Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GoSave infection.Ads keep appearing on all websites that I visit.


  • This topic is locked This topic is locked
19 replies to this topic

#1 calinoi

calinoi

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 19 November 2014 - 04:55 PM

So I looked at my running processes and I saw something unusual. Gs_Booster.exe . I uninstalled it from control panel,both Gs_Booster and GoSave.After this I removed the extension from Google Chrome,everything was alright,no more ads.The next day,when I turned on my PC and went on a website,the GoSave ads were back.Nothing to uninstall nor on the process list but the ads are still there.

 

 

here is the DDS log : 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by REACTORUL at 23:51:20 on 2014-11-19
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3984.888 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxEM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\java.exe
C:\Users\REACTORUL\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [iFunBox Price Watch] C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray
uRun: [AdobeBridge] <no file>
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: Interfaces\{8C30BC63-BEF1-4431-B0F0-5ED089F58989} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{9D7021A4-1EBF-4FA1-BC27-6131A2497EA0} : NameServer = 193.231.252.1,213.154.124.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs=   
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\REACTORUL\AppData\Roaming\Mozilla\Firefox\Profiles\l7ash05c.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-5-22 20616]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-5-22 283064]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-29 735960]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2009-9-29 123200]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-11-14 1148744]
R2 igfxCUIService1.0.0.0;Intel® HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-20 314696]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-5-22 1795912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-5-22 19819848]
R2 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2014-5-23 105448]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-5-22 366216]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-5-22 786056]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-22 19784]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-11-14 38216]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-5-22 769168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-6-6 110336]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-7 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-6-7 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-6-6 206080]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2014-6-7 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-7 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-6-7 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 TunnelBearMaintenance;TunnelBear Maintenance;C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [2014-5-28 25536]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
.
=============== Created Last 30 ================
.
2014-11-19 20:47:58 -------- d-----w- C:\Program Files\ESET
2014-11-19 20:32:59 -------- d-----w- C:\AdwCleaner
2014-11-18 17:29:10 -------- d-----w- C:\ProgramData\3872871776
2014-11-18 16:51:25 -------- d-----w- C:\ProgramData\Trusted Publisher
2014-11-18 16:51:02 -------- d-----w- C:\ProgramData\7366858982917936609
2014-11-18 16:50:38 -------- d-----w- C:\ProgramData\fadenjodbcnbbpgpdceioklpflipfleb
2014-11-15 23:32:06 -------- d-----w- C:\Users\REACTORUL\AppData\Roaming\11bitstudios
2014-11-15 17:01:34 -------- d-----w- C:\ProgramData\NFS Underground
2014-11-14 21:04:22 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-11-14 21:04:22 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-11-14 21:04:21 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-11-14 21:04:21 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-11-14 21:04:21 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-11-14 21:04:21 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-11-14 21:03:55 38216 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-11-14 21:03:55 32584 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
.
==================== Find3M  ====================
.
2014-11-12 21:10:03 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 21:10:03 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-06 17:06:52 2197680 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-11-06 17:06:52 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-11-06 17:06:33 2800296 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-11-06 17:06:33 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-10-03 19:23:02 35144 ----a-w- C:\Windows\System32\nvaudcap64v.dll
.
============= FINISH: 23:51:50,45 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 AM

Posted 19 November 2014 - 10:37 PM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 calinoi

calinoi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 20 November 2014 - 07:42 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014
Ran by REACTORUL (administrator) on REACTORUL-PC on 20-11-2014 14:39:46
Running from C:\Users\REACTORUL\Desktop
Loaded Profile: REACTORUL (Available profiles: REACTORUL)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(i-Funbox.com) C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2716216 2009-09-29] (ESET)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-3466372072-2229856283-2406641192-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3125280 2013-10-17] (Disc Soft Ltd)
HKU\S-1-5-21-3466372072-2229856283-2406641192-1000\...\Run: [iFunBox Price Watch] => C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe [7748096 2013-11-26] (i-Funbox.com)
HKU\S-1-5-21-3466372072-2229856283-2406641192-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3466372072-2229856283-2406641192-1000\...\MountPoints2: {2bace3f5-6cc7-11e4-afe2-94de80b5f8db} - E:\this_war_of_mine_drmfree.exe
HKU\S-1-5-21-3466372072-2229856283-2406641192-1000\...\MountPoints2: {3129ea97-e1e0-11e3-8aef-94de80b5f8db} - F:\Setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3466372072-2229856283-2406641192-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3466372072-2229856283-2406641192-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x25A95874EA75CF01
HKU\S-1-5-21-3466372072-2229856283-2406641192-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\..\Interfaces\{9D7021A4-1EBF-4FA1-BC27-6131A2497EA0}: [NameServer] 193.231.252.1,213.154.124.1
 
