Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Poweliks.E infection


  • This topic is locked This topic is locked
21 replies to this topic

#1 sawmilldon

sawmilldon

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 01 November 2014 - 01:27 PM

Hello, I have the Poweliks infection, causing Com Surrogate processes, etc. Here is the pasted info you need as well as the zipped file attached.

 

Thanks for your help in advance.

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.71.2
Run by THOR at 11:11:43 on 2014-11-01
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8092.5233 [GMT -7:00]
.
AV: BullGuard Antivirus *Enabled/Updated* {EDBB5818-2352-E06B-028A-4E6873B92CC5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BullGuard Antispyware *Enabled/Updated* {56DAB9FC-0568-EFE5-383A-751A083E6678}
FW: BullGuard Firewall *Disabled* {D580D93D-693D-E133-29D5-E75D8D6A6BBE}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\SvcHost.exe -k BullGuard_Main
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe
C:\Windows\System32\SvcHost.exe -k BullGuard_Backup
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\SvcHost.exe -k BullGuard_Cache
C:\Windows\System32\SvcHost.exe -k BullGuard
C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Users\THOR\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe
C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mStart Page = hxxp://www.google.com
uProxyOverride = <-loopback>;192.168.*.*
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [Amazon Music] "C:\Users\THOR\AppData\Local\Amazon Music\Amazon Music Helper.exe"
uRun: [~Resuming Profile  - Quick scan] "C:\Program Files\BullGuard Ltd\BullGuard\BgScan.exe" "profilepath: C:\Users\THOR\AppData\Roaming\BullGuard\Antivirus\Profiles\~Resuming Profile  - Quick scan.xml"
mRun: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
dRunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune
StartupFolder: C:\Users\THOR\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\program.lnk - C:\Windows\System32\rundll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Lookup on Merriam Webster - <no file>
IE: Lookup on Wikipedia - <no file>
IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {54EABC7D-40DC-4667-8517-F42D00540342} - hxxp://whatcom.ctc.tegrity.com/tegrity/_Player/1.0/code/DRMActiveX_x86.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{80A33C38-9349-4BBE-94B3-2963AAA607C7} : DHCPNameServer = 192.168.254.254
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
SSODL: WebCheck - <orphaned>
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot
x64-Run: [BullGuardUpdate2] c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe
x64-IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-5-3 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-5-3 42624]
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R1 AFW;Agnitum Firewall Driver;C:\Windows\System32\drivers\afw.sys [2014-9-4 41680]
R1 BdAgent;BullGuard Security Agent;C:\Windows\System32\drivers\BdAgent.sys [2014-5-15 117184]
R1 BdSpy;BdSpy;C:\Windows\System32\drivers\BdSpy.sys [2014-2-26 67680]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-5-6 283200]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2013-5-6 32400]
R1 NovaShieldFilterDriver;NovaShieldFilterDriver;C:\Windows\System32\drivers\NSKernel.sys [2014-9-24 321112]
R1 NovaShieldTDIDriver;NovaShieldTDIDriver;C:\Windows\System32\drivers\NSNetmon.sys [2014-9-24 27544]
R1 SMR430;Symantec SMR Utility Service 4.3.0;C:\Windows\System32\drivers\SMR430.SYS [2014-11-1 108216]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-20 59648]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-6-1 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-6-1 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-5-6 149120]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [2013-5-6 408960]
R2 BsBackup;BullGuard backup service;C:\Windows\System32\SvcHost.exe -k BullGuard_Backup [2009-7-13 27136]
R2 BsBhvScan;BullGuard Behavioural Detection;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [2014-10-29 591184]
R2 BsCache;BullGuard cache service;C:\Windows\System32\SvcHost.exe -k BullGuard_Cache [2009-7-13 27136]
R2 BsFileScan;BullGuard on-access service;C:\Windows\System32\SvcHost.exe -k BullGuard [2009-7-13 27136]
R2 BsFire;BullGuard firewall service;C:\Windows\System32\SvcHost.exe -k BullGuard [2009-7-13 27136]
R2 BsMailProxy;BullGuard e-mail monitoring service;C:\Windows\System32\SvcHost.exe -k BullGuard_Proxy [2009-7-13 27136]
R2 BsMain;BullGuard Main Service;C:\Windows\System32\SvcHost.exe -k BullGuard_Main [2009-7-13 27136]
R2 BsScanner;BullGuard scanning service;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [2014-10-29 280912]
R2 BsUpdate;BullGuard update service;C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [2014-10-29 384848]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2014-1-3 65657]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 afwcore;afwcore;C:\Windows\System32\drivers\afwcore.sys [2014-9-4 469712]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 BdNet;BdNet;C:\Windows\System32\drivers\BdNet.sys [2014-3-19 34896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-5-3 726160]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-3 58536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-8-7 438616]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-5-3 46136]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;QuickCam Pro for Notebooks(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-2 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-3 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-2 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-5-2 1255736]
.
=============== Created Last 30 ================
.
2014-11-01 17:20:03 108216 ----a-w- C:\Windows\System32\drivers\SMR430.SYS
2014-11-01 17:09:27 -------- d-----w- C:\NPE
2014-11-01 17:08:29 -------- d-----w- C:\Users\THOR\AppData\Local\NPE
2014-11-01 17:00:57 -------- d-----w- C:\FRST
2014-11-01 16:40:50 -------- d-----w- C:\Windows\ERUNT
2014-11-01 16:16:18 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-11-01 16:15:40 -------- d-----w- C:\AdwCleaner
2014-10-31 18:11:19 -------- d--h--w- C:\Windows\AxInstSV
2014-10-29 15:00:55 153712 ----a-w- C:\Windows\System32\BgGamingMonitor.dll
2014-10-29 15:00:55 140280 ----a-w- C:\Windows\SysWow64\BgGamingMonitor.dll
2014-10-29 15:00:54 76624 ----a-w- C:\Windows\System32\BGLsp.dll
2014-10-29 15:00:54 64336 ----a-w- C:\Windows\SysWow64\BGLsp.dll
2014-10-28 01:51:58 347464 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-10-28 01:51:57 76152 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-10-27 20:49:57 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-26 04:31:55 -------- d-----w- C:\Users\THOR\AppData\Roaming\BullGuard
2014-10-26 04:30:05 -------- d-----w- C:\Program Files\Common Files\BullGuard Ltd
2014-10-26 04:30:04 -------- d-----w- C:\Program Files\BullGuard Ltd
2014-10-26 04:28:36 -------- d-----w- C:\ProgramData\BullGuard
2014-10-15 13:07:29 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-15 13:06:48 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-15 13:06:48 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-15 13:06:47 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-15 13:00:51 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-10-15 13:00:50 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-10-15 13:00:49 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-15 13:00:49 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M  ====================
.
2014-11-01 00:38:00 347464 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-10-31 20:43:16 347464 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-10-29 15:00:38 27544 ----a-w- C:\Windows\System32\drivers\NSNetmon.sys
2014-10-29 15:00:24 321112 ----a-w- C:\Windows\System32\drivers\NSKernel.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-24 19:19:17 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 19:19:17 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 10:09:50 469712 ----a-w- C:\Windows\System32\drivers\afwcore.sys
2014-09-04 10:09:50 41680 ----a-w- C:\Windows\System32\drivers\afw.sys
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
.
============= FINISH: 11:11:57.19 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:28 PM

Posted 01 November 2014 - 01:32 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 sawmilldon

sawmilldon
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 01 November 2014 - 09:21 PM

OK. Here are the scan logs in the order specified.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by THOR (administrator) on THOR-PC on 01-11-2014 19:18:23
Running from C:\Users\THOR\Desktop
Loaded Profile: THOR (Available profiles: THOR)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1337680 2014-10-29] (BullGuard Ltd.)
HKLM\...\Run: [BullGuardUpdate2] => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2933072 2014-10-29] (BullGuard Ltd.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe [1384608 2012-07-12] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111264 2012-10-03] (DT Soft Ltd)
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [Amazon Music] => C:\Users\THOR\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [~Resuming Profile  - Quick scan] => C:\Program Files\BullGuard Ltd\BullGuard\BgScan.exe [476496 2014-10-29] (BullGuard Ltd.)
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\MountPoints2: {9d691561-dc06-11e2-b57e-60a44c61807a} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\MountPoints2: {cf05d57b-b3fd-11e2-8a44-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
AppInit_DLLs: c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll => c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll [101680 2014-10-10] (BullGuard Ltd.)
AppInit_DLLs-x32: c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll => c:\Program Files\BullGuard Ltd\BullGuard\Files32\BgAgent.dll [86712 2014-10-10] (BullGuard Ltd.)
Startup: C:\Users\THOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~3\3147ED63.cpp (No File)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x41A5AAB15948CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKCU - 817F1D63E93F403D8B6E7AA2899E3AEC URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3320050&octid=EB_ORIGINAL_CTID&ISID=M28CB24B1-B57A-49BF-9A3A-C236FB376C65&SearchSource=58&CUI=&UM=5&UP=SPEF7A450E-B70F-4433-AFAD-41F13985EFDC&q={searchTerms}&SSPV=
SearchScopes: HKCU - {C7FA19E4-5BF0-4587-9000-30AFA4A0E037} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130519,19933,1937,25,6368
SearchScopes: HKCU - {CF80AD5B-6A71-4215-8AF0-886ED9908755} URL = https://www.google.com/search?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {54EABC7D-40DC-4667-8517-F42D00540342} http://whatcom.ctc.tegrity.com/tegrity/_Player/1.0/code/DRMActiveX_x86.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\THOR\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard
FF Extension: BullGuard Safe Browsing - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [2014-10-25]

Chrome:
=======
CHR Profile: C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-05-27]
CHR Extension: (No Name) - C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-05-27]
CHR Extension: (Google Wallet) - C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2014-02-08] () [File not signed]
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2012-10-14] (ASUSTeK Computer Inc.)
S2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [751952 2014-10-29] (BullGuard Ltd.)
S2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [591184 2014-10-29] (BullGuard Ltd.)
S2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [156496 2014-10-29] (BullGuard Ltd.)
S2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [421200 2014-10-29] (BullGuard Ltd.)
S2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [758608 2014-10-29] (BullGuard Ltd.)
S2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [757584 2014-10-29] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [538960 2014-10-29] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [280912 2014-10-29] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [384848 2014-10-29] (BullGuard Ltd.)
R2 EFS; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
S2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-10-27] ()
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
S2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
S2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-02-08] () [File not signed]
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [41680 2014-09-04] (Agnitum Ltd.)
S3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [469712 2014-09-04] (Agnitum Ltd.)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-13] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
S1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 2014-05-15] (BullGuard Ltd.)
S3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [34896 2014-03-19] (BullGuard Ltd.)
S1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [67680 2014-02-26] (BullGuard Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-06] (DT Soft Ltd)
S1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [321112 2014-10-29] (BullGuard Ltd.)
S1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [27544 2014-10-29] (BullGuard Ltd.)
S1 SMR430; C:\Windows\System32\drivers\SMR430.SYS [108216 2014-11-01] (Symantec Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2014-02-26] (BitDefender S.R.L.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 19:18 - 2014-11-01 19:18 - 00017394 _____ () C:\Users\THOR\Desktop\FRST.txt
2014-11-01 19:17 - 2014-11-01 19:18 - 02114048 _____ (Farbar) C:\Users\THOR\Desktop\FRST64.exe
2014-11-01 19:16 - 2014-11-01 19:16 - 00000512 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2014-11-01 10:20 - 2014-11-01 10:20 - 00108216 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SMR430.SYS
2014-11-01 10:20 - 2014-11-01 10:20 - 00000020 _____ () C:\Windows\system32\Drivers\SMR430.dat
2014-11-01 10:09 - 2014-11-01 10:09 - 00000000 ____D () C:\NPE
2014-11-01 10:08 - 2014-11-01 10:20 - 00000000 ____D () C:\Users\THOR\AppData\Local\NPE
2014-11-01 10:00 - 2014-11-01 19:18 - 00000000 ____D () C:\FRST
2014-11-01 09:40 - 2014-11-01 09:40 - 00000000 ____D () C:\Windows\ERUNT
2014-11-01 09:37 - 2014-11-01 09:40 - 01706359 _____ (Thisisu) C:\Users\THOR\Downloads\JRT.exe
2014-11-01 09:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-01 09:15 - 2014-11-01 09:17 - 00000000 ____D () C:\AdwCleaner
2014-10-31 11:11 - 2014-10-31 11:11 - 00000000 ___HD () C:\Windows\AxInstSV
2014-10-29 09:00 - 2014-11-01 09:18 - 00001140 _____ () C:\Windows\PFRO.log
2014-10-29 08:00 - 2014-10-29 08:00 - 00153712 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2014-10-29 08:00 - 2014-10-29 08:00 - 00140280 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2014-10-29 08:00 - 2014-10-29 08:00 - 00076624 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2014-10-29 08:00 - 2014-10-29 08:00 - 00064336 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2014-10-28 15:34 - 2014-11-01 10:19 - 00000784 _____ () C:\Windows\setupact.log
2014-10-28 15:34 - 2014-10-28 15:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-27 18:51 - 2014-10-31 17:38 - 00347464 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-10-27 18:51 - 2014-10-27 18:57 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-27 13:50 - 2014-10-27 13:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-27 13:49 - 2014-10-27 13:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-27 13:49 - 2014-10-27 13:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-27 13:49 - 2014-10-27 13:49 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-27 13:49 - 2014-10-27 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-27 13:49 - 2014-10-27 13:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-27 13:33 - 2014-10-27 13:33 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-10-26 07:45 - 2014-10-26 07:45 - 00000164 _____ () C:\Users\THOR\Desktop\BullGuard Online Drive.lnk
2014-10-26 07:38 - 2014-11-01 11:10 - 00000312 _____ () C:\Windows\system32\config\afw_hm.conf
2014-10-26 07:38 - 2014-11-01 11:10 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf
2014-10-25 21:31 - 2014-10-26 08:45 - 00000000 ____D () C:\Users\THOR\AppData\Roaming\BullGuard
2014-10-25 21:31 - 2014-10-25 21:31 - 00000990 _____ () C:\Users\Public\Desktop\BullGuard.lnk
2014-10-25 21:31 - 2014-10-25 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
2014-10-25 21:30 - 2014-10-25 21:30 - 00000000 ____D () C:\Program Files\Common Files\BullGuard Ltd
2014-10-25 21:30 - 2014-10-25 21:30 - 00000000 ____D () C:\Program Files\BullGuard Ltd
2014-10-25 21:28 - 2014-11-01 19:14 - 00000000 ____D () C:\ProgramData\BullGuard
2014-10-23 20:14 - 2014-10-23 20:14 - 00000222 _____ () C:\Users\THOR\Desktop\APB Reloaded.url
2014-10-23 13:41 - 2014-10-23 13:41 - 00000177 _____ () C:\console.log
2014-10-15 06:10 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 06:10 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 06:10 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 06:10 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 06:10 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 06:10 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 06:10 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 06:10 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 06:10 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 06:10 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 06:10 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 06:10 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 06:10 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 06:10 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 06:10 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 06:10 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 06:10 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 06:10 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 06:10 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 06:10 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 06:10 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 06:10 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 06:10 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 06:10 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 06:10 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 06:10 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 06:10 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 06:10 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 06:10 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 06:10 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 06:10 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 06:10 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 06:10 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 06:10 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 06:10 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 06:10 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 06:10 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 06:10 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 06:10 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 06:10 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 06:10 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 06:10 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 06:10 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 06:10 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 06:10 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 06:10 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 06:10 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 06:10 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 06:10 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 06:10 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 06:10 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 06:10 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 06:10 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 06:10 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 06:10 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 06:10 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 06:07 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 06:07 - 2014-08-18 20:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 06:07 - 2014-08-18 20:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 06:07 - 2014-08-18 20:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 06:07 - 2014-08-18 20:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 06:07 - 2014-08-18 20:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 06:07 - 2014-08-18 20:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 06:07 - 2014-08-18 20:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 06:07 - 2014-08-18 20:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 06:07 - 2014-08-18 20:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 06:07 - 2014-08-18 20:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 06:07 - 2014-08-18 19:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 06:07 - 2014-08-18 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 06:07 - 2014-08-18 19:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 06:07 - 2014-07-06 19:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 06:07 - 2014-07-06 19:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 06:07 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 06:07 - 2014-07-06 19:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 06:07 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 06:07 - 2014-07-06 19:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 06:07 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 06:07 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 06:07 - 2014-07-06 19:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 06:07 - 2014-07-06 19:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 06:07 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 06:07 - 2014-07-06 18:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 06:07 - 2014-07-06 18:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 06:07 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 06:07 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 06:07 - 2014-07-06 18:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 06:07 - 2014-07-06 18:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 06:07 - 2014-07-06 18:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 06:07 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 06:07 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 06:07 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 06:07 - 2014-06-27 17:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 06:07 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 06:07 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 06:07 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 06:07 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 06:07 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 06:07 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 06:07 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 06:07 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 06:06 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 06:06 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 06:06 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 06:01 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 06:01 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 06:01 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 06:01 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 06:01 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 06:01 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 06:01 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 06:01 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 06:01 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 06:01 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 06:01 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 06:01 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 06:01 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 06:01 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 06:01 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 06:01 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 06:00 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 06:00 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 06:00 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 06:00 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 19:12 - 2013-05-03 16:34 - 01457207 _____ () C:\Windows\WindowsUpdate.log
2014-11-01 19:11 - 2014-02-24 12:25 - 00000000 ____D () C:\Users\THOR\Desktop\House stuff
2014-11-01 18:24 - 2014-07-16 08:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-01 18:19 - 2013-05-19 14:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-01 14:24 - 2014-07-16 08:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-01 11:19 - 2013-05-09 06:40 - 00000000 ____D () C:\Users\THOR\AppData\Local\CrashDumps
2014-11-01 10:28 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-01 10:26 - 2009-07-13 21:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-01 10:26 - 2009-07-13 21:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-01 10:19 - 2014-01-03 10:15 - 00000000 ____D () C:\Temp
2014-11-01 10:19 - 2013-05-03 18:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-01 10:19 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-01 10:08 - 2013-05-03 16:45 - 00000000 ____D () C:\ProgramData\Norton
2014-10-31 17:38 - 2013-05-02 22:20 - 00347464 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-10-31 13:43 - 2013-05-02 21:39 - 00347464 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-10-29 08:00 - 2014-09-24 01:01 - 00321112 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSKernel.sys
2014-10-29 08:00 - 2014-09-24 01:01 - 00027544 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSNetmon.sys
2014-10-28 16:11 - 2013-05-15 13:29 - 00007602 _____ () C:\Users\THOR\AppData\Local\Resmon.ResmonCfg
2014-10-27 15:47 - 2013-08-04 17:01 - 00000000 ____D () C:\Quake2
2014-10-27 13:50 - 2013-09-21 16:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-27 13:33 - 2013-05-06 07:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-10-26 08:47 - 2013-06-15 10:33 - 00000000 ____D () C:\Windows\Minidump
2014-10-26 08:47 - 2013-05-03 08:27 - 00000000 ____D () C:\Windows\Panther
2014-10-25 21:30 - 2013-05-02 21:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-25 21:28 - 2013-12-21 14:44 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-24 19:16 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-23 14:19 - 2014-07-16 08:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 14:19 - 2014-07-16 08:51 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-23 13:51 - 2013-05-03 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-10-23 13:51 - 2013-05-03 17:52 - 00000000 ____D () C:\Program Files (x86)\GamersFirst
2014-10-23 13:36 - 2013-05-03 16:34 - 00000000 ____D () C:\Users\THOR
2014-10-23 13:35 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-10-23 07:36 - 2014-02-08 09:33 - 00724749 _____ () C:\Users\THOR\AppData\Local\census.cache
2014-10-23 07:36 - 2014-02-08 09:32 - 00072653 _____ () C:\Users\THOR\AppData\Local\ars.cache
2014-10-17 09:07 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 12:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 07:16 - 2009-07-13 21:45 - 00296744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 07:15 - 2014-05-06 21:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 07:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 07:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 21:18 - 2013-08-07 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 21:17 - 2013-05-03 17:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-09 19:20 - 2013-05-03 18:07 - 00000000 ____D () C:\Users\THOR\AppData\Roaming\.minecraft
2014-10-03 12:21 - 2013-08-16 11:41 - 00000000 ____D () C:\Users\THOR\Desktop\Metal Detector Stuff

