsusVTouch.sys;c:\windows\SYSNATIVE\DRIVERS\AsusVTouch.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 19:18 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2014-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-10 20:08]
.
2014-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-29 13:31]
.
2014-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-29 13:31]
.
2014-10-12 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2014-10-09 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Ste\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09 227840 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-22 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-22 398616]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-10-28 984224]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-10-28 800416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-17 361984]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8B59800C-39A0-42F5-80A4-2774141C8E45}: NameServer = 8.8.8.8,8.8.4.4
.
.
------- Associazioni dei file -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
AddRemove-Dev-C++ - c:\dev-cpp\uninstall.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManagerDeluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\FaceLogon\sensorsrv.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
c:\program files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
c:\program files (x86)\ASUS\Splendid\ACMON.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
.
**************************************************************************
.
Ora fine scansione: 2014-10-12  21:26:47 - Il pc è stato riavviato
ComboFix-quarantined-files.txt  2014-10-12 19:26
ComboFix2.txt  2014-09-30 21:38
.
Pre-Run: 63.523.450.880 byte disponibili
Post-Run: 65.815.449.600 byte disponibili
.
- - End Of File - - 90589C06DB5B87FA1196FC3364CB9D6A

Attached Files


Edited by steffa, 12 October 2014 - 02:36 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users