FireFox:
========
FF ProfilePath: C:\Users\REACTORUL\AppData\Roaming\Mozilla\Firefox\Profiles\l7ash05c.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: MEGA - C:\Users\REACTORUL\AppData\Roaming\Mozilla\Firefox\Profiles\l7ash05c.default\Extensions\firefox@mega.co.nz.xpi [2014-06-09]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: Eset Plugin - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-11-19]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\REACTORUL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\REACTORUL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-21]
CHR Extension: (Google Drive) - C:\Users\REACTORUL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\REACTORUL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-21]
CHR Extension: (YouTube) - C:\Users\REACTORUL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-21]
CHR Extension: (Google Search) - C:\Users\REACTORUL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-21]
CHR Extension: (The Official /r/Diablo Extension) - C:\Users\REACTORUL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmpdfkpnaidejfjdhmlpblahnidojbm [2014-11-02]
CHR Extension: (Grass) - C:\Users\REACTORUL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla [2014-10-29]
CHR Extension: (Google Input Tools) - C:\Users\REACTORUL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig [2014-08-21]
CHR Extension: (Google Wallet) - C:\Users\REACTORUL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-21]
CHR Extension: (Gmail) - C:\Users\REACTORUL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-21]
CHR Extension: (GoSave) - C:\ProgramData\fadenjodbcnbbpgpdceioklpflipfleb\ [2014-08-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [107552 2014-08-07] (EasyAntiCheat Ltd)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [23296 2009-09-29] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [735960 2009-09-29] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [25536 2014-05-28] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-05-22] (Disc Soft Ltd)
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [144824 2009-09-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [136584 2009-09-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123200 2009-09-29] (ESET)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-20 14:39 - 2014-11-20 14:39 - 00014342 _____ () C:\Users\REACTORUL\Desktop\FRST.txt
2014-11-20 14:38 - 2014-11-20 14:39 - 00000000 ____D () C:\FRST
2014-11-20 14:38 - 2014-11-20 14:38 - 02117120 _____ (Farbar) C:\Users\REACTORUL\Desktop\FRST64.exe
2014-11-19 23:51 - 2014-11-19 23:51 - 00013266 _____ () C:\Users\REACTORUL\Desktop\dds.txt
2014-11-19 23:51 - 2014-11-19 23:51 - 00006294 _____ () C:\Users\REACTORUL\Desktop\attach.txt
2014-11-19 23:30 - 2014-11-19 23:31 - 00688992 ____R (Swearware) C:\Users\REACTORUL\Desktop\dds.com
2014-11-19 22:47 - 2014-11-19 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-11-19 22:47 - 2014-11-19 22:47 - 00000000 ____D () C:\ProgramData\ESET
2014-11-19 22:47 - 2014-11-19 22:47 - 00000000 ____D () C:\Program Files\ESET
2014-11-19 22:32 - 2014-11-19 22:34 - 00000000 ____D () C:\AdwCleaner
2014-11-18 19:29 - 2014-11-18 19:29 - 00000000 ____D () C:\ProgramData\3872871776
2014-11-18 18:51 - 2014-11-18 18:51 - 00000000 ____D () C:\ProgramData\Trusted Publisher
2014-11-18 18:51 - 2014-11-18 18:51 - 00000000 ____D () C:\ProgramData\7366858982917936609
2014-11-18 18:50 - 2014-11-18 18:50 - 00000000 ____D () C:\ProgramData\fadenjodbcnbbpgpdceioklpflipfleb
2014-11-16 14:24 - 2014-11-16 14:24 - 00001126 _____ () C:\Windows\PFRO.log
2014-11-16 10:49 - 2014-11-16 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-11-16 01:32 - 2014-11-16 01:32 - 00000000 ____D () C:\Users\REACTORUL\AppData\Roaming\11bitstudios
2014-11-16 01:29 - 2014-11-16 01:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\This War of Mine
2014-11-15 19:01 - 2014-11-15 19:01 - 00000000 ____D () C:\ProgramData\NFS Underground
2014-11-15 18:59 - 2014-11-15 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2014-11-14 23:24 - 2014-11-14 23:24 - 393853718 _____ () C:\Windows\MEMORY.DMP
2014-11-14 23:24 - 2014-11-14 23:24 - 00532216 _____ () C:\Windows\Minidump\111414-13556-01.dmp
2014-11-14 23:24 - 2014-11-14 23:24 - 00000000 ____D () C:\Windows\Minidump
2014-11-14 23:19 - 2014-11-04 02:04 - 31891784 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 24555208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 20923712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 19966344 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 18514080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 17259848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 14031448 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 13943904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 13207184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-14 23:19 - 2014-11-04 02:04 - 11397208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 11335408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 04289168 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 04009672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 02849736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434465.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434465.