Some content of TEMP:
====================
C:\Users\THOR\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 09:14

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014
Ran by THOR at 2014-11-01 19:18:40
Running from C:\Users\THOR\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: BullGuard Antivirus (Enabled - Up to date) {EDBB5818-2352-E06B-028A-4E6873B92CC5}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: BullGuard Antispyware (Enabled - Up to date) {56DAB9FC-0568-EFE5-383A-751A083E6678}
FW: BullGuard Firewall (Disabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.09 - ASUSTeK Computer Inc.)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 14.1 - BullGuard Ltd.)
CPUID ASUS CPU-Z 1.61.3 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.61.3 - CPUID, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.1.0.0336 - DT Soft Ltd)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - )
EasyGPS 5.18.0.0 (HKLM-x32\...\EasyGPS_is1) (Version: 5.18.0.0 - TopoGrafix)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Home Designer Suite 2014 (HKLM-x32\...\{5DC20D14-8326-4827-9E14-48E80D47C25E}) (Version: 15.2.0.0 - Chief Architect)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6699 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellar Phoenix Windows Data Recovery - Home (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Home_is1) (Version: 6.0.0.0 - Stellar Information Systems Ltd)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4020961069-3267065953-2517700709-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================

29-10-2014 18:57:12 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E9D4D12-1951-4D5C-95D0-8DD8A72FDB28} - System32\Tasks\ASUS\ASUS DigiPowerControl Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe [2012-08-14] (ASUSTeK Computer Inc.)
Task: {1732DE9B-F5DE-4D25-872D-833AA2585397} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {29119F59-5D0B-4D60-88BE-FC0228B36FC7} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {5337F4EC-57AF-4B3F-940B-FDD868F33A7F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4020961069-3267065953-2517700709-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {58B051D5-5684-4136-AD1C-8DFE8DE3385E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)
Task: {63DF5988-737D-4116-ADB4-5B34F316137F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4020961069-3267065953-2517700709-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {684884B7-ACBB-4528-9581-3B95DF619FB7} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {686A582B-25B4-41D1-B160-973E062E79DC} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-09] ()
Task: {75DB1E9C-8984-4382-858E-9654ACF6AFA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)
Task: {91F1E220-B7DB-4415-B7E6-EC0D44BA3D45} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4020961069-3267065953-2517700709-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {991A1A86-0851-4BC6-BA08-1DEAE4E814B4} - System32\Tasks\4498 => Wscript.exe C:\Users\THOR\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {A35F3C36-E3D5-404D-92B1-049DAC77F62F} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4020961069-3267065953-2517700709-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {AE215ED9-7402-4BEE-A2E8-9E9B0AC7B269} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {C5EFDB98-189F-4963-925A-59B3DC450C50} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {D3F043D9-3C43-4DC1-9D31-644F4B238704} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {D6F3BDF3-9BF0-4D1C-A50E-A35658768503} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2012-05-02] (ASUSTeK Computer Inc.)
Task: {DA140FBB-3B8A-452E-8682-DF1FC9600E6D} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe [2012-07-12] (ASUSTeK Computer Inc.)
Task: {F22A3054-708D-483D-9501-47B682153464} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-10-29 08:00 - 2014-10-29 08:00 - 00613200 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2014-10-29 08:00 - 2014-10-29 08:00 - 00084304 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2014-10-29 08:00 - 2014-10-29 08:00 - 00653136 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2014-10-29 08:00 - 2014-10-29 08:00 - 00064848 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2014-10-29 08:00 - 2014-10-29 08:00 - 00084304 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2014-10-29 08:00 - 2014-10-29 08:00 - 00653136 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-4020961069-3267065953-2517700709-500 - Administrator - Disabled)
Guest (S-1-5-21-4020961069-3267065953-2517700709-501 - Limited - Disabled)
THOR (S-1-5-21-4020961069-3267065953-2517700709-1000 - Administrator - Enabled) => C:\Users\THOR

==================== Faulty Device Manager Devices =============

Name: NovaShieldTDIDriver
Description: NovaShieldTDIDriver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NovaShieldTDIDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2014 07:15:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 11:19:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsSpellCheckingFacility.exe, version: 6.3.9600.17344, time stamp: 0x541b844a
Faulting module name: MsSpellCheckingFacility.exe, version: 6.3.9600.17344, time stamp: 0x541b844a
Exception code: 0xc0000005
Fault offset: 0x000000000007abf2
Faulting process id: 0x7a0
Faulting application start time: 0xMsSpellCheckingFacility.exe0
Faulting application path: MsSpellCheckingFacility.exe1
Faulting module path: MsSpellCheckingFacility.exe2
Report Id: MsSpellCheckingFacility.exe3

Error: (11/01/2014 10:48:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsSpellCheckingFacility.exe, version: 6.3.9600.17344, time stamp: 0x541b844a
Faulting module name: MsSpellCheckingFacility.exe, version: 6.3.9600.17344, time stamp: 0x541b844a
Exception code: 0xc0000005
Fault offset: 0x000000000007abf2
Faulting process id: 0x26b8
Faulting application start time: 0xMsSpellCheckingFacility.exe0
Faulting application path: MsSpellCheckingFacility.exe1
Faulting module path: MsSpellCheckingFacility.exe2
Report Id: MsSpellCheckingFacility.exe3

Error: (11/01/2014 10:47:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22
Exception code: 0xc00000fd
Fault offset: 0x00094765
Faulting process id: 0x17fc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/01/2014 10:21:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 10:15:27 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\THOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYBVEJI2\NPE.exe Internet Files\Content.IE5\EYBVEJI2\NPE.exe" /POSTADVSCAN /SERVICEPOSTADVSCAN; Description = Norton_Power_Eraser_20141101101527943; Error = 0x80070514).

Error: (11/01/2014 10:15:08 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\THOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYBVEJI2\NPE.exe Internet Files\Content.IE5\EYBVEJI2\NPE.exe" /POSTADVSCAN /SERVICEPOSTADVSCAN; Description = Norton_Power_Eraser_20141101101508340; Error = 0x80070514).

Error: (11/01/2014 10:11:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 09:55:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 09:51:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/01/2014 07:14:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/01/2014 07:14:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/01/2014 07:14:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/01/2014 07:14:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/01/2014 07:14:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/01/2014 07:14:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/01/2014 07:14:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/01/2014 07:14:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/01/2014 07:14:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (11/01/2014 07:14:20 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (11/01/2014 07:15:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 11:19:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsSpellCheckingFacility.exe6.3.9600.17344541b844aMsSpellCheckingFacility.exe6.3.9600.17344541b844ac0000005000000000007abf27a001cff6005b343220C:\Windows\System32\MsSpellCheckingFacility.exeC:\Windows\System32\MsSpellCheckingFacility.exe9a22a02f-61f3-11e4-b06a-60a44c61807a

Error: (11/01/2014 10:48:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsSpellCheckingFacility.exe6.3.9600.17344541b844aMsSpellCheckingFacility.exe6.3.9600.17344541b844ac0000005000000000007abf226b801cff5fc16acdf77C:\Windows\System32\MsSpellCheckingFacility.exeC:\Windows\System32\MsSpellCheckingFacility.exe573d91f6-61ef-11e4-b06a-60a44c61807a

Error: (11/01/2014 10:47:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.173444a5bc6b7MSHTML.dll11.0.9600.17344541b8a22c00000fd0009476517fc01cff5fad048271fC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll15d0b7c8-61ef-11e4-b06a-60a44c61807a

Error: (11/01/2014 10:21:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 10:15:27 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\THOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYBVEJI2\NPE.exe Internet Files\Content.IE5\EYBVEJI2\NPE.exe" /POSTADVSCAN /SERVICEPOSTADVSCANNorton_Power_Eraser_201411011015279430x80070514

Error: (11/01/2014 10:15:08 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\THOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYBVEJI2\NPE.exe Internet Files\Content.IE5\EYBVEJI2\NPE.exe" /POSTADVSCAN /SERVICEPOSTADVSCANNorton_Power_Eraser_201411011015083400x80070514

Error: (11/01/2014 10:11:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 09:55:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/01/2014 09:51:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2013-05-03 06:26:03.048
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD FX™-8350 Eight-Core Processor
Percentage of memory in use: 23%
Total physical RAM: 8092.2 MB
Available physical RAM: 6159.38 MB
Total Pagefile: 16182.57 MB
Available Pagefile: 14213.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:95.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: B6670155)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:28 PM

Posted 02 November 2014 - 05:03 AM

warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.


Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    Startup: C:\Users\THOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
    ShortcutTarget: program.lnk -> C:\PROGRA~3\3147ED63.cpp (No File)
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
    SearchScopes: HKCU - 817F1D63E93F403D8B6E7AA2899E3AEC URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3320050&octid=EB_ORIGINAL_CTID&ISID=M28CB24B1-B57A-49BF-9A3A-C236FB376C65&SearchSource=58&CUI=&UM=5&UP=SPEF7A450E-B70F-4433-AFAD-41F13985EFDC&q={searchTerms}&SSPV=
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    File: C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
    File: C:\Windows\SysWOW64\spoolsv.exe [0 2014-02-08] () [File not signed]
    Task: {684884B7-ACBB-4528-9581-3B95DF619FB7} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
    Task: {991A1A86-0851-4BC6-BA08-1DEAE4E814B4} - System32\Tasks\4498 => Wscript.exe C:\Users\THOR\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 sawmilldon

sawmilldon
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 02 November 2014 - 09:58 AM

Here is the log.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by THOR at 2014-11-02 06:52:55 Run:1
Running from C:\Users\THOR\Desktop
Loaded Profile: THOR (Available profiles: THOR)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\THOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
ShortcutTarget: program.lnk -> C:\PROGRA~3\3147ED63.cpp (No File)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKCU - 817F1D63E93F403D8B6E7AA2899E3AEC URL = http://search.conduit.com/Results.aspx?gd=&ctid=CT3320050&octid=EB_ORIGINAL_CTID&ISID=M28CB24B1-B57A-49BF-9A3A-C236FB376C65&SearchSource=58&CUI=&UM=5&UP=SPEF7A450E-B70F-4433-AFAD-41F13985EFDC&q={searchTerms}&SSPV=
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
File: C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
File: C:\Windows\SysWOW64\spoolsv.exe [0 2014-02-08] () [File not signed]
Task: {684884B7-ACBB-4528-9581-3B95DF619FB7} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {991A1A86-0851-4BC6-BA08-1DEAE4E814B4} - System32\Tasks\4498 => Wscript.exe C:\Users\THOR\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
*****************

Processes closed successfully.
"HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
C:\Users\THOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk => Moved successfully.
C:\PROGRA~3\3147ED63.cpp not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => Key deleted successfully.
"HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\817F1D63E93F403D8B6E7AA2899E3AEC" => Key deleted successfully.
"HKCR\CLSID\817F1D63E93F403D8B6E7AA2899E3AEC" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.

========================= File: C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed] ========================

"C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]" not found.
====== End Of File: ======

========================= File: C:\Windows\SysWOW64\spoolsv.exe [0 2014-02-08] () [File not signed] ========================

"C:\Windows\SysWOW64\spoolsv.exe [0 2014-02-08] () [File not signed]" not found.
====== End Of File: ======

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{684884B7-ACBB-4528-9581-3B95DF619FB7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{684884B7-ACBB-4528-9581-3B95DF619FB7}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{991A1A86-0851-4BC6-BA08-1DEAE4E814B4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{991A1A86-0851-4BC6-BA08-1DEAE4E814B4}" => Key deleted successfully.
C:\Windows\System32\Tasks\4498 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4498" => Key deleted successfully.

The system needed a reboot.

==== End of Fixlog ====



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:28 PM

Posted 02 November 2014 - 10:23 AM

OK...and step 2 please... :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 sawmilldon

sawmilldon
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 02 November 2014 - 12:46 PM

Here is the Sorry I didn't catch step 2.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by THOR (administrator) on THOR-PC on 02-11-2014 09:44:45
Running from C:\Users\THOR\Desktop
Loaded Profile: THOR (Available profiles: THOR)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
() C:\Users\THOR\AppData\Local\Amazon Music\Amazon Music Helper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1337680 2014-10-29] (BullGuard Ltd.)
HKLM\...\Run: [BullGuardUpdate2] => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2933072 2014-10-29] (BullGuard Ltd.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe [1384608 2012-07-12] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111264 2012-10-03] (DT Soft Ltd)
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [Amazon Music] => C:\Users\THOR\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\MountPoints2: {9d691561-dc06-11e2-b57e-60a44c61807a} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\MountPoints2: {cf05d57b-b3fd-11e2-8a44-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
AppInit_DLLs: c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll => c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll [101680 2014-10-09] (BullGuard Ltd.)
AppInit_DLLs-x32: c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll => c:\Program Files\BullGuard Ltd\BullGuard\Files32\BgAgent.dll [86712 2014-10-09] (BullGuard Ltd.)
Startup: C:\Users\THOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AodbeARMHelper.exe ()
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x41A5AAB15948CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {C7FA19E4-5BF0-4587-9000-30AFA4A0E037} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130519,19933,1937,25,6368
SearchScopes: HKCU - {CF80AD5B-6A71-4215-8AF0-886ED9908755} URL = https://www.google.com/search?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {54EABC7D-40DC-4667-8517-F42D00540342} http://whatcom.ctc.tegrity.com/tegrity/_Player/1.0/code/DRMActiveX_x86.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\THOR\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard
FF Extension: BullGuard Safe Browsing - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [2014-10-25]

Chrome:
=======
CHR Profile: C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-05-27]
CHR Extension: (No Name) - C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-05-27]
CHR Extension: (Google Wallet) - C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2014-02-08] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2012-10-14] (ASUSTeK Computer Inc.)
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [751952 2014-10-29] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [591184 2014-10-29] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [156496 2014-10-29] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [421200 2014-10-29] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [758608 2014-10-29] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [757584 2014-10-29] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [538960 2014-10-29] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [280912 2014-10-29] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [384848 2014-10-29] (BullGuard Ltd.)
R2 EFS; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-10-27] ()
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-02-08] () [File not signed]
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [41680 2014-09-04] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [469712 2014-09-04] (Agnitum Ltd.)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-13] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 2014-05-15] (BullGuard Ltd.)
R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [34896 2014-03-19] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [67680 2014-02-26] (BullGuard Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-06] (DT Soft Ltd)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [321112 2014-10-29] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [27544 2014-10-29] (BullGuard Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2014-02-26] (BitDefender S.R.L.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 06:56 - 2014-11-02 06:56 - 00000512 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2014-11-02 06:52 - 2014-11-02 06:52 - 00000000 ____D () C:\Users\THOR\Desktop\FRST-OlderVersion
2014-11-02 06:49 - 2014-11-02 06:52 - 02114560 _____ (Farbar) C:\Users\THOR\Desktop\FRST64.exe
2014-11-01 20:30 - 2014-11-01 20:30 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-01 20:30 - 2014-11-01 20:30 - 00000000 ____D () C:\ProgramData\FispOlyeg
2014-11-01 18:18 - 2014-11-02 09:44 - 00019123 _____ () C:\Users\THOR\Desktop\FRST.txt
2014-11-01 18:18 - 2014-11-01 18:18 - 00027900 _____ () C:\Users\THOR\Desktop\Addition.txt
2014-11-01 09:09 - 2014-11-01 09:09 - 00000000 ____D () C:\NPE
2014-11-01 09:08 - 2014-11-01 09:20 - 00000000 ____D () C:\Users\THOR\AppData\Local\NPE
2014-11-01 09:00 - 2014-11-02 09:44 - 00000000 ____D () C:\FRST
2014-11-01 08:40 - 2014-11-01 08:40 - 00000000 ____D () C:\Windows\ERUNT
2014-11-01 08:37 - 2014-11-01 08:40 - 01706359 _____ (Thisisu) C:\Users\THOR\Downloads\JRT.exe
2014-11-01 08:16 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-01 08:15 - 2014-11-01 08:17 - 00000000 ____D () C:\AdwCleaner
2014-10-31 10:11 - 2014-10-31 10:11 - 00000000 ___HD () C:\Windows\AxInstSV
2014-10-29 08:00 - 2014-11-01 08:18 - 00001140 _____ () C:\Windows\PFRO.log
2014-10-29 07:00 - 2014-10-29 07:00 - 00153712 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2014-10-29 07:00 - 2014-10-29 07:00 - 00140280 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2014-10-29 07:00 - 2014-10-29 07:00 - 00076624 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2014-10-29 07:00 - 2014-10-29 07:00 - 00064336 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2014-10-28 14:34 - 2014-11-02 06:54 - 00000952 _____ () C:\Windows\setupact.log
2014-10-28 14:34 - 2014-10-28 14:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-27 17:51 - 2014-10-31 16:38 - 00347464 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-10-27 17:51 - 2014-10-27 17:57 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-27 12:50 - 2014-10-27 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-27 12:49 - 2014-10-27 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-27 12:49 - 2014-10-27 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-27 12:49 - 2014-10-27 12:49 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-27 12:49 - 2014-10-27 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-27 12:49 - 2014-10-27 12:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-27 12:33 - 2014-10-27 12:33 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-10-26 06:45 - 2014-10-26 06:45 - 00000164 _____ () C:\Users\THOR\Desktop\BullGuard Online Drive.lnk
2014-10-26 06:38 - 2014-11-02 06:54 - 00000312 _____ () C:\Windows\system32\config\afw_hm.conf
2014-10-26 06:38 - 2014-11-02 06:54 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf
2014-10-25 20:31 - 2014-10-26 07:45 - 00000000 ____D () C:\Users\THOR\AppData\Roaming\BullGuard
2014-10-25 20:31 - 2014-10-25 20:31 - 00000990 _____ () C:\Users\Public\Desktop\BullGuard.lnk
2014-10-25 20:31 - 2014-10-25 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
2014-10-25 20:30 - 2014-10-25 20:30 - 00000000 ____D () C:\Program Files\Common Files\BullGuard Ltd
2014-10-25 20:30 - 2014-10-25 20:30 - 00000000 ____D () C:\Program Files\BullGuard Ltd
2014-10-25 20:28 - 2014-11-02 09:44 - 00000000 ____D () C:\ProgramData\BullGuard
2014-10-23 19:14 - 2014-10-23 19:14 - 00000222 _____ () C:\Users\THOR\Desktop\APB Reloaded.url
2014-10-23 12:41 - 2014-10-23 12:41 - 00000177 _____ () C:\console.log
2014-10-15 05:10 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 05:10 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 05:10 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 05:10 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 05:10 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 05:10 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 05:10 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 05:10 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 05:10 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 05:10 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 05:10 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 05:10 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 05:10 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 05:10 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 05:10 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 05:10 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 05:10 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 05:10 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 05:10 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 05:10 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 05:10 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 05:10 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 05:10 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 05:10 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 05:10 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 05:10 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 05:10 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 05:10 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 05:10 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 05:10 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 05:10 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 05:10 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 05:10 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 05:10 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 05:10 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 05:10 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 05:10 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 05:10 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 05:10 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 05:10 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 05:10 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 05:10 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 05:10 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 05:10 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 05:10 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 05:10 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 05:10 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 05:10 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 05:10 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 05:10 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 05:10 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 05:10 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 05:10 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 05:10 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 05:10 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 05:10 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 05:07 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 05:07 - 2014-08-18 19:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 05:07 - 2014-08-18 19:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 05:07 - 2014-08-18 19:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 05:07 - 2014-08-18 19:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 05:07 - 2014-08-18 19:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 05:07 - 2014-08-18 19:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 05:07 - 2014-08-18 19:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 05:07 - 2014-08-18 19:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 05:07 - 2014-08-18 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 05:07 - 2014-08-18 19:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 05:07 - 2014-08-18 18:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 05:07 - 2014-08-18 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 05:07 - 2014-08-18 18:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 05:07 - 2014-07-06 18:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 05:07 - 2014-07-06 18:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 05:07 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 05:07 - 2014-07-06 18:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 05:07 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 05:07 - 2014-07-06 18:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 05:07 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 05:07 - 2014-07-06 18:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 05:07 - 2014-07-06 18:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 05:07 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 05:07 - 2014-07-06 17:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 05:07 - 2014-07-06 17:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 05:07 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 05:07 - 2014-07-06 17:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 05:07 - 2014-07-06 17:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 05:07 - 2014-07-06 17:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 05:07 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 05:07 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 05:07 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 05:07 - 2014-06-27 16:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 05:07 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 05:07 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 05:07 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 05:07 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 05:07 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 05:07 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 05:07 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 05:07 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 05:06 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 05:06 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 05:06 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 05:01 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 05:01 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 05:01 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 05:01 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 05:01 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 05:01 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 05:01 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 05:01 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 05:01 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 05:01 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 05:01 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 05:01 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 05:01 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 05:01 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 05:01 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 05:01 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 05:00 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 05:00 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 05:00 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 05:00 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 09:24 - 2014-07-16 07:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 09:19 - 2013-05-19 13:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 07:03 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 07:01 - 2009-07-13 20:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 07:01 - 2009-07-13 20:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 06:57 - 2013-05-09 05:40 - 00000000 ____D () C:\Users\THOR\AppData\Local\CrashDumps
2014-11-02 06:54 - 2014-07-16 07:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 06:54 - 2014-01-03 09:15 - 00000000 ____D () C:\Temp
2014-11-02 06:54 - 2013-05-03 17:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-02 06:54 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 06:53 - 2013-05-03 15:34 - 01500625 _____ () C:\Windows\WindowsUpdate.log
2014-11-01 20:34 - 2013-05-03 16:00 - 00000000 ____D () C:\Users\THOR\AppData\Roaming\Adobe
2014-11-01 18:11 - 2014-02-24 11:25 - 00000000 ____D () C:\Users\THOR\Desktop\House stuff
2014-11-01 09:08 - 2013-05-03 15:45 - 00000000 ____D () C:\ProgramData\Norton
2014-10-31 16:38 - 2013-05-02 21:20 - 00347464 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-10-31 12:43 - 2013-05-02 20:39 - 00347464 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-10-29 07:00 - 2014-09-24 00:01 - 00321112 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSKernel.sys
2014-10-29 07:00 - 2014-09-24 00:01 - 00027544 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSNetmon.sys
2014-10-28 15:11 - 2013-05-15 12:29 - 00007602 _____ () C:\Users\THOR\AppData\Local\Resmon.ResmonCfg
2014-10-27 14:47 - 2013-08-04 16:01 - 00000000 ____D () C:\Quake2
2014-10-27 12:50 - 2013-09-21 15:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-27 12:33 - 2013-05-06 06:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-10-26 07:47 - 2013-06-15 09:33 - 00000000 ____D () C:\Windows\Minidump
2014-10-26 07:47 - 2013-05-03 07:27 - 00000000 ____D () C:\Windows\Panther
2014-10-25 20:30 - 2013-05-02 20:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-25 20:28 - 2013-12-21 13:44 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-24 18:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-23 13:19 - 2014-07-16 07:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 13:19 - 2014-07-16 07:51 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-23 12:51 - 2013-05-03 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-10-23 12:51 - 2013-05-03 16:52 - 00000000 ____D () C:\Program Files (x86)\GamersFirst
2014-10-23 12:36 - 2013-05-03 15:34 - 00000000 ____D () C:\Users\THOR
2014-10-23 12:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-10-23 06:36 - 2014-02-08 08:33 - 00724749 _____ () C:\Users\THOR\AppData\Local\census.cache
2014-10-23 06:36 - 2014-02-08 08:32 - 00072653 _____ () C:\Users\THOR\AppData\Local\ars.cache
2014-10-17 08:07 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 11:57 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 06:16 - 2009-07-13 20:45 - 00296744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 06:15 - 2014-05-06 20:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 06:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 06:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 20:18 - 2013-08-07 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 20:17 - 2013-05-03 16:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-09 18:20 - 2013-05-03 17:07 - 00000000 ____D () C:\Users\THOR\AppData\Roaming\.minecraft
2014-10-03 11:21 - 2013-08-16 10:41 - 00000000 ____D () C:\Users\THOR\Desktop\Metal Detector Stuff

Some content of TEMP:
====================
C:\Users\THOR\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 08:14

==================== End Of Log



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:28 PM

Posted 02 November 2014 - 01:18 PM

Hi,
there is some new malware:

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    Startup: C:\Users\THOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AodbeARMHelper.exe ()
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    2014-11-01 20:30 - 2014-11-01 20:30 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    2014-11-01 20:30 - 2014-11-01 20:30 - 00000000 ____D () C:\ProgramData\FispOlyeg
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

Please download and install mbam.pngMalwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif

Step 3

Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 sawmilldon

sawmilldon
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 02 November 2014 - 11:26 PM

Here is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by THOR at 2014-11-02 19:42:01 Run:2
Running from C:\Users\THOR\Desktop
Loaded Profile: THOR (Available profiles: THOR)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Startup: C:\Users\THOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AodbeARMHelper.exe ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
2014-11-01 20:30 - 2014-11-01 20:30 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-01 20:30 - 2014-11-01 20:30 - 00000000 ____D () C:\ProgramData\FispOlyeg
EmptyTemp:
*****************

C:\Users\THOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AodbeARMHelper.exe => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\ProgramData\FispOlyeg => Moved successfully.

 

 

Malwarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/2/2014
Scan Time: 8:10:31 PM
Logfile: mblog.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.03.02
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: THOR

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314971
Time Elapsed: 5 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

Hitman report:

 

HitmanPro 3.7.9.232
www.hitmanpro.com
   Computer name . . . . : THOR-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : THOR-PC\THOR
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (31 days left)
   Scan date . . . . . . : 2014-11-02 20:20:46
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 15s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 56
   Objects scanned . . . : 3,335,167
   Files scanned . . . . : 297,669
   Remnants scanned  . . : 2,029,983 files / 1,007,515 keys
Malware _____________________________________________________________________
   C:\FRST\Quarantine\C\ProgramData\Windows Genuine Advantage\{40BE17D0-133F-4596-97EE-00A323072B0C}\msiexec.exe -> Quarantined
      Size . . . . . . . : 118,784 bytes
      Age  . . . . . . . : 1.0 days (2014-11-01 20:30:24)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 9F5849F646EAE00DCFB0940F764828AF90FB61DF93AC5C8A9BA6997BA20A5862
    > Kaspersky  . . . . : Trojan-Ransom.Win32.Blocker.fzmp
      Fuzzy  . . . . . . : 129.0

Suspicious files ____________________________________________________________
   C:\$Recycle.Bin\S-1-5-21-4020961069-3267065953-2517700709-1000\$RN1R3PJ.exe
      Size . . . . . . . : 2,114,048 bytes
      Age  . . . . . . . : 1.1 days (2014-11-01 18:17:20)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : AE2D2C0759325087D4D2B6133D55129121438CE56BEAEA6141A9AF306183FCE5
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
   C:\Users\THOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9C48H62V\FRST64.exe
      Size . . . . . . . : 2,114,048 bytes
      Age  . . . . . . . : 1.5 days (2014-11-01 08:58:46)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : AE2D2C0759325087D4D2B6133D55129121438CE56BEAEA6141A9AF306183FCE5
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
   C:\Users\THOR\AppData\Local\PunkBuster\APB\pb\dll\wc002345.dll
      Size . . . . . . . : 1,018,416 bytes
      Age  . . . . . . . : 20.3 days (2014-10-13 13:04:37)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : BE5E9B9749DA372459DF60E1E836D74873048B041E3E740137EBAD32C3F98D2B
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
         -0.2s C:\Users\THOR\AppData\Local\PunkBuster\APB\pb\htm\wc002345.htm
          0.0s C:\Users\THOR\AppData\Local\PunkBuster\APB\pb\dll\wc002345.dll
   C:\Users\THOR\AppData\Local\PunkBuster\APB\pb\pbcl.dll
      Size . . . . . . . : 1,018,416 bytes
      Age  . . . . . . . : 3.0 days (2014-10-30 19:59:49)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : BE5E9B9749DA372459DF60E1E836D74873048B041E3E740137EBAD32C3F98D2B
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 24.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
   C:\Users\THOR\AppData\Local\PunkBuster\APB\pb\pbclold.dll
      Size . . . . . . . : 1,018,416 bytes
      Age  . . . . . . . : 549.0 days (2013-05-02 21:20:54)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : BE5E9B9749DA372459DF60E1E836D74873048B041E3E740137EBAD32C3F98D2B
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.
   C:\Users\THOR\AppData\Local\PunkBuster\APB\pb\PnkBstrK.sys
      Size . . . . . . . : 139,904 bytes
      Age  . . . . . . . : 549.0 days (2013-05-02 21:21:04)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 5FFC3A37106249E619700B233D73AC3024B5902A76A6FCEA687B7123DD8D68AD
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
   C:\Users\THOR\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,114,048 bytes
      Age  . . . . . . . : 0.6 days (2014-11-02 06:49:33)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : AE2D2C0759325087D4D2B6133D55129121438CE56BEAEA6141A9AF306183FCE5
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\THOR\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\THOR\Desktop\FRST64.exe
   C:\Users\THOR\Desktop\FRST64.exe
      Size . . . . . . . : 2,114,560 bytes
      Age  . . . . . . . : 0.6 days (2014-11-02 06:49:33)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : C3D38BE8C0CEE5862472EC7449D3457C46591C186BC1B1426DE3A41F3B8BDDAE
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\THOR\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\THOR\Desktop\FRST64.exe