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 00962704 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 00922256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 00898192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 00870624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 00391824 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 00349504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-14 23:19 - 2014-11-04 02:04 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-14 23:04 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-14 23:04 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-11-14 23:04 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-14 23:04 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-11-14 23:04 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-14 23:04 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-11-14 23:03 - 2014-10-03 21:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-14 23:03 - 2014-10-03 21:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-12 01:31 - 2014-11-12 13:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-10 19:21 - 2014-11-20 14:29 - 00003911 _____ () C:\Windows\setupact.log
2014-11-10 19:21 - 2014-11-10 19:21 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-08 10:03 - 2014-11-08 10:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
2014-11-04 00:24 - 2014-11-05 01:12 - 00000000 ____D () C:\Users\REACTORUL\Documents\SimCity 4
2014-11-04 00:21 - 2014-11-04 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
2014-11-04 00:19 - 2014-11-04 00:19 - 00000533 _____ () C:\Windows\eReg.dat
2014-10-26 22:55 - 2014-10-26 22:56 - 00000066 _____ () C:\Users\REACTORUL\.atl.properties
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-20 14:36 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 14:36 - 2009-07-14 06:45 - 00021072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 14:31 - 2014-05-22 19:50 - 01223103 _____ () C:\Windows\WindowsUpdate.log
2014-11-20 14:29 - 2014-08-21 09:35 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-20 14:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 00:53 - 2014-08-21 09:35 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-20 00:47 - 2014-05-22 21:45 - 00000000 ____D () C:\Users\REACTORUL\AppData\Roaming\uTorrent
2014-11-20 00:45 - 2014-06-17 20:53 - 00000000 ____D () C:\Users\REACTORUL\AppData\Roaming\Skype
2014-11-20 00:10 - 2014-05-22 21:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-19 18:09 - 2014-05-22 22:01 - 00000000 ____D () C:\Users\REACTORUL\AppData\Local\Battle.net
2014-11-19 16:23 - 2014-06-22 08:42 - 00000000 ____D () C:\Users\REACTORUL\AppData\Roaming\Spotify
2014-11-19 16:18 - 2014-06-22 08:42 - 00000000 ____D () C:\Users\REACTORUL\AppData\Local\Spotify
2014-11-19 11:52 - 2014-05-22 22:01 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-11-18 22:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-16 11:38 - 2014-05-09 14:58 - 00000000 ____D () C:\Users\REACTORUL\Documents\My Games
2014-11-16 11:21 - 2014-06-07 19:09 - 00000000 ____D () C:\ProgramData\Origin
2014-11-15 20:48 - 2014-08-21 09:35 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-15 20:48 - 2014-08-21 09:35 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 18:59 - 2014-09-02 13:22 - 00000000 ____D () C:\Users\REACTORUL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-11-15 18:57 - 2014-05-22 22:44 - 00000000 ____D () C:\Users\REACTORUL\AppData\Roaming\DAEMON Tools Pro
2014-11-14 23:24 - 2014-05-22 20:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-14 23:04 - 2014-05-22 20:20 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-13 00:47 - 2009-07-14 07:13 - 00795934 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-12 23:10 - 2014-05-22 21:00 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-12 23:10 - 2014-05-22 21:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-12 23:10 - 2014-05-22 21:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-12 11:46 - 2014-06-22 08:37 - 00000000 ____D () C:\Program Files (x86)\TunnelBear
2014-11-09 01:29 - 2014-10-20 18:57 - 00000000 ____D () C:\Users\REACTORUL\AppData\Local\PokerStars.EU
2014-11-06 19:06 - 2014-06-02 18:38 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-11-06 19:06 - 2014-06-02 18:38 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-11-06 19:06 - 2014-05-22 20:24 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-11-06 19:06 - 2014-05-22 20:24 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-11-04 20:28 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-04 02:04 - 2014-05-22 20:28 - 20985544 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-04 02:04 - 2014-05-22 20:28 - 16884632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-04 02:04 - 2014-05-22 20:28 - 03238040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-04 02:04 - 2014-05-22 20:28 - 00987520 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-11-04 02:04 - 2014-05-22 20:28 - 00027094 _____ () C:\Windows\system32\nvinfo.pb
2014-11-01 10:30 - 2014-05-22 20:51 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-31 14:18 - 2014-09-17 09:14 - 00000000 ____D () C:\Users\REACTORUL\AppData\Local\Glyph
2014-10-26 22:55 - 2014-05-22 19:48 - 00000000 ____D () C:\Users\REACTORUL
2014-10-22 12:18 - 2014-10-20 18:57 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-10-21 16:26 - 2014-05-22 22:01 - 00000000 ____D () C:\Users\REACTORUL\AppData\Roaming\Battle.net
 
Some content of TEMP:
====================
C:\Users\REACTORUL\AppData\Local\Temp\AutoRun.exe
C:\Users\REACTORUL\AppData\Local\Temp\AutoRunGUI.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-15 01:32
 
==================== End Of Log ============================

Edited by calinoi, 20 November 2014 - 07:43 AM.


#4 calinoi

calinoi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 20 November 2014 - 07:44 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2014
Ran by REACTORUL at 2014-11-20 14:40:24
Running from C:\Users\REACTORUL\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 4.0 (Enabled - Up to date) {CB0F8167-5331-BA19-698E-64816B6801A5}
AS: ESET NOD32 Antivirus 4.0 (Enabled - Up to date) {706E6083-750B-B597-533E-5FF310EF4B18}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3466372072-2229856283-2406641192-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.66.1075 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse Client (HKU\S-1-5-21-3466372072-2229856283-2406641192-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.4.0.0377 - Disc Soft Ltd)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM-x32\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
DirectX for Managed Code (HKLM\...\{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1) (Version: 1.0.0.0 - Sereby Corporation)
ESET NOD32 Antivirus (HKLM\...\{4183655A-5FC6-4A23-A804-7764145EC57C}) (Version: 4.0.468.0 - ESET, spol s r. o.)
Evolve (HKLM-x32\...\Steam App 273350) (Version:  - Turtle Rock Studios)
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iFunBox 2014 (v3.1.562.425), iFunbox DevTeam (HKLM-x32\...\iFunBox 2014_is1) (Version: v3.1.562.425 - )
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045F0}) (Version: 7.0.450 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.11 - www.leaguereplays.com)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60830 (HKLM-x32\...\{c7ed0d4c-89c5-47fc-9e89-1088affe63f3}) (Version: 11.0.60830.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60830 (HKLM-x32\...\{9dba0447-b749-41ea-90bc-2aa19a9eb580}) (Version: 11.0.60830.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Middle Earth Shadow of Mordor (HKLM-x32\...\Middle Earth Shadow of Mordor_is1) (Version:  - )
MouseServer version 1.5.0.0 (HKLM-x32\...\{E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1) (Version: 1.5.0.0 - Necta Co.)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Need For Speed Underground (HKLM-x32\...\{A99968BE-C155-474C-0089-33239DEE1CE2}) (Version:  - )
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.1.5.34983 - Grinding Gear Games)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Razer Game Booster (HKLM-x32\...\Razer Game Booster_is1) (Version: 4.2.45.0 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_16 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3466372072-2229856283-2406641192-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
TeamSpeak 3 Client (HKU\S-1-5-21-3466372072-2229856283-2406641192-1000\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Sims 4 Update v1.2.16.10 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
The Walking Dead Episode 5 © Telltales version 1 (HKLM-x32\...\The Walking Dead Episode 5 © Telltales_is1) (Version: 1 - )
This War of Mine (HKLM-x32\...\{5FD7B6B3-08C7-4FEE-9C37-A2134C699885}}_is1) (Version: 1 - 11 bit studios)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
TunnelBear (HKLM-x32\...\{625f2249-d094-455e-8548-72ca683eb9d3}) (Version: 2.2.21.0 - TunnelBear)
TunnelBear (x32 Version: 2.2.21.0 - TunnelBear) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.01 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.1 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Beta (HKLM-x32\...\World of Warcraft Beta) (Version:  - Blizzard Entertainment)
YTD Video Downloader 4.8.3 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.3 - GreenTree Applications SRL) <==== ATTENTION
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3466372072-2229856283-2406641192-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3466372072-2229856283-2406641192-1000_Classes\CLSID\{c0379fe0-97b7-4bdf-8152-5e6bb4de7204}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
14-11-2014 21:04:07 Installed DirectX
19-11-2014 20:47:40 Installed ESET NOD32 Antivirus