Potential Unwanted Programs _________________________________________________
   C:\Users\THOR\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{EEE6C360-6118-11DC-9C72-001320C79847}.ico (Sweetpacks) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASAPI32\ (BrowserSafeguard) -> Deleted
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASMANCS\ (BrowserSafeguard) -> Deleted
   HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) -> Deleted
   HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find) -> Deleted
   HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectShowTabsWelcome (22Find) -> Deleted
Cookies _____________________________________________________________________
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adk2.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:cbsdigitalmedia.112.2o7.net
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com

 

Last FRST act log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014
Ran by THOR (administrator) on THOR-PC on 02-11-2014 20:24:44
Running from C:\Users\THOR\Desktop
Loaded Profile: THOR (Available profiles: THOR)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2012-08-07] (Realtek Semiconductor)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1337680 2014-10-29] (BullGuard Ltd.)
HKLM\...\Run: [BullGuardUpdate2] => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2933072 2014-10-29] (BullGuard Ltd.)
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe [1384608 2012-07-12] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1938624 2014-10-21] (Valve Corporation)
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3111264 2012-10-03] (DT Soft Ltd)
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\Run: [Amazon Music] => C:\Users\THOR\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\MountPoints2: {9d691561-dc06-11e2-b57e-60a44c61807a} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-4020961069-3267065953-2517700709-1000\...\MountPoints2: {cf05d57b-b3fd-11e2-8a44-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [AOD] => C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
AppInit_DLLs: c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll => c:\Program Files\BullGuard Ltd\BullGuard\BgAgent.dll [101680 2014-10-09] (BullGuard Ltd.)
AppInit_DLLs-x32: c:\PROGRA~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll => c:\Program Files\BullGuard Ltd\BullGuard\Files32\BgAgent.dll [86712 2014-10-09] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x41A5AAB15948CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - {C7FA19E4-5BF0-4587-9000-30AFA4A0E037} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130519,19933,1937,25,6368
SearchScopes: HKCU - {CF80AD5B-6A71-4215-8AF0-886ED9908755} URL = https://www.google.com/search?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
DPF: HKLM-x32 {54EABC7D-40DC-4667-8517-F42D00540342} http://whatcom.ctc.tegrity.com/tegrity/_Player/1.0/code/DRMActiveX_x86.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\THOR\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard
FF Extension: BullGuard Safe Browsing - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [2014-10-25]

Chrome:
=======
CHR Profile: C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-05-27]
CHR Extension: (No Name) - C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-05-27]
CHR Extension: (Google Wallet) - C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2014-02-08] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-16] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe [408960 2012-10-14] (ASUSTeK Computer Inc.)
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [751952 2014-10-29] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [591184 2014-10-29] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [156496 2014-10-29] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [421200 2014-10-29] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [758608 2014-10-29] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [757584 2014-10-29] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [538960 2014-10-29] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [280912 2014-10-29] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [384848 2014-10-29] (BullGuard Ltd.)
R2 EFS; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-10-27] ()
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2014-02-08] () [File not signed]
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2014-02-08] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [41680 2014-09-04] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [469712 2014-09-04] (Agnitum Ltd.)
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-13] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 2014-05-15] (BullGuard Ltd.)
R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [34896 2014-03-19] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [67680 2014-02-26] (BullGuard Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-06] (DT Soft Ltd)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [321112 2014-10-29] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [27544 2014-10-29] (BullGuard Ltd.)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2014-02-26] (BitDefender S.R.L.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 20:24 - 2014-11-02 20:24 - 00018590 _____ () C:\Users\THOR\Desktop\FRST.txt
2014-11-02 20:23 - 2014-11-02 20:23 - 00028536 _____ () C:\Users\THOR\Desktop\HitmanPro_20141102_2023.log
2014-11-02 20:23 - 2014-11-02 20:23 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-11-02 20:23 - 2014-11-02 20:23 - 00000542 _____ () C:\Windows\system32\bootdelete.lst
2014-11-02 20:08 - 2014-11-02 20:23 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-02 19:59 - 2014-11-02 20:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 19:59 - 2014-11-02 19:59 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-02 19:59 - 2014-11-02 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-02 19:59 - 2014-11-02 19:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-02 19:59 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-02 19:59 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-02 19:59 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-02 19:41 - 2014-11-02 19:41 - 00000389 _____ () C:\Users\THOR\Desktop\fixlist.txt
2014-11-02 06:56 - 2014-11-02 06:56 - 00000512 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2014-11-02 06:52 - 2014-11-02 06:52 - 00000000 ____D () C:\Users\THOR\Desktop\FRST-OlderVersion
2014-11-02 06:49 - 2014-11-02 06:52 - 02114560 _____ (Farbar) C:\Users\THOR\Desktop\FRST64.exe
2014-11-01 18:18 - 2014-11-01 18:18 - 00027900 _____ () C:\Users\THOR\Desktop\Addition.txt
2014-11-01 09:09 - 2014-11-01 09:09 - 00000000 ____D () C:\NPE
2014-11-01 09:08 - 2014-11-01 09:20 - 00000000 ____D () C:\Users\THOR\AppData\Local\NPE
2014-11-01 09:00 - 2014-11-02 20:24 - 00000000 ____D () C:\FRST
2014-11-01 08:40 - 2014-11-01 08:40 - 00000000 ____D () C:\Windows\ERUNT
2014-11-01 08:16 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-11-01 08:15 - 2014-11-01 08:17 - 00000000 ____D () C:\AdwCleaner
2014-10-31 10:11 - 2014-10-31 10:11 - 00000000 ___HD () C:\Windows\AxInstSV
2014-10-29 08:00 - 2014-11-01 08:18 - 00001140 _____ () C:\Windows\PFRO.log
2014-10-29 07:00 - 2014-10-29 07:00 - 00153712 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2014-10-29 07:00 - 2014-10-29 07:00 - 00140280 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2014-10-29 07:00 - 2014-10-29 07:00 - 00076624 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2014-10-29 07:00 - 2014-10-29 07:00 - 00064336 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
2014-10-28 14:34 - 2014-11-02 06:54 - 00000952 _____ () C:\Windows\setupact.log
2014-10-28 14:34 - 2014-10-28 14:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-27 17:51 - 2014-10-31 16:38 - 00347464 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-10-27 17:51 - 2014-10-27 17:57 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-10-27 12:50 - 2014-10-27 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-27 12:49 - 2014-10-27 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-27 12:49 - 2014-10-27 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-27 12:49 - 2014-10-27 12:49 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-27 12:49 - 2014-10-27 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-27 12:49 - 2014-10-27 12:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-27 12:33 - 2014-10-27 12:33 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-10-26 06:45 - 2014-10-26 06:45 - 00000164 _____ () C:\Users\THOR\Desktop\BullGuard Online Drive.lnk
2014-10-26 06:38 - 2014-11-02 19:52 - 00000312 _____ () C:\Windows\system32\config\afw_hm.conf
2014-10-26 06:38 - 2014-11-02 19:52 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf
2014-10-25 20:31 - 2014-10-26 07:45 - 00000000 ____D () C:\Users\THOR\AppData\Roaming\BullGuard
2014-10-25 20:31 - 2014-10-25 20:31 - 00000990 _____ () C:\Users\Public\Desktop\BullGuard.lnk
2014-10-25 20:31 - 2014-10-25 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
2014-10-25 20:30 - 2014-10-25 20:30 - 00000000 ____D () C:\Program Files\Common Files\BullGuard Ltd
2014-10-25 20:30 - 2014-10-25 20:30 - 00000000 ____D () C:\Program Files\BullGuard Ltd
2014-10-25 20:28 - 2014-11-02 20:24 - 00000000 ____D () C:\ProgramData\BullGuard
2014-10-23 19:14 - 2014-10-23 19:14 - 00000222 _____ () C:\Users\THOR\Desktop\APB Reloaded.url
2014-10-23 12:41 - 2014-10-23 12:41 - 00000177 _____ () C:\console.log
2014-10-15 05:10 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 05:10 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 05:10 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 05:10 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 05:10 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 05:10 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 05:10 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 05:10 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 05:10 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 05:10 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 05:10 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 05:10 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 05:10 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 05:10 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 05:10 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 05:10 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 05:10 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 05:10 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 05:10 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 05:10 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 05:10 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 05:10 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 05:10 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 05:10 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 05:10 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 05:10 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 05:10 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 05:10 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 05:10 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 05:10 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 05:10 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 05:10 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 05:10 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 05:10 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 05:10 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 05:10 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 05:10 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 05:10 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 05:10 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 05:10 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 05:10 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 05:10 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 05:10 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 05:10 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 05:10 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 05:10 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 05:10 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 05:10 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 05:10 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 05:10 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 05:10 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 05:10 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 05:10 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 05:10 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 05:10 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 05:10 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 05:07 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 05:07 - 2014-08-18 19:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 05:07 - 2014-08-18 19:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 05:07 - 2014-08-18 19:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 05:07 - 2014-08-18 19:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 05:07 - 2014-08-18 19:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 05:07 - 2014-08-18 19:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 05:07 - 2014-08-18 19:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 05:07 - 2014-08-18 19:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 05:07 - 2014-08-18 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 05:07 - 2014-08-18 19:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 05:07 - 2014-08-18 18:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 05:07 - 2014-08-18 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 05:07 - 2014-08-18 18:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 05:07 - 2014-07-06 18:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 05:07 - 2014-07-06 18:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 05:07 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 05:07 - 2014-07-06 18:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 05:07 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 05:07 - 2014-07-06 18:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 05:07 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 05:07 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 05:07 - 2014-07-06 18:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 05:07 - 2014-07-06 18:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 05:07 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 05:07 - 2014-07-06 17:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 05:07 - 2014-07-06 17:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 05:07 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 05:07 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 05:07 - 2014-07-06 17:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 05:07 - 2014-07-06 17:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 05:07 - 2014-07-06 17:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 05:07 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 05:07 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 05:07 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 05:07 - 2014-06-27 16:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 05:07 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 05:07 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 05:07 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 05:07 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 05:07 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 05:07 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 05:07 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 05:07 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 05:06 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 05:06 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 05:06 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 05:01 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 05:01 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 05:01 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 05:01 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 05:01 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 05:01 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 05:01 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 05:01 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 05:01 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 05:01 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 05:01 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 05:01 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 05:01 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 05:01 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 05:01 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 05:01 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 05:00 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 05:00 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 05:00 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 05:00 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 20:24 - 2014-07-16 07:51 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 20:19 - 2013-05-19 13:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 19:48 - 2013-05-09 05:40 - 00000000 ____D () C:\Users\THOR\AppData\Local\CrashDumps
2014-11-02 14:37 - 2013-05-03 15:34 - 01502454 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 14:24 - 2014-07-16 07:51 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 07:03 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 07:01 - 2009-07-13 20:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 07:01 - 2009-07-13 20:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 06:54 - 2014-01-03 09:15 - 00000000 ____D () C:\Temp
2014-11-02 06:54 - 2013-05-03 17:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-02 06:54 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-01 20:34 - 2013-05-03 16:00 - 00000000 ____D () C:\Users\THOR\AppData\Roaming\Adobe
2014-11-01 18:11 - 2014-02-24 11:25 - 00000000 ____D () C:\Users\THOR\Desktop\House stuff
2014-11-01 09:08 - 2013-05-03 15:45 - 00000000 ____D () C:\ProgramData\Norton
2014-10-31 16:38 - 2013-05-02 21:20 - 00347464 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-10-31 12:43 - 2013-05-02 20:39 - 00347464 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-10-29 07:00 - 2014-09-24 00:01 - 00321112 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSKernel.sys
2014-10-29 07:00 - 2014-09-24 00:01 - 00027544 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSNetmon.sys
2014-10-28 15:11 - 2013-05-15 12:29 - 00007602 _____ () C:\Users\THOR\AppData\Local\Resmon.ResmonCfg
2014-10-27 14:47 - 2013-08-04 16:01 - 00000000 ____D () C:\Quake2
2014-10-27 12:50 - 2013-09-21 15:55 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-27 12:33 - 2013-05-06 06:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-10-26 07:47 - 2013-06-15 09:33 - 00000000 ____D () C:\Windows\Minidump
2014-10-26 07:47 - 2013-05-03 07:27 - 00000000 ____D () C:\Windows\Panther
2014-10-25 20:30 - 2013-05-02 20:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-25 20:28 - 2013-12-21 13:44 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-24 18:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-23 13:19 - 2014-07-16 07:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 13:19 - 2014-07-16 07:51 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-23 12:51 - 2013-05-03 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-10-23 12:51 - 2013-05-03 16:52 - 00000000 ____D () C:\Program Files (x86)\GamersFirst
2014-10-23 12:36 - 2013-05-03 15:34 - 00000000 ____D () C:\Users\THOR
2014-10-23 12:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-10-23 06:36 - 2014-02-08 08:33 - 00724749 _____ () C:\Users\THOR\AppData\Local\census.cache
2014-10-23 06:36 - 2014-02-08 08:32 - 00072653 _____ () C:\Users\THOR\AppData\Local\ars.cache
2014-10-17 08:07 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 11:57 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 06:16 - 2009-07-13 20:45 - 00296744 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 06:15 - 2014-05-06 20:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 06:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 06:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 20:18 - 2013-08-07 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 20:17 - 2013-05-03 16:29 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-09 18:20 - 2013-05-03 17:07 - 00000000 ____D () C:\Users\THOR\AppData\Roaming\.minecraft
2014-10-03 11:21 - 2013-08-16 10:41 - 00000000 ____D () C:\Users\THOR\Desktop\Metal Detector Stuff

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 08:14

==================== End Of Log ============================



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:28 PM

Posted 03 November 2014 - 02:30 AM

How is the computer running now?

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   74bytes   7 downloads
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 sawmilldon

sawmilldon
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 03 November 2014 - 10:45 AM

Running great.

 

Thanks for your help!



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:28 PM

Posted 03 November 2014 - 03:23 PM

It's good to hear that your problems appear to be solved. :)

But we're not done yet. Please perform step 1 above...
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 sawmilldon

sawmilldon
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 03 November 2014 - 03:49 PM

Okay. Here is the log

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by THOR at 2014-11-03 12:48:05 Run:3
Running from C:\Users\THOR\Desktop
Loaded Profile: THOR (Available profiles: THOR)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
File: C:\Windows\SysWOW64\lsass.exe
File: C:\Windows\SysWOW64\spoolsv.exe
*****************

========================= File: C:\Windows\SysWOW64\lsass.exe ========================

MD5:
Creation and modification date: 2014-02-08 08:22 - 2014-02-08 08:22
Size: 0000000
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======

========================= File: C:\Windows\SysWOW64\spoolsv.exe ========================

MD5:
Creation and modification date: 2014-02-08 08:22 - 2014-02-08 08:22
Size: 0000000
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======

==== End of Fixlog ===



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:28 PM

Posted 03 November 2014 - 03:58 PM

Let's do a final check up:

Step 1


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 2

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 sawmilldon

sawmilldon
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 04 November 2014 - 12:37 AM

OK, here are the logs.

 

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=31883d42356acd41a9ed89fb62237ec9
# engine=20915
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-04 05:29:56
# local_time=2014-11-03 09:29:56 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='BullGuard Antivirus'
# compatibility_mode=4613 16777215 100 96 0 20738618 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 26617838 166622446 0 0
# scanned=487722
# found=9
# cleaned=0
# scan_time=7126
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=99305C6442241239E842917B77D14F81373A8CA8 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir"
sh=170E95D460F6646D76779B4FE097711093F9EC14 ft=1 fh=51a54013aaae74e4 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir"
sh=5BDC41344664FBBB8ABB0FBDE34F2B736E5C0418 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\THOR\AppData\Local\CRE\fdkednngfjmpnljkolbapdednncafhen.crx.vir"
sh=B67A4E82D10D221DB65BE784386F27B953FAFFB0 ft=1 fh=5ed6ffdbccbf23cc vn="a variant of Win32/Kryptik.CPCU trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\FispOlyeg\FispOlyeg.dat"
sh=32BD06965F9592026A8AC1CAFBE42B65ECDEBFA0 ft=1 fh=fbd41dbd867d2ad9 vn="a variant of Win32/Kryptik.CPAH trojan" ac=I fn="C:\FRST\Quarantine\C\Users\THOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AodbeARMHelper.exe.xBAD"
sh=3921B3425C5C561B5478A3ABBBD49C11775A0882 ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.L potentially unwanted application" ac=I fn="C:\Users\THOR\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx"
sh=498E1C3D6FEE6C817C1D13FF45C8F3AD668F8FA7 ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NHV trojan" ac=I fn="C:\Users\THOR\AppData\Local\Temp\1f28\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCW7I0WY\2boeljufbm[1].htm"
sh=A746B16CF418091D394D5438DE548A2ED783A42D ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NHR trojan" ac=I fn="C:\Users\THOR\AppData\Local\Temp\2960\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IM58XND7\0am2n800ql[1].htm"

 

TDSS Killer scan found no issues, here is the report:

 

21:34:08.0437 0x06f8 TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34

21:34:11.0976 0x06f8 ============================================================

21:34:11.0976 0x06f8 Current date / time: 2014/11/03 21:34:11.0976

21:34:11.0976 0x06f8 SystemInfo:

21:34:11.0976 0x06f8

21:34:11.0976 0x06f8 OS Version: 6.1.7601 ServicePack: 1.0

21:34:11.0976 0x06f8 Product type: Workstation

21:34:11.0976 0x06f8 ComputerName: THOR-PC

21:34:11.0976 0x06f8 UserName: THOR

21:34:11.0976 0x06f8 Windows directory: C:\Windows

21:34:11.0976 0x06f8 System windows directory: C:\Windows

21:34:11.0976 0x06f8 Running under WOW64

21:34:11.0976 0x06f8 Processor architecture: Intel x64

21:34:11.0976 0x06f8 Number of processors: 8

21:34:11.0976 0x06f8 Page size: 0x1000

21:34:11.0976 0x06f8 Boot type: Normal boot

21:34:11.0976 0x06f8 ============================================================

21:34:12.0103 0x06f8 KLMD registered as C:\Windows\system32\drivers\27090728.sys

21:34:12.0165 0x06f8 System UUID: {16F4B4AB-8714-C78A-F05C-DC73889C9EC8}

21:34:12.0451 0x06f8 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:34:12.0456 0x06f8 ============================================================

21:34:12.0456 0x06f8 \Device\Harddisk0\DR0:

21:34:12.0457 0x06f8 MBR partitions:

21:34:12.0457 0x06f8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

21:34:12.0457 0x06f8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1DCC0000

21:34:12.0457 0x06f8 ============================================================

21:34:12.0458 0x06f8 C: <-> \Device\Harddisk0\DR0\Partition2

21:34:12.0458 0x06f8 ============================================================

21:34:12.0458 0x06f8 Initialize success

21:34:12.0458 0x06f8 ============================================================

21:34:36.0912 0x13a4 ============================================================

21:34:36.0912 0x13a4 Scan started

21:34:36.0912 0x13a4 Mode: Manual; SigCheck; TDLFS;

21:34:36.0912 0x13a4 ============================================================

21:34:36.0912 0x13a4 KSN ping started

21:34:39.0458 0x13a4 KSN ping finished: true

21:34:40.0478 0x13a4 ================ Scan system memory ========================

21:34:40.0478 0x13a4 System memory - ok

21:34:40.0478 0x13a4 ================ Scan services =============================

21:34:40.0502 0x13a4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

21:34:40.0596 0x13a4 1394ohci - ok

21:34:40.0610 0x13a4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys

21:34:40.0626 0x13a4 ACPI - ok

21:34:40.0629 0x13a4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

21:34:40.0644 0x13a4 AcpiPmi - ok

21:34:40.0649 0x13a4 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

21:34:40.0658 0x13a4 AdobeARMservice - ok

21:34:40.0674 0x13a4 [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

21:34:40.0687 0x13a4 AdobeFlashPlayerUpdateSvc - ok

21:34:40.0699 0x13a4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

21:34:40.0718 0x13a4 adp94xx - ok

21:34:40.0727 0x13a4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys

21:34:40.0742 0x13a4 adpahci - ok

21:34:40.0749 0x13a4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

21:34:40.0760 0x13a4 adpu320 - ok

21:34:40.0765 0x13a4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

21:34:40.0806 0x13a4 AeLookupSvc - ok

21:34:40.0818 0x13a4 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys

21:34:40.0837 0x13a4 AFD - ok

21:34:40.0841 0x13a4 [ E82F6B4E8CDB1927824A4BFBC039E2E4, D10219EBB9F3376F8FBBA4133AE1F50EDAD5B63DCF50478356F22F68ED3081A3 ] AFW C:\Windows\system32\DRIVERS\afw.sys

21:34:40.0853 0x13a4 AFW - ok

21:34:40.0864 0x13a4 [ E850EA699AA1D976BAD3EA54D020B98C, 4B486A3B206A1F5FEDB44104B7EB9E963A32AF8EBE4538947DD74AA321587AE8 ] afwcore C:\Windows\system32\DRIVERS\afwcore.sys

21:34:40.0881 0x13a4 afwcore - ok

21:34:40.0885 0x13a4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys

21:34:40.0894 0x13a4 agp440 - ok

21:34:40.0897 0x13a4 [ 4BFB41025FA1C37205EDEEFDE36F7771, EA171520C0C8DAFA3D656EC4815393F77096C1E22EC9F39756B52D1565483102 ] AiChargerPlus C:\Windows\syswow64\drivers\AiChargerPlus.sys

21:34:40.0905 0x13a4 AiChargerPlus - ok

21:34:40.0909 0x13a4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe

21:34:40.0921 0x13a4 ALG - ok

21:34:40.0924 0x13a4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys

21:34:40.0932 0x13a4 aliide - ok

21:34:40.0939 0x13a4 [ 66B54471B5856E314947881E28263A6D, 2D60706B52A2CE98FF806337D62CD010C1DEB2AEDDF899C7B67173928B2D7C4C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

21:34:40.0959 0x13a4 AMD External Events Utility - ok

21:34:40.0962 0x13a4 AMD FUEL Service - ok

21:34:40.0965 0x13a4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys

21:34:40.0973 0x13a4 amdide - ok

21:34:40.0977 0x13a4 [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys

21:34:40.0985 0x13a4 amdiox64 - ok

21:34:40.0988 0x13a4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

21:34:40.0998 0x13a4 AmdK8 - ok

21:34:41.0251 0x13a4 [ FBB35875FEFE53D4280259842069ED72, B1A1B5799A6C50C244182CD201A1E9FCB7BE3B5ED4BB2E2E6BCF8E1BF53B75DB ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

21:34:41.0552 0x13a4 amdkmdag - ok

21:34:41.0589 0x13a4 [ A32BCAD9377E3B75D034CAFBA463A0AE, F504895D9C9CD1B4607806BCAF15A1CBFBAC2E5824903277A1350C9F35045602 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

21:34:41.0613 0x13a4 amdkmdap - ok

21:34:41.0618 0x13a4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

21:34:41.0628 0x13a4 AmdPPM - ok

21:34:41.0632 0x13a4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys

21:34:41.0643 0x13a4 amdsata - ok

21:34:41.0649 0x13a4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

21:34:41.0661 0x13a4 amdsbs - ok

21:34:41.0665 0x13a4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys

21:34:41.0673 0x13a4 amdxata - ok

21:34:41.0677 0x13a4 [ EE4797DFEBBE8ACDB548DD8E80BE0A88, 9D56F835A5A9C045829EDFB546379E3448C9E539E5C2608B559DE4D052FEC769 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys

21:34:41.0685 0x13a4 amd_sata - ok

21:34:41.0688 0x13a4 [ D56EAD71A86FD2ACAE2DB47D0A6A3A41, 2E5E6D0E00D25765CC8B9997B26DE43F305966BFA518CB72EA7CA77152001726 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys

21:34:41.0695 0x13a4 amd_xata - ok

21:34:41.0698 0x13a4 [ E8CCB797DAF80779C768BD3A9FC8FCAF, 781BD878CA34D8B6D2FE238439CD173E95449260428859BEA92866D41B1284F4 ] AODDriver4.2.0 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

21:34:41.0706 0x13a4 AODDriver4.2.0 - ok

21:34:41.0710 0x13a4 [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID C:\Windows\system32\drivers\appid.sys

21:34:41.0721 0x13a4 AppID - ok

21:34:41.0724 0x13a4 [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc C:\Windows\System32\appidsvc.dll

21:34:41.0733 0x13a4 AppIDSvc - ok

21:34:41.0737 0x13a4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll

21:34:41.0747 0x13a4 Appinfo - ok

21:34:41.0753 0x13a4 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll

21:34:41.0766 0x13a4 AppMgmt - ok

21:34:41.0770 0x13a4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys

21:34:41.0780 0x13a4 arc - ok

21:34:41.0784 0x13a4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys

21:34:41.0793 0x13a4 arcsas - ok

21:34:41.0796 0x13a4 [ EB6DC008A1F36DFD7999EB57E97EAACE, 2652798D622A751AD84429E03266F32B4EE86DECC34CA8153790D04F43E03A66 ] asahci64 C:\Windows\system32\DRIVERS\asahci64.sys

21:34:41.0804 0x13a4 asahci64 - ok

21:34:41.0824 0x13a4 [ 31E2470E61D5A390405BA41C279D8446, ADA2518DCB78529F716622E45775283CBBB8CA61A4E90B99C2D799C23C8AFCAA ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe

21:34:41.0847 0x13a4 asComSvc - ok

21:34:41.0868 0x13a4 [ 0466B91EE5767A769E9F8EDB8EF94DDB, 04A529E57D6F617688B072B3BD281538B6B02BB985EE0AE2E355E685E52BE0C8 ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe

21:34:41.0892 0x13a4 asHmComSvc - ok

21:34:41.0896 0x13a4 [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys

21:34:41.0903 0x13a4 AsIO - ok

21:34:41.0908 0x13a4 [ 22842362DF890F5492F85AA60916A697, EC01380B1C9BF4CFBA018FC314563F0785280172A2A9B51D50F088E7101951EF ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys

21:34:41.0922 0x13a4 asmthub3 - ok

21:34:41.0932 0x13a4 [ 08E2D77766CC05E75A0707207D9FC684, 6CF3B12B2B3375B715A3EBC66EF148CEA2248D448A3A37875B7B1BC7CDA40FDD ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys

21:34:41.0950 0x13a4 asmtxhci - ok

21:34:41.0959 0x13a4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

21:34:41.0969 0x13a4 aspnet_state - ok

21:34:41.0974 0x13a4 [ AD8947D621FDCA48F1F39F4624B60AA1, D685CD1A378FA411EA11C18615A1EC5D66CEC2F990DB0D4181EE3140B9DF3E8B ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe

21:34:41.0983 0x13a4 AsSysCtrlService - ok

21:34:41.0986 0x13a4 [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys

21:34:41.0993 0x13a4 AsUpIO - ok

21:34:42.0003 0x13a4 [ 96760A3494B1F95A25A83A3A3FFA6436, 4B0A6712233DACB7CBE6D929909147A2296BA96096EE73346827016E31DC215B ] AsusFanControlService C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.19\AsusFanControlService.exe

21:34:42.0018 0x13a4 AsusFanControlService - ok

21:34:42.0022 0x13a4 [ A5E4CDB420540095D1293C874B5F89AA, EBC082FF94872537649F00D91AF22E0AFB4D538ACDB4731C9A95D209C7B144FD ] ASUSFILTER C:\Windows\syswow64\drivers\ASUSFILTER.sys

21:34:42.0030 0x13a4 ASUSFILTER - ok

21:34:42.0033 0x13a4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

21:34:42.0056 0x13a4 AsyncMac - ok

21:34:42.0059 0x13a4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys

21:34:42.0067 0x13a4 atapi - ok

21:34:42.0072 0x13a4 [ 770A3B0D78232B0C1054495392A1FBA3, 733BB08BAFE42E848F3A3CDFD80A2C37DB829CAD2E18B3D6299FDEE6EF30C9CD ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

21:34:42.0083 0x13a4 AtiHDAudioService - ok

21:34:42.0098 0x13a4 [ 2C1B6A64294F2182DC4999F923873974, 6D611636D849631BB1F852DC03A98BBFEC4D797A2707CA63427E187F0725A796 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:34:42.0121 0x13a4 AudioEndpointBuilder - ok

21:34:42.0136 0x13a4 [ 2C1B6A64294F2182DC4999F923873974, 6D611636D849631BB1F852DC03A98BBFEC4D797A2707CA63427E187F0725A796 ] AudioSrv C:\Windows\System32\Audiosrv.dll

21:34:42.0157 0x13a4 AudioSrv - ok

21:34:42.0163 0x13a4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll

21:34:42.0181 0x13a4 AxInstSV - ok

21:34:42.0193 0x13a4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

21:34:42.0211 0x13a4 b06bdrv - ok

21:34:42.0220 0x13a4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

21:34:42.0234 0x13a4 b57nd60a - ok

21:34:42.0240 0x13a4 [ 8227E7E1F24A92C81501E4B4E1C933E4, 3A26C36BD63237CA9CAAC591B61752E097549ECB612CA9AD069946FE43188213 ] BdAgent C:\Windows\system32\DRIVERS\BdAgent.sys

21:34:42.0251 0x13a4 BdAgent - ok

21:34:42.0255 0x13a4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll

21:34:42.0266 0x13a4 BDESVC - ok

21:34:42.0269 0x13a4 [ 1126E76963E61BC5958E17D0549C67A6, FCB437E33BBBB070F73D949BE82E9BFFDC0B0B7BE791E1CD4AED9E9A2E8B1BBD ] BdNet C:\Windows\system32\DRIVERS\BdNet.sys

21:34:42.0277 0x13a4 BdNet - ok

21:34:42.0281 0x13a4 [ 6D9CF97F3E088AFB29490EB96136235D, 8423E31D8DCE0EC6AD577B03BB0A78E2354170D0F96E94F54C107A6281BEF88A ] BdSpy C:\Windows\system32\drivers\BdSpy.sys

21:34:42.0290 0x13a4 BdSpy - ok

21:34:42.0293 0x13a4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys

21:34:42.0316 0x13a4 Beep - ok

21:34:42.0332 0x13a4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll

21:34:42.0356 0x13a4 BFE - ok

21:34:42.0376 0x13a4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll

21:34:42.0442 0x13a4 BITS - ok

21:34:42.0447 0x13a4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

21:34:42.0457 0x13a4 blbdrive - ok

21:34:42.0461 0x13a4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

21:34:42.0472 0x13a4 bowser - ok

21:34:42.0475 0x13a4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

21:34:42.0485 0x13a4 BrFiltLo - ok

21:34:42.0488 0x13a4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

21:34:42.0498 0x13a4 BrFiltUp - ok

21:34:42.0503 0x13a4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll

21:34:42.0515 0x13a4 Browser - ok

21:34:42.0523 0x13a4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys

21:34:42.0538 0x13a4 Brserid - ok

21:34:42.0542 0x13a4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

21:34:42.0553 0x13a4 BrSerWdm - ok

21:34:42.0556 0x13a4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

21:34:42.0567 0x13a4 BrUsbMdm - ok

21:34:42.0569 0x13a4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

21:34:42.0578 0x13a4 BrUsbSer - ok

21:34:42.0596 0x13a4 [ 2F1BB35BF7A11E69DB208EF6D8318831, D22A25698F7ECBE882E13F16EFB68779FF022D7F2E81D5F3B35A359DDCCE9550 ] BsBackup C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll

21:34:42.0619 0x13a4 BsBackup - ok

21:34:42.0633 0x13a4 [ C0A8FD3081934F967D2F27D1B9F25E64, E7D1965D158E05AA99C25A6B9E61B4BF21798D94C36C7B1467001C7189695326 ] BsBhvScan C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe

21:34:42.0652 0x13a4 BsBhvScan - ok

21:34:42.0658 0x13a4 [ A6B44B60669A33CEB9CC2CBD4A26CAB2, 50B7984E28657A8AA27F5281278DC0D16FA43358C66BBFC6E74B12E47942D366 ] BsCache C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll

21:34:42.0668 0x13a4 BsCache - ok

21:34:42.0678 0x13a4 [ DB0E275CB03E39DCF9365093F0B0FFDB, AD946062468A76F65F7723556EBB6EF9E9B4FA91005A44EA61B4268E436F88E9 ] BsFileScan c:\program files\bullguard ltd\bullguard\BsFileScan.dll

21:34:42.0694 0x13a4 BsFileScan - ok

21:34:42.0711 0x13a4 [ 41FAD2D5B96E2D91710FF6734A93D96D, 3689334E06624C85380DD0716FB7554FBF1145246E6159E39C4E0240DB4D8B06 ] BsFire c:\program files\bullguard ltd\bullguard\BsFire.dll

21:34:42.0734 0x13a4 BsFire - ok

21:34:42.0752 0x13a4 [ 3D55516DEDF2A76277799810BF055AD0, ED0C29EE43C714166D2EA020318617DA0F5E2083102036DFF05C24B3A8BF695E ] BsMailProxy c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll

21:34:42.0774 0x13a4 BsMailProxy - ok

21:34:42.0788 0x13a4 [ 85F738DA210951D91150C5F7BC6C9150, EF649DC343ECF60FBD0E8773B1B68112E546FDDC7C620B26915D04D83D9D085E ] BsMain C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll

21:34:42.0806 0x13a4 BsMain - ok

21:34:42.0814 0x13a4 [ 021050191D0D5FBB6C6E05B8432D91A8, D55FEE9D85E70BD3B6966E79954C30A4B758B978E5953C91F60741D3C435E8FD ] BsScanner C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe

21:34:42.0827 0x13a4 BsScanner - ok

21:34:42.0837 0x13a4 [ BDBC6B30DE4A9D109A88032157992FE9, 402E70F4F8B31C0384CE473688D7BA8FA6387F659B41908B1A0480385D89887A ] BsUpdate C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe

21:34:42.0851 0x13a4 BsUpdate - ok

21:34:42.0855 0x13a4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

21:34:42.0867 0x13a4 BTHMODEM - ok

21:34:42.0872 0x13a4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll

21:34:42.0897 0x13a4 bthserv - ok

21:34:42.0901 0x13a4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

21:34:42.0927 0x13a4 cdfs - ok

21:34:42.0932 0x13a4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

21:34:42.0944 0x13a4 cdrom - ok

21:34:42.0948 0x13a4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll

21:34:42.0973 0x13a4 CertPropSvc - ok

21:34:42.0976 0x13a4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys

21:34:42.0987 0x13a4 circlass - ok

21:34:42.0997 0x13a4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys

21:34:43.0013 0x13a4 CLFS - ok

21:34:43.0017 0x13a4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:34:43.0026 0x13a4 clr_optimization_v2.0.50727_32 - ok

21:34:43.0031 0x13a4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:34:43.0041 0x13a4 clr_optimization_v2.0.50727_64 - ok

21:34:43.0047 0x13a4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:34:43.0058 0x13a4 clr_optimization_v4.0.30319_32 - ok

21:34:43.0064 0x13a4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:34:43.0076 0x13a4 clr_optimization_v4.0.30319_64 - ok

21:34:43.0079 0x13a4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

21:34:43.0088 0x13a4 CmBatt - ok

21:34:43.0091 0x13a4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys

21:34:43.0099 0x13a4 cmdide - ok

21:34:43.0110 0x13a4 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys

21:34:43.0132 0x13a4 CNG - ok

21:34:43.0136 0x13a4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

21:34:43.0144 0x13a4 Compbatt - ok

21:34:43.0147 0x13a4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

21:34:43.0158 0x13a4 CompositeBus - ok

21:34:43.0161 0x13a4 COMSysApp - ok

21:34:43.0164 0x13a4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

21:34:43.0172 0x13a4 crcdisk - ok

21:34:43.0179 0x13a4 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll

21:34:43.0193 0x13a4 CryptSvc - ok

21:34:43.0205 0x13a4 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys

21:34:43.0225 0x13a4 CSC - ok

21:34:43.0241 0x13a4 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll

21:34:43.0264 0x13a4 CscService - ok

21:34:43.0278 0x13a4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll

21:34:43.0312 0x13a4 DcomLaunch - ok

21:34:43.0321 0x13a4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll

21:34:43.0350 0x13a4 defragsvc - ok

21:34:43.0355 0x13a4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys

21:34:43.0380 0x13a4 DfsC - ok

21:34:43.0388 0x13a4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll

21:34:43.0404 0x13a4 Dhcp - ok

21:34:43.0408 0x13a4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys

21:34:43.0432 0x13a4 discache - ok

21:34:43.0436 0x13a4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys

21:34:43.0446 0x13a4 Disk - ok

21:34:43.0450 0x13a4 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys

21:34:43.0460 0x13a4 dmvsc - ok

21:34:43.0466 0x13a4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll

21:34:43.0478 0x13a4 Dnscache - ok

21:34:43.0486 0x13a4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll

21:34:43.0514 0x13a4 dot3svc - ok

21:34:43.0521 0x13a4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll

21:34:43.0548 0x13a4 DPS - ok

21:34:43.0551 0x13a4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

21:34:43.0559 0x13a4 drmkaud - ok

21:34:43.0567 0x13a4 [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys

21:34:43.0580 0x13a4 dtsoftbus01 - ok

21:34:43.0602 0x13a4 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

21:34:43.0630 0x13a4 DXGKrnl - ok

21:34:43.0634 0x13a4 EagleX64 - ok

21:34:43.0639 0x13a4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll

21:34:43.0665 0x13a4 EapHost - ok

21:34:43.0729 0x13a4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys

21:34:43.0808 0x13a4 ebdrv - ok

21:34:43.0817 0x13a4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe

21:34:43.0826 0x13a4 EFS - ok

21:34:43.0842 0x13a4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

21:34:43.0867 0x13a4 ehRecvr - ok

21:34:43.0872 0x13a4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe

21:34:43.0884 0x13a4 ehSched - ok

21:34:43.0896 0x13a4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys

21:34:43.0915 0x13a4 elxstor - ok

21:34:43.0918 0x13a4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys

21:34:43.0927 0x13a4 ErrDev - ok

21:34:43.0939 0x13a4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll

21:34:43.0972 0x13a4 EventSystem - ok

21:34:43.0978 0x13a4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys

21:34:44.0006 0x13a4 exfat - ok

21:34:44.0012 0x13a4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys

21:34:44.0040 0x13a4 fastfat - ok

21:34:44.0056 0x13a4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe

21:34:44.0080 0x13a4 Fax - ok

21:34:44.0085 0x13a4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys

21:34:44.0094 0x13a4 fdc - ok

21:34:44.0097 0x13a4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll

21:34:44.0121 0x13a4 fdPHost - ok

21:34:44.0124 0x13a4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll

21:34:44.0148 0x13a4 FDResPub - ok

21:34:44.0152 0x13a4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

21:34:44.0161 0x13a4 FileInfo - ok

21:34:44.0165 0x13a4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

21:34:44.0188 0x13a4 Filetrace - ok

21:34:44.0191 0x13a4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

21:34:44.0200 0x13a4 flpydisk - ok

21:34:44.0208 0x13a4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

21:34:44.0222 0x13a4 FltMgr - ok

21:34:44.0246 0x13a4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll

21:34:44.0281 0x13a4 FontCache - ok

21:34:44.0286 0x13a4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:34:44.0294 0x13a4 FontCache3.0.0.0 - ok

21:34:44.0297 0x13a4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

21:34:44.0306 0x13a4 FsDepends - ok

21:34:44.0309 0x13a4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

21:34:44.0317 0x13a4 Fs_Rec - ok

21:34:44.0321 0x13a4 [ 340BA7CABB1F314E3650A7EF59F0A371, B3B11FCC0C8AFD668CA6ED180B632C3983BD66026DAAEC150A23C83C9A0A6DCE ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys

21:34:44.0329 0x13a4 FTDIBUS - ok

21:34:44.0333 0x13a4 [ A19D6F0356DBABB94293894B84C27D27, 93B4E3314302F6F1524E776EF0FBF29221D10B642E3BA649D6E68FFAB2B7B16B ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys

21:34:44.0340 0x13a4 FTSER2K - ok

21:34:44.0347 0x13a4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

21:34:44.0361 0x13a4 fvevol - ok

21:34:44.0365 0x13a4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

21:34:44.0374 0x13a4 gagp30kx - ok

21:34:44.0386 0x13a4 [ 50FFA2F6A5BEC5BB7C39AAB76EEA3C58, E7B0934FF69994F61D9186BF28EE8EAADEB4F64BC6FAE895B2602DAC3B311235 ] Garmin Core Update Service C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

21:34:44.0402 0x13a4 Garmin Core Update Service - ok

21:34:44.0420 0x13a4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll

21:34:44.0460 0x13a4 gpsvc - ok

21:34:44.0466 0x13a4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:34:44.0475 0x13a4 gupdate - ok

21:34:44.0479 0x13a4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:34:44.0486 0x13a4 gupdatem - ok

21:34:44.0489 0x13a4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

21:34:44.0499 0x13a4 hcw85cir - ok

21:34:44.0508 0x13a4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

21:34:44.0526 0x13a4 HdAudAddService - ok

21:34:44.0531 0x13a4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

21:34:44.0544 0x13a4 HDAudBus - ok

21:34:44.0547 0x13a4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

21:34:44.0556 0x13a4 HidBatt - ok

21:34:44.0560 0x13a4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys

21:34:44.0573 0x13a4 HidBth - ok

21:34:44.0576 0x13a4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys

21:34:44.0588 0x13a4 HidIr - ok

21:34:44.0591 0x13a4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll

21:34:44.0615 0x13a4 hidserv - ok

21:34:44.0618 0x13a4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

21:34:44.0628 0x13a4 HidUsb - ok

21:34:44.0632 0x13a4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll

21:34:44.0657 0x13a4 hkmsvc - ok

21:34:44.0664 0x13a4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

21:34:44.0678 0x13a4 HomeGroupListener - ok

21:34:44.0684 0x13a4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

21:34:44.0697 0x13a4 HomeGroupProvider - ok

21:34:44.0701 0x13a4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

21:34:44.0711 0x13a4 HpSAMD - ok

21:34:44.0727 0x13a4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys

21:34:44.0766 0x13a4 HTTP - ok

21:34:44.0770 0x13a4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

21:34:44.0778 0x13a4 hwpolicy - ok

21:34:44.0782 0x13a4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

21:34:44.0793 0x13a4 i8042prt - ok

21:34:44.0804 0x13a4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

21:34:44.0820 0x13a4 iaStorV - ok

21:34:44.0839 0x13a4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:34:44.0865 0x13a4 idsvc - ok

21:34:44.0869 0x13a4 IEEtwCollectorService - ok

21:34:44.0873 0x13a4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys

21:34:44.0881 0x13a4 iirsp - ok

21:34:44.0900 0x13a4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll

21:34:44.0927 0x13a4 IKEEXT - ok

21:34:45.0009 0x13a4 [ 8524178B895E4BC04776B319DA3A70EC, A635EADF6E8BD985B730F2737E8DA36AC71E8FEB759787ECB24D955176622AD2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

21:34:45.0103 0x13a4 IntcAzAudAddService - ok

21:34:45.0112 0x13a4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys

21:34:45.0121 0x13a4 intelide - ok

21:34:45.0124 0x13a4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\drivers\intelppm.sys

21:34:45.0134 0x13a4 intelppm - ok

21:34:45.0139 0x13a4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll

21:34:45.0165 0x13a4 IPBusEnum - ok

21:34:45.0169 0x13a4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:34:45.0192 0x13a4 IpFilterDriver - ok

21:34:45.0206 0x13a4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

21:34:45.0227 0x13a4 iphlpsvc - ok

21:34:45.0232 0x13a4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

21:34:45.0242 0x13a4 IPMIDRV - ok

21:34:45.0247 0x13a4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys

21:34:45.0272 0x13a4 IPNAT - ok

21:34:45.0275 0x13a4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys

21:34:45.0287 0x13a4 IRENUM - ok

21:34:45.0290 0x13a4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys

21:34:45.0298 0x13a4 isapnp - ok

21:34:45.0306 0x13a4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

21:34:45.0320 0x13a4 iScsiPrt - ok

21:34:45.0323 0x13a4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

21:34:45.0332 0x13a4 kbdclass - ok

21:34:45.0335 0x13a4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

21:34:45.0344 0x13a4 kbdhid - ok

21:34:45.0347 0x13a4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe

21:34:45.0356 0x13a4 KeyIso - ok

21:34:45.0360 0x13a4 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

21:34:45.0370 0x13a4 KSecDD - ok

21:34:45.0375 0x13a4 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

21:34:45.0386 0x13a4 KSecPkg - ok

21:34:45.0389 0x13a4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

21:34:45.0413 0x13a4 ksthunk - ok

21:34:45.0422 0x13a4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll

21:34:45.0453 0x13a4 KtmRm - ok

21:34:45.0461 0x13a4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll

21:34:45.0489 0x13a4 LanmanServer - ok

21:34:45.0494 0x13a4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:34:45.0519 0x13a4 LanmanWorkstation - ok

21:34:45.0524 0x13a4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

21:34:45.0548 0x13a4 lltdio - ok

21:34:45.0557 0x13a4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll

21:34:45.0587 0x13a4 lltdsvc - ok

21:34:45.0590 0x13a4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll

21:34:45.0614 0x13a4 lmhosts - ok

21:34:45.0620 0x13a4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

21:34:45.0629 0x13a4 LSI_FC - ok

21:34:45.0634 0x13a4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

21:34:45.0643 0x13a4 LSI_SAS - ok

21:34:45.0647 0x13a4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

21:34:45.0656 0x13a4 LSI_SAS2 - ok

21:34:45.0660 0x13a4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

21:34:45.0670 0x13a4 LSI_SCSI - ok

21:34:45.0675 0x13a4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys

21:34:45.0700 0x13a4 luafv - ok

21:34:45.0710 0x13a4 [ 0C85B2B6FB74B36A251792D45E0EF860, 2E04204560C1159ABC25F273B0B7F81FDF9BA5E88C17929FD924C4E945DE5020 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys

21:34:45.0724 0x13a4 LVRS64 - ok

21:34:45.0816 0x13a4 [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys

21:34:45.0927 0x13a4 LVUVC64 - ok

21:34:45.0938 0x13a4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

21:34:45.0950 0x13a4 Mcx2Svc - ok

21:34:45.0953 0x13a4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys

21:34:45.0962 0x13a4 megasas - ok

21:34:45.0969 0x13a4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

21:34:45.0983 0x13a4 MegaSR - ok

21:34:45.0987 0x13a4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll

21:34:46.0012 0x13a4 MMCSS - ok

21:34:46.0015 0x13a4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys

21:34:46.0039 0x13a4 Modem - ok

21:34:46.0042 0x13a4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

21:34:46.0053 0x13a4 monitor - ok

21:34:46.0058 0x13a4 [ 7ED3A9C3763725BD700946971215EE77, 6150D52945E10B69CFA5E3E637DCEBA67158092C6350B4AFE456EA846CA90C18 ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