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {09CE666F-7A53-4C07-A34D-FCBB7AA7EE91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: {14BB0D90-56E2-44B9-9B79-E5E10A57C892} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {7763A50B-81EA-4F97-B88D-A4653B394A0C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12] (Adobe Systems Incorporated)
Task: {8B6FA0F5-C8F1-44E0-A6CA-CEFA03837FCD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {9DD86C8F-41AD-4188-A26D-460B9AFFE390} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-05-22 20:31 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-10-28 17:47 - 2014-10-22 06:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 17:47 - 2014-10-22 06:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 17:47 - 2014-10-22 06:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 17:47 - 2014-10-22 06:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-28 17:47 - 2014-10-22 06:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3466372072-2229856283-2406641192-500 - Administrator - Disabled)
Guest (S-1-5-21-3466372072-2229856283-2406641192-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3466372072-2229856283-2406641192-1004 - Limited - Enabled)
REACTORUL (S-1-5-21-3466372072-2229856283-2406641192-1000 - Administrator - Enabled) => C:\Users\REACTORUL
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/20/2014 02:30:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/19/2014 09:48:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/19/2014 03:45:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/19/2014 10:41:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/18/2014 07:42:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/18/2014 07:25:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/18/2014 05:42:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/17/2014 08:48:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/17/2014 07:17:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
Faulting module name: rads_user_kernel.exe, version: 0.0.0.0, time stamp: 0x4e65c1ac
Exception code: 0xc0000005
Fault offset: 0x000b8554
Faulting process id: 0x16f4
Faulting application start time: 0xrads_user_kernel.exe0
Faulting application path: rads_user_kernel.exe1
Faulting module path: rads_user_kernel.exe2
Report Id: rads_user_kernel.exe3
 
Error: (11/17/2014 10:01:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/19/2014 07:11:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/19/2014 01:57:58 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (11/17/2014 08:45:21 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (11/14/2014 11:24:13 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000116 (0xfffffa80060e3010, 0xfffff88008b93288, 0x0000000000000000, 0x0000000000000002)C:\Windows\MEMORY.DMP111414-13556-01
 
Error: (11/14/2014 11:24:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:19:25 PM on ‎11/‎14/‎2014 was unexpected.
 
Error: (11/12/2014 00:45:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
Error: (11/07/2014 00:00:54 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:00:22 AM on ‎11/‎7/‎2014 was unexpected.
 
Error: (11/02/2014 02:24:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Time service terminated with the following error: 
%%1115
 
Error: (11/01/2014 02:39:45 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: 
%%1056
 
Error: (11/01/2014 02:38:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Desktop Window Manager Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
Error: (11/20/2014 02:30:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/19/2014 09:48:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/19/2014 03:45:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/19/2014 10:41:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/18/2014 07:42:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/18/2014 07:25:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/18/2014 05:42:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/17/2014 08:48:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/17/2014 07:17:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: rads_user_kernel.exe0.0.0.04e65c1acrads_user_kernel.exe0.0.0.04e65c1acc0000005000b855416f401d0028a5f1a0476D:\Games\LoL\RADS\system\rads_user_kernel.exeD:\Games\LoL\RADS\system\rads_user_kernel.exe9df0f28d-6e7d-11e4-ad84-94de80b5f8db
 
Error: (11/17/2014 10:01:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 54%
Total physical RAM: 3984 MB
Available physical RAM: 1825.62 MB
Total Pagefile: 7966.18 MB
Available Pagefile: 5411.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.31 GB) (Free:40.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:833.86 GB) (Free:186.27 GB) NTFS
Drive e: (WAR) (CDROM) (Total:0.73 GB) (Free:0 GB) CDFS
Drive f: (Far Cry 4) (CDROM) (Total:26.71 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6047D949)
Partition 1: (Active) - (Size=97.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 AM

Posted 20 November 2014 - 07:35 PM

Hi, let's get started. :)

The infection on your machine has changed your current version of Chrome to a development version which makes it easier for the malware to bypass Chrome's security. Once we get done cleaning the machine and I give you the all clear, you'll need to do a complete reinstallation of Chrome.



The Dangers of P2P Programs

I noticed that you have a P2P file sharing program (uTorrent) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Program Removal and Fix with FRST


Please uninstall the following program as it is a known malware/adware related program: YTD Video Downloader 4.8.3

Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3466372072-2229856283-2406641192-1000\...\Run: [AdobeBridge] => [X]
C:\ProgramData\fadenjodbcnbbpgpdceioklpflipfleb
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#6 calinoi

calinoi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 21 November 2014 - 04:24 AM

Ok,so I did uninstall utorrent and youtube downlaoder,and here are the logs.

Attached Files



#7 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 AM

Posted 21 November 2014 - 06:43 AM

Hi :)

In the future, please copy and paste the logs into your replies rather than attaching them. It makes them much easier to analyze. :)

Please re-run Step 3, AdwCleaner, and upon completion of the scan, push the Clean button. Please post that log in your next reply.

Once I see that log, we'll continue with the cleaning. :thumbup2:

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#8 calinoi

calinoi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 21 November 2014 - 07:45 AM

Ok,sorry for that :D here's the log :

 

btw,is it clean now ? 

 

 

# AdwCleaner v4.101 - Report created 21/11/2014 at 14:42:16
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : REACTORUL - REACTORUL-PC
# Running from : C:\Users\REACTORUL\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v33.1 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.65
 
 
-\\ Comodo Dragon v
 
 
*************************
 
AdwCleaner[R0].txt - [7144 octets] - [19/11/2014 22:33:38]
AdwCleaner[R1].txt - [742 octets] - [21/11/2014 14:42:16]
AdwCleaner[S0].txt - [7471 octets] - [21/11/2014 11:15:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [861 octets] ##########

Edited by calinoi, 21 November 2014 - 07:46 AM.


#9 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 AM

Posted 21 November 2014 - 07:55 AM

Ok,sorry for that :D here's the log :



btw,is it clean now ?


No worries :) Not quite yet, we still have some work to do. We need to run a couple more scans to check for remnants and such. How is the machine running right now?


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#10 calinoi

calinoi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 21 November 2014 - 01:14 PM

 Results of screen317's Security Check version 0.99.90  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 4.0   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 45  
 Java 7 Update 55  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.223  
 Adobe Reader XI  
 Mozilla Firefox (33.1) 
 Google Chrome (38.0.2125.111) 
 Google Chrome (39.0.2171.65) 
 Google Chrome (chrome.exe..) 
 Google Chrome (debug.log..) 
 Google Chrome (Dictionaries...) 
 Google Chrome (master_preferences...) 
 Google Chrome (old_chrome.exe..) 
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 
 