21:34:46.0068 0x13a4 Motorola Device Manager - ok

21:34:46.0071 0x13a4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

21:34:46.0080 0x13a4 mouclass - ok

21:34:46.0083 0x13a4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

21:34:46.0092 0x13a4 mouhid - ok

21:34:46.0096 0x13a4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

21:34:46.0106 0x13a4 mountmgr - ok

21:34:46.0111 0x13a4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys

21:34:46.0122 0x13a4 mpio - ok

21:34:46.0126 0x13a4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

21:34:46.0151 0x13a4 mpsdrv - ok

21:34:46.0169 0x13a4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll

21:34:46.0207 0x13a4 MpsSvc - ok

21:34:46.0214 0x13a4 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

21:34:46.0225 0x13a4 MRxDAV - ok

21:34:46.0231 0x13a4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

21:34:46.0243 0x13a4 mrxsmb - ok

21:34:46.0251 0x13a4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:34:46.0264 0x13a4 mrxsmb10 - ok

21:34:46.0269 0x13a4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:34:46.0280 0x13a4 mrxsmb20 - ok

21:34:46.0283 0x13a4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys

21:34:46.0291 0x13a4 msahci - ok

21:34:46.0296 0x13a4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys

21:34:46.0307 0x13a4 msdsm - ok

21:34:46.0312 0x13a4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe

21:34:46.0324 0x13a4 MSDTC - ok

21:34:46.0330 0x13a4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys

21:34:46.0354 0x13a4 Msfs - ok

21:34:46.0357 0x13a4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

21:34:46.0381 0x13a4 mshidkmdf - ok

21:34:46.0384 0x13a4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

21:34:46.0392 0x13a4 msisadrv - ok

21:34:46.0397 0x13a4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

21:34:46.0424 0x13a4 MSiSCSI - ok

21:34:46.0426 0x13a4 msiserver - ok

21:34:46.0429 0x13a4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

21:34:46.0453 0x13a4 MSKSSRV - ok

21:34:46.0455 0x13a4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

21:34:46.0479 0x13a4 MSPCLOCK - ok

21:34:46.0482 0x13a4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

21:34:46.0505 0x13a4 MSPQM - ok

21:34:46.0514 0x13a4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

21:34:46.0528 0x13a4 MsRPC - ok

21:34:46.0533 0x13a4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

21:34:46.0541 0x13a4 mssmbios - ok

21:34:46.0544 0x13a4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

21:34:46.0567 0x13a4 MSTEE - ok

21:34:46.0570 0x13a4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

21:34:46.0580 0x13a4 MTConfig - ok

21:34:46.0584 0x13a4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys

21:34:46.0592 0x13a4 Mup - ok

21:34:46.0604 0x13a4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll

21:34:46.0637 0x13a4 napagent - ok

21:34:46.0646 0x13a4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

21:34:46.0664 0x13a4 NativeWifiP - ok

21:34:46.0685 0x13a4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys

21:34:46.0713 0x13a4 NDIS - ok

21:34:46.0718 0x13a4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

21:34:46.0742 0x13a4 NdisCap - ok

21:34:46.0746 0x13a4 [ 270B10B8BD822DD4673781E0A1935DFB, 63D644B2E9AA14E0DA7660C00343C3597385EE2ACCCC61EFC3CD9A765CD35EFF ] ndisrd C:\Windows\system32\DRIVERS\ndisrd.sys

21:34:46.0753 0x13a4 ndisrd - ok

21:34:46.0756 0x13a4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

21:34:46.0779 0x13a4 NdisTapi - ok

21:34:46.0783 0x13a4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

21:34:46.0806 0x13a4 Ndisuio - ok

21:34:46.0812 0x13a4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

21:34:46.0836 0x13a4 NdisWan - ok

21:34:46.0840 0x13a4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

21:34:46.0863 0x13a4 NDProxy - ok

21:34:46.0867 0x13a4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

21:34:46.0890 0x13a4 NetBIOS - ok

21:34:46.0898 0x13a4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

21:34:46.0926 0x13a4 NetBT - ok

21:34:46.0929 0x13a4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe

21:34:46.0938 0x13a4 Netlogon - ok

21:34:46.0947 0x13a4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll

21:34:46.0979 0x13a4 Netman - ok

21:34:46.0984 0x13a4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:34:46.0996 0x13a4 NetMsmqActivator - ok

21:34:47.0000 0x13a4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:34:47.0011 0x13a4 NetPipeActivator - ok

21:34:47.0022 0x13a4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll

21:34:47.0055 0x13a4 netprofm - ok

21:34:47.0060 0x13a4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:34:47.0071 0x13a4 NetTcpActivator - ok

21:34:47.0075 0x13a4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:34:47.0085 0x13a4 NetTcpPortSharing - ok

21:34:47.0089 0x13a4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

21:34:47.0098 0x13a4 nfrd960 - ok

21:34:47.0106 0x13a4 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll

21:34:47.0121 0x13a4 NlaSvc - ok

21:34:47.0130 0x13a4 [ D6E8A06A0ABB3612EAA766B7BEBC5AC8, CE4B83B0332C5435C185D0D5AD73313D44F31BC809A1D026410ED7C685ADABE3 ] NovaShieldFilterDriver C:\Windows\system32\DRIVERS\NSKernel.sys

21:34:47.0144 0x13a4 NovaShieldFilterDriver - ok

21:34:47.0148 0x13a4 [ E3C1998D8AE1EA5DC1AC3160B77F70CE, 12517263494EB3CAE340E114D643C0A514F7681002B2CF99E0067D2D463DBF3B ] NovaShieldTDIDriver C:\Windows\system32\DRIVERS\NSNetmon.sys

21:34:47.0156 0x13a4 NovaShieldTDIDriver - ok

21:34:47.0159 0x13a4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys

21:34:47.0184 0x13a4 Npfs - ok

21:34:47.0187 0x13a4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll

21:34:47.0213 0x13a4 nsi - ok

21:34:47.0216 0x13a4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

21:34:47.0241 0x13a4 nsiproxy - ok

21:34:47.0275 0x13a4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

21:34:47.0319 0x13a4 Ntfs - ok

21:34:47.0324 0x13a4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys

21:34:47.0349 0x13a4 Null - ok

21:34:47.0354 0x13a4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys

21:34:47.0365 0x13a4 nvraid - ok

21:34:47.0370 0x13a4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys

21:34:47.0381 0x13a4 nvstor - ok

21:34:47.0386 0x13a4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

21:34:47.0396 0x13a4 nv_agp - ok

21:34:47.0400 0x13a4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

21:34:47.0410 0x13a4 ohci1394 - ok

21:34:47.0419 0x13a4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

21:34:47.0436 0x13a4 p2pimsvc - ok

21:34:47.0447 0x13a4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll

21:34:47.0465 0x13a4 p2psvc - ok

21:34:47.0470 0x13a4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys

21:34:47.0481 0x13a4 Parport - ok

21:34:47.0484 0x13a4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys

21:34:47.0494 0x13a4 partmgr - ok

21:34:47.0500 0x13a4 [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc C:\Windows\System32\pcasvc.dll

21:34:47.0513 0x13a4 PcaSvc - ok

21:34:47.0519 0x13a4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys

21:34:47.0531 0x13a4 pci - ok

21:34:47.0534 0x13a4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys

21:34:47.0541 0x13a4 pciide - ok

21:34:47.0548 0x13a4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

21:34:47.0560 0x13a4 pcmcia - ok

21:34:47.0564 0x13a4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys

21:34:47.0573 0x13a4 pcw - ok

21:34:47.0587 0x13a4 [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

21:34:47.0610 0x13a4 PEAUTH - ok

21:34:47.0640 0x13a4 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

21:34:47.0679 0x13a4 PeerDistSvc - ok

21:34:47.0694 0x13a4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe

21:34:47.0704 0x13a4 PerfHost - ok

21:34:47.0736 0x13a4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll

21:34:47.0791 0x13a4 pla - ok

21:34:47.0803 0x13a4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

21:34:47.0821 0x13a4 PlugPlay - ok

21:34:47.0825 0x13a4 PnkBstrA - ok

21:34:47.0828 0x13a4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

21:34:47.0837 0x13a4 PNRPAutoReg - ok

21:34:47.0846 0x13a4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

21:34:47.0860 0x13a4 PNRPsvc - ok

21:34:47.0873 0x13a4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

21:34:47.0907 0x13a4 PolicyAgent - ok

21:34:47.0914 0x13a4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll

21:34:47.0943 0x13a4 Power - ok

21:34:47.0949 0x13a4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

21:34:47.0975 0x13a4 PptpMiniport - ok

21:34:47.0979 0x13a4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys

21:34:47.0989 0x13a4 Processor - ok

21:34:47.0996 0x13a4 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll

21:34:48.0009 0x13a4 ProfSvc - ok

21:34:48.0012 0x13a4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe

21:34:48.0021 0x13a4 ProtectedStorage - ok

21:34:48.0026 0x13a4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

21:34:48.0053 0x13a4 Psched - ok

21:34:48.0057 0x13a4 [ EA735BF6DF13A857A83C99BF27A422AD, 026A57155FB9E01CFAFD8613980CDF0F3D744ABBBC66EFDC6C20B89980FB45CF ] PST Service C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

21:34:48.0062 0x13a4 PST Service - detected UnsignedFile.Multi.Generic ( 1 )

21:34:50.0789 0x13a4 Detect skipped due to KSN trusted

21:34:50.0789 0x13a4 PST Service - ok

21:34:50.0820 0x13a4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

21:34:50.0860 0x13a4 ql2300 - ok

21:34:50.0867 0x13a4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

21:34:50.0878 0x13a4 ql40xx - ok

21:34:50.0885 0x13a4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll

21:34:50.0903 0x13a4 QWAVE - ok

21:34:50.0906 0x13a4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

21:34:50.0919 0x13a4 QWAVEdrv - ok

21:34:50.0922 0x13a4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

21:34:50.0946 0x13a4 RasAcd - ok

21:34:50.0949 0x13a4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

21:34:50.0973 0x13a4 RasAgileVpn - ok

21:34:50.0978 0x13a4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll

21:34:51.0003 0x13a4 RasAuto - ok

21:34:51.0008 0x13a4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

21:34:51.0033 0x13a4 Rasl2tp - ok

21:34:51.0042 0x13a4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll

21:34:51.0072 0x13a4 RasMan - ok

21:34:51.0076 0x13a4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

21:34:51.0101 0x13a4 RasPppoe - ok

21:34:51.0105 0x13a4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

21:34:51.0130 0x13a4 RasSstp - ok

21:34:51.0138 0x13a4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

21:34:51.0166 0x13a4 rdbss - ok

21:34:51.0170 0x13a4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

21:34:51.0180 0x13a4 rdpbus - ok

21:34:51.0183 0x13a4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

21:34:51.0207 0x13a4 RDPCDD - ok

21:34:51.0214 0x13a4 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

21:34:51.0226 0x13a4 RDPDR - ok

21:34:51.0228 0x13a4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

21:34:51.0252 0x13a4 RDPENCDD - ok

21:34:51.0255 0x13a4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

21:34:51.0279 0x13a4 RDPREFMP - ok

21:34:51.0284 0x13a4 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

21:34:51.0293 0x13a4 RdpVideoMiniport - ok

21:34:51.0299 0x13a4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

21:34:51.0312 0x13a4 RDPWD - ok

21:34:51.0318 0x13a4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

21:34:51.0329 0x13a4 rdyboost - ok

21:34:51.0334 0x13a4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll

21:34:51.0359 0x13a4 RemoteAccess - ok

21:34:51.0365 0x13a4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll

21:34:51.0391 0x13a4 RemoteRegistry - ok

21:34:51.0395 0x13a4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

21:34:51.0421 0x13a4 RpcEptMapper - ok

21:34:51.0423 0x13a4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe

21:34:51.0433 0x13a4 RpcLocator - ok

21:34:51.0445 0x13a4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll

21:34:51.0477 0x13a4 RpcSs - ok

21:34:51.0482 0x13a4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

21:34:51.0506 0x13a4 rspndr - ok

21:34:51.0523 0x13a4 [ 3713DACCA1025B05A6343104112708D9, 77830F361775166ED2408CFF9F0DBEDFF225895DD0FAC93F3DC5FFD8DBE0ED2B ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

21:34:51.0545 0x13a4 RTL8167 - ok

21:34:51.0549 0x13a4 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys

21:34:51.0557 0x13a4 s3cap - ok

21:34:51.0560 0x13a4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe

21:34:51.0569 0x13a4 SamSs - ok

21:34:51.0573 0x13a4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

21:34:51.0583 0x13a4 sbp2port - ok

21:34:51.0589 0x13a4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll

21:34:51.0617 0x13a4 SCardSvr - ok

21:34:51.0620 0x13a4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

21:34:51.0643 0x13a4 scfilter - ok

21:34:51.0666 0x13a4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll

21:34:51.0710 0x13a4 Schedule - ok

21:34:51.0718 0x13a4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll

21:34:51.0742 0x13a4 SCPolicySvc - ok

21:34:51.0748 0x13a4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll

21:34:51.0760 0x13a4 SDRSVC - ok

21:34:51.0763 0x13a4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys

21:34:51.0788 0x13a4 secdrv - ok

21:34:51.0791 0x13a4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll

21:34:51.0815 0x13a4 seclogon - ok

21:34:51.0818 0x13a4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll

21:34:51.0844 0x13a4 SENS - ok

21:34:51.0847 0x13a4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll

21:34:51.0858 0x13a4 SensrSvc - ok

21:34:51.0861 0x13a4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

21:34:51.0870 0x13a4 Serenum - ok

21:34:51.0874 0x13a4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys

21:34:51.0885 0x13a4 Serial - ok

21:34:51.0888 0x13a4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys

21:34:51.0897 0x13a4 sermouse - ok

21:34:51.0905 0x13a4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll

21:34:51.0930 0x13a4 SessionEnv - ok

21:34:51.0933 0x13a4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

21:34:51.0944 0x13a4 sffdisk - ok

21:34:51.0946 0x13a4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

21:34:51.0957 0x13a4 sffp_mmc - ok

21:34:51.0960 0x13a4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

21:34:51.0970 0x13a4 sffp_sd - ok

21:34:51.0973 0x13a4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

21:34:51.0982 0x13a4 sfloppy - ok

21:34:51.0991 0x13a4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll

21:34:52.0022 0x13a4 SharedAccess - ok

21:34:52.0032 0x13a4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:34:52.0061 0x13a4 ShellHWDetection - ok

21:34:52.0065 0x13a4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

21:34:52.0073 0x13a4 SiSRaid2 - ok

21:34:52.0077 0x13a4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

21:34:52.0086 0x13a4 SiSRaid4 - ok

21:34:52.0090 0x13a4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys

21:34:52.0115 0x13a4 Smb - ok

21:34:52.0121 0x13a4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

21:34:52.0131 0x13a4 SNMPTRAP - ok

21:34:52.0134 0x13a4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys

21:34:52.0141 0x13a4 spldr - ok

21:34:52.0154 0x13a4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe

21:34:52.0176 0x13a4 Spooler - ok

21:34:52.0244 0x13a4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe

21:34:52.0333 0x13a4 sppsvc - ok

21:34:52.0342 0x13a4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll

21:34:52.0367 0x13a4 sppuinotify - ok

21:34:52.0379 0x13a4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys

21:34:52.0396 0x13a4 srv - ok

21:34:52.0406 0x13a4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

21:34:52.0422 0x13a4 srv2 - ok

21:34:52.0428 0x13a4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

21:34:52.0439 0x13a4 srvnet - ok

21:34:52.0445 0x13a4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

21:34:52.0472 0x13a4 SSDPSRV - ok

21:34:52.0476 0x13a4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll

21:34:52.0502 0x13a4 SstpSvc - ok

21:34:52.0519 0x13a4 [ 189879824D01F9A0DD1D72259A120F50, D587688E9EF7C43319AB87EEA368C9310F3A8F4A8A6D8A6E427A54126C209DF0 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe

21:34:52.0543 0x13a4 Steam Client Service - ok

21:34:52.0548 0x13a4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys

21:34:52.0556 0x13a4 stexstor - ok

21:34:52.0570 0x13a4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll

21:34:52.0593 0x13a4 stisvc - ok

21:34:52.0597 0x13a4 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys

21:34:52.0606 0x13a4 storflt - ok

21:34:52.0609 0x13a4 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll

21:34:52.0619 0x13a4 StorSvc - ok

21:34:52.0622 0x13a4 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys

21:34:52.0630 0x13a4 storvsc - ok

21:34:52.0633 0x13a4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

21:34:52.0641 0x13a4 swenum - ok

21:34:52.0652 0x13a4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll

21:34:52.0686 0x13a4 swprv - ok

21:34:52.0722 0x13a4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll

21:34:52.0767 0x13a4 SysMain - ok

21:34:52.0774 0x13a4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:34:52.0788 0x13a4 TabletInputService - ok

21:34:52.0797 0x13a4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll

21:34:52.0826 0x13a4 TapiSrv - ok

21:34:52.0830 0x13a4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll

21:34:52.0856 0x13a4 TBS - ok

21:34:52.0894 0x13a4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

21:34:52.0936 0x13a4 Tcpip - ok

21:34:52.0978 0x13a4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

21:34:53.0020 0x13a4 TCPIP6 - ok

21:34:53.0028 0x13a4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

21:34:53.0037 0x13a4 tcpipreg - ok

21:34:53.0041 0x13a4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

21:34:53.0050 0x13a4 TDPIPE - ok

21:34:53.0053 0x13a4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

21:34:53.0062 0x13a4 TDTCP - ok

21:34:53.0067 0x13a4 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

21:34:53.0092 0x13a4 tdx - ok

21:34:53.0096 0x13a4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

21:34:53.0105 0x13a4 TermDD - ok

21:34:53.0120 0x13a4 [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService C:\Windows\System32\termsrv.dll

21:34:53.0142 0x13a4 TermService - ok

21:34:53.0146 0x13a4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll

21:34:53.0160 0x13a4 Themes - ok

21:34:53.0164 0x13a4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll

21:34:53.0188 0x13a4 THREADORDER - ok

21:34:53.0193 0x13a4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll

21:34:53.0221 0x13a4 TrkWks - ok

21:34:53.0230 0x13a4 [ B66EE1D68197DFB9AA24F961E68ACDCC, EB7536089BAF2384437EDE964F7A20AE00C988B8CCB61A8F12CB2BBD84C4FB6E ] Trufos C:\Windows\system32\DRIVERS\Trufos.sys

21:34:53.0244 0x13a4 Trufos - ok

21:34:53.0250 0x13a4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:34:53.0287 0x13a4 TrustedInstaller - ok

21:34:53.0291 0x13a4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

21:34:53.0300 0x13a4 tssecsrv - ok

21:34:53.0303 0x13a4 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

21:34:53.0313 0x13a4 TsUsbFlt - ok

21:34:53.0316 0x13a4 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

21:34:53.0326 0x13a4 TsUsbGD - ok

21:34:53.0331 0x13a4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

21:34:53.0357 0x13a4 tunnel - ok

21:34:53.0360 0x13a4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

21:34:53.0370 0x13a4 uagp35 - ok

21:34:53.0378 0x13a4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

21:34:53.0406 0x13a4 udfs - ok

21:34:53.0412 0x13a4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe

21:34:53.0423 0x13a4 UI0Detect - ok

21:34:53.0427 0x13a4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

21:34:53.0437 0x13a4 uliagpkx - ok

21:34:53.0441 0x13a4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys

21:34:53.0451 0x13a4 umbus - ok

21:34:53.0454 0x13a4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys

21:34:53.0463 0x13a4 UmPass - ok

21:34:53.0469 0x13a4 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll

21:34:53.0482 0x13a4 UmRdpService - ok

21:34:53.0493 0x13a4 [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

21:34:53.0509 0x13a4 UMVPFSrv - ok

21:34:53.0519 0x13a4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll

21:34:53.0550 0x13a4 upnphost - ok

21:34:53.0555 0x13a4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

21:34:53.0566 0x13a4 usbaudio - ok

21:34:53.0570 0x13a4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys

21:34:53.0581 0x13a4 usbccgp - ok

21:34:53.0586 0x13a4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys

21:34:53.0597 0x13a4 usbcir - ok

21:34:53.0600 0x13a4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

21:34:53.0609 0x13a4 usbehci - ok

21:34:53.0613 0x13a4 [ 504901430B6E03B99EBB6BF26E0868C6, D00C0904B7008305DCA5D1E6FED153DD8875CAD14D80348E59F42A182FA7E832 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys

21:34:53.0620 0x13a4 usbfilter - ok

21:34:53.0629 0x13a4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

21:34:53.0645 0x13a4 usbhub - ok

21:34:53.0648 0x13a4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

21:34:53.0657 0x13a4 usbohci - ok

21:34:53.0660 0x13a4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys

21:34:53.0671 0x13a4 usbprint - ok

21:34:53.0676 0x13a4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:34:53.0686 0x13a4 USBSTOR - ok

21:34:53.0689 0x13a4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

21:34:53.0698 0x13a4 usbuhci - ok

21:34:53.0701 0x13a4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll

21:34:53.0727 0x13a4 UxSms - ok

21:34:53.0730 0x13a4 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe

21:34:53.0738 0x13a4 VaultSvc - ok

21:34:53.0742 0x13a4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

21:34:53.0750 0x13a4 vdrvroot - ok

21:34:53.0763 0x13a4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe

21:34:53.0796 0x13a4 vds - ok

21:34:53.0800 0x13a4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

21:34:53.0811 0x13a4 vga - ok

21:34:53.0813 0x13a4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys

21:34:53.0837 0x13a4 VgaSave - ok

21:34:53.0844 0x13a4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

21:34:53.0856 0x13a4 vhdmp - ok

21:34:53.0859 0x13a4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys

21:34:53.0867 0x13a4 viaide - ok

21:34:53.0873 0x13a4 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys

21:34:53.0885 0x13a4 vmbus - ok

21:34:53.0888 0x13a4 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

21:34:53.0897 0x13a4 VMBusHID - ok

21:34:53.0900 0x13a4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys

21:34:53.0909 0x13a4 volmgr - ok

21:34:53.0919 0x13a4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

21:34:53.0934 0x13a4 volmgrx - ok

21:34:53.0942 0x13a4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys

21:34:53.0956 0x13a4 volsnap - ok

21:34:53.0962 0x13a4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

21:34:53.0973 0x13a4 vsmraid - ok

21:34:54.0006 0x13a4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe

21:34:54.0059 0x13a4 VSS - ok

21:34:54.0064 0x13a4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

21:34:54.0075 0x13a4 vwifibus - ok

21:34:54.0084 0x13a4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll

21:34:54.0115 0x13a4 W32Time - ok

21:34:54.0120 0x13a4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

21:34:54.0130 0x13a4 WacomPen - ok

21:34:54.0134 0x13a4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

21:34:54.0158 0x13a4 WANARP - ok

21:34:54.0161 0x13a4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

21:34:54.0184 0x13a4 Wanarpv6 - ok

21:34:54.0210 0x13a4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

21:34:54.0245 0x13a4 WatAdminSvc - ok

21:34:54.0277 0x13a4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe

21:34:54.0319 0x13a4 wbengine - ok

21:34:54.0328 0x13a4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

21:34:54.0344 0x13a4 WbioSrvc - ok

21:34:54.0353 0x13a4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll

21:34:54.0373 0x13a4 wcncsvc - ok

21:34:54.0377 0x13a4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:34:54.0387 0x13a4 WcsPlugInService - ok

21:34:54.0390 0x13a4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys

21:34:54.0398 0x13a4 Wd - ok

21:34:54.0415 0x13a4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

21:34:54.0438 0x13a4 Wdf01000 - ok

21:34:54.0443 0x13a4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll

21:34:54.0466 0x13a4 WdiServiceHost - ok

21:34:54.0469 0x13a4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll

21:34:54.0483 0x13a4 WdiSystemHost - ok

21:34:54.0490 0x13a4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll

21:34:54.0504 0x13a4 WebClient - ok

21:34:54.0511 0x13a4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll

21:34:54.0541 0x13a4 Wecsvc - ok

21:34:54.0545 0x13a4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll

21:34:54.0571 0x13a4 wercplsupport - ok

21:34:54.0576 0x13a4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll

21:34:54.0601 0x13a4 WerSvc - ok

21:34:54.0604 0x13a4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

21:34:54.0627 0x13a4 WfpLwf - ok

21:34:54.0630 0x13a4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys

21:34:54.0638 0x13a4 WIMMount - ok

21:34:54.0640 0x13a4 WinDefend - ok

21:34:54.0645 0x13a4 WinHttpAutoProxySvc - ok

21:34:54.0654 0x13a4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

21:34:54.0683 0x13a4 Winmgmt - ok

21:34:54.0724 0x13a4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll

21:34:54.0786 0x13a4 WinRM - ok

21:34:54.0796 0x13a4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

21:34:54.0807 0x13a4 WinUsb - ok

21:34:54.0826 0x13a4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll

21:34:54.0855 0x13a4 Wlansvc - ok

21:34:54.0902 0x13a4 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

21:34:54.0958 0x13a4 wlidsvc - ok

21:34:54.0964 0x13a4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

21:34:54.0974 0x13a4 WmiAcpi - ok

21:34:54.0981 0x13a4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

21:34:54.0994 0x13a4 wmiApSrv - ok

21:34:54.0996 0x13a4 WMPNetworkSvc - ok

21:34:55.0000 0x13a4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll

21:34:55.0010 0x13a4 WPCSvc - ok

21:34:55.0015 0x13a4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

21:34:55.0030 0x13a4 WPDBusEnum - ok

21:34:55.0033 0x13a4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

21:34:55.0057 0x13a4 ws2ifsl - ok

21:34:55.0061 0x13a4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll

21:34:55.0076 0x13a4 wscsvc - ok

21:34:55.0078 0x13a4 WSearch - ok

21:34:55.0128 0x13a4 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll

21:34:55.0184 0x13a4 wuauserv - ok

21:34:55.0192 0x13a4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

21:34:55.0202 0x13a4 WudfPf - ok

21:34:55.0210 0x13a4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

21:34:55.0225 0x13a4 WUDFRd - ok

21:34:55.0230 0x13a4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

21:34:55.0241 0x13a4 wudfsvc - ok

21:34:55.0248 0x13a4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll

21:34:55.0262 0x13a4 WwanSvc - ok

21:34:55.0265 0x13a4 xhunter1 - ok

21:34:55.0268 0x13a4 ================ Scan global ===============================

21:34:55.0271 0x13a4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll

21:34:55.0279 0x13a4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

21:34:55.0289 0x13a4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

21:34:55.0296 0x13a4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll

21:34:55.0305 0x13a4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe

21:34:55.0311 0x13a4 [ Global ] - ok

21:34:55.0312 0x13a4 ================ Scan MBR ==================================

21:34:55.0313 0x13a4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

21:34:55.0361 0x13a4 \Device\Harddisk0\DR0 - ok

21:34:55.0361 0x13a4 ================ Scan VBR ==================================

21:34:55.0363 0x13a4 [ 917C9588987F7239807A4E8A0FCA3679 ] \Device\Harddisk0\DR0\Partition1

21:34:55.0364 0x13a4 \Device\Harddisk0\DR0\Partition1 - ok

21:34:55.0365 0x13a4 [ A3A309E7F32F2ADA702B2ABEC9F13FA6 ] \Device\Harddisk0\DR0\Partition2

21:34:55.0367 0x13a4 \Device\Harddisk0\DR0\Partition2 - ok

21:34:55.0367 0x13a4 ================ Scan generic autorun ======================

21:34:55.0495 0x13a4 [ BDBC2F97FC0CA86D390C07021DAA6BF8, F15C0999698AAD78FA36211D799EF90164774A28BC3CF37F39505EC978909BBB ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

21:34:55.0640 0x13a4 RTHDVCPL - ok

21:34:55.0678 0x13a4 [ 40F5E0901F3079E84C1E282741E0D46F, 4F81959A4762F04CAE81512B5ABC84604D9CC2A684F30D871B76D7B22BC02C06 ] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe

21:34:55.0711 0x13a4 BullGuard - ok

21:34:55.0771 0x13a4 [ 22E0486D7C585E8084084C61AA2CEBB7, 9F8094E161E11595329411AF172937D5031BDC8BF37650C95221B4659A8FE014 ] c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe

21:34:55.0837 0x13a4 BullGuardUpdate2 - ok

21:34:55.0869 0x13a4 [ 5626C6A78DEB15F00E780115472C163C, 8C1DD609BEC9089EC8A3EB8E212020FFAD98DC029540B039A394B2A074C63650 ] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe

21:34:55.0900 0x13a4 ASUS WiFi GO! FileTransfer Execute - ok

21:34:55.0914 0x13a4 [ 26443C4332B966C44481D1DE8D1BCBB4, 2407EE6A227D2F52AE0AB270FCBECB00242F715B4A63CE2E0362D388740FB67B ] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

21:34:55.0931 0x13a4 ASUS AiChargerPlus Execute - ok

21:34:55.0952 0x13a4 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

21:34:55.0978 0x13a4 Adobe ARM - ok

21:34:55.0997 0x13a4 [ 16598A9758F386F82D2C447C70C95D10, 0A698135EFC195C359702AA76897B9C67712FDE0A54B51587134B65510B154ED ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe

21:34:56.0020 0x13a4 StartCCC - ok

21:34:56.0023 0x13a4 EaseUS EPM tray - ok

21:34:56.0030 0x13a4 [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

21:34:56.0041 0x13a4 SunJavaUpdateSched - ok

21:34:56.0065 0x13a4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

21:34:56.0100 0x13a4 Sidebar - ok

21:34:56.0105 0x13a4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe

21:34:56.0119 0x13a4 mctadmin - ok

21:34:56.0144 0x13a4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

21:34:56.0172 0x13a4 Sidebar - ok

21:34:56.0178 0x13a4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe

21:34:56.0191 0x13a4 mctadmin - ok

21:34:56.0230 0x13a4 [ AECBBD0C048354B07A62D275D6DFE9F0, 9D163D281641676420DA480F331DE0C0E230ECEB97D413AEE2C9878F3DD77382 ] C:\Program Files (x86)\Steam\Steam.exe

21:34:56.0275 0x13a4 Steam - ok

21:34:56.0278 0x13a4 msnmsgr - ok

21:34:56.0338 0x13a4 [ E752EC1114077CFD57EE8DB33DE692CB, D0E9DE2E8EEE5ED9C7D4A1645F03A20BBDAE10C3620573C2EF10345E7671AD75 ] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe

21:34:56.0407 0x13a4 DAEMON Tools Pro Agent - ok

21:34:56.0426 0x13a4 [ D5D021AEFA851CD0E8948EA4974EF88C, 596C02AFAB31F44A52E8F3BEEC869557C5DB3CDFB2A559721F25614EFE768D53 ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

21:34:56.0446 0x13a4 GarminExpressTrayApp - ok

21:34:56.0567 0x13a4 [ 674C18BDC0EABE1C9FD363459759CA5B, BB34F0E9D8E2C5CF0CCB9E55D47C984F9F516671A15A124CC9763E6F26E15175 ] C:\Users\THOR\AppData\Local\Amazon Music\Amazon Music Helper.exe

21:34:56.0684 0x13a4 Amazon Music - ok

21:34:56.0693 0x13a4 Waiting for KSN requests completion. In queue: 172

21:34:57.0693 0x13a4 Waiting for KSN requests completion. In queue: 172

21:34:58.0693 0x13a4 Waiting for KSN requests completion. In queue: 172

21:34:59.0705 0x13a4 AV detected via SS2: BullGuard Antivirus, ( ), 0x41000 ( enabled : updated )

21:34:59.0706 0x13a4 FW detected via SS2: BullGuard Firewall, ( ), 0x40010 ( disabled )

21:34:59.0709 0x13a4 Win FW state via NFP2: enabled

21:35:02.0305 0x13a4 ============================================================

21:35:02.0305 0x13a4 Scan finished

21:35:02.0305 0x13a4 ============================================================

21:35:02.0310 0x2d70 Detected object count: 0

21:35:02.0310 0x2d70 Actual detected object count: 0

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users