 
 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8646e0192ce0e34e9ca569a1902a55d1
# engine=21203
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-21 03:43:34
# local_time=2014-11-21 05:43:34 (+0200, GTB Standard Time)
# country="Romania"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 14451447 168214464 0 0
# compatibility_mode_1='ESET NOD32 Antivirus 4'
# compatibility_mode=8199 16776701 100 75 13876 162362828 0 0
# scanned=193844
# found=20
# cleaned=0
# scan_time=8875
# nod_component=V3 Build:0x30000000
sh=FDDB1E1D86B8BF1FE8006D9990365ACA0C48A465 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js"
sh=FDDB1E1D86B8BF1FE8006D9990365ACA0C48A465 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js"
sh=69C486F502D98134B649232EB28A685D66664242 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jicmmoedimfidlkbpkgjifpegcfmegpc\2.14\content.js"
sh=FDDB1E1D86B8BF1FE8006D9990365ACA0C48A465 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jidndkgndlobbhpjbdjomcpgkmpjphjo\2.14\content.js"
sh=FDDB1E1D86B8BF1FE8006D9990365ACA0C48A465 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khlhdjlbggkajhjgijhajppmfdnjniio\1.0\content.js"
sh=69C486F502D98134B649232EB28A685D66664242 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfckdjfpmpemamfpdflomlnhbcdjbeha\2.14\content.js"
sh=FDDB1E1D86B8BF1FE8006D9990365ACA0C48A465 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js"
sh=FDDB1E1D86B8BF1FE8006D9990365ACA0C48A465 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js"
sh=FDDB1E1D86B8BF1FE8006D9990365ACA0C48A465 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\REACTORUL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js"
sh=69C486F502D98134B649232EB28A685D66664242 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jicmmoedimfidlkbpkgjifpegcfmegpc\2.14\content.js"
sh=FDDB1E1D86B8BF1FE8006D9990365ACA0C48A465 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jidndkgndlobbhpjbdjomcpgkmpjphjo\2.14\content.js"
sh=FDDB1E1D86B8BF1FE8006D9990365ACA0C48A465 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khlhdjlbggkajhjgijhajppmfdnjniio\1.0\content.js"
sh=69C486F502D98134B649232EB28A685D66664242 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfckdjfpmpemamfpdflomlnhbcdjbeha\2.14\content.js"
sh=FDDB1E1D86B8BF1FE8006D9990365ACA0C48A465 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js"
sh=AE1B794E89AE0CD050DBE7F714F627E1836D5141 ft=1 fh=19dff25f465fb0e8 vn="Win32/DownWare.L potentially unwanted application" ac=I fn="D:\Download\DAEMON.Tools.Pro.Advanced.v5.4.0.0377.Cracked-P2P\DAEMON.Tools.Pro.Advanced.v5.4.0.0377.Cracked-P2P\DAEMONToolsPro540-0377.exe"
sh=A6D55B7D5B4E4FB5DBBFFAFD36BF98AD22E3865C ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.CC potentially unsafe application" ac=I fn="D:\Download\The.Walking.Dead.Episode.5-RELOADED\rld-twdep5.iso"
sh=03686C6774854588AC587BF59A2D311028C29506 ft=1 fh=25a6ecab3f09fa11 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="D:\Games\SimCity\SimCity\1911.dll"
sh=05FF92BFB54B2B3CEE8031952C2151D6CAD5E4A9 ft=1 fh=4592cd5e2b2b049b vn="a variant of Win32/HackTool.Crack.CC potentially unsafe application" ac=I fn="D:\Games\The Walking Dead S1\steam_api.dll"
sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="D:\kit\ccsetup416.exe"
sh=21825C03CB1A667D80033F0E3B10EADC3F4EB847 ft=1 fh=4d81a715f53ac34e vn="a variant of Win32/Toolbar.Widgi.G potentially unwanted application" ac=I fn="D:\kit\YTDSetup.exe"
 
 
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 21.11.2014
Scan Time: 15:02:56
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.21.06
Rootkit Database: v2014.11.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: REACTORUL
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 347602
Time Elapsed: 5 min, 48 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
Rogue.Multiple, C:\ProgramData\3872871776, Quarantined, [e35c87b6f28a58dee3b77b7e14ee2ed2], 
 
Files: 1
Rogue.Multiple, C:\ProgramData\3872871776\BIT19E7.tmp, Quarantined, [e35c87b6f28a58dee3b77b7e14ee2ed2], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 


#11 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 AM

Posted 21 November 2014 - 10:11 PM

Let's get rid of the infected files that ESET found.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jicmmoedimfidlkbpkgjifpegcfmegpc\2.14\content.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jidndkgndlobbhpjbdjomcpgkmpjphjo\2.14\content.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khlhdjlbggkajhjgijhajppmfdnjniio\1.0\content.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfckdjfpmpemamfpdflomlnhbcdjbeha\2.14\content.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js
C:\Users\REACTORUL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js
C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jicmmoedimfidlkbpkgjifpegcfmegpc\2.14\content.js
C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jidndkgndlobbhpjbdjomcpgkmpjphjo\2.14\content.js
C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khlhdjlbggkajhjgijhajppmfdnjniio\1.0\content.js
C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfckdjfpmpemamfpdflomlnhbcdjbeha\2.14\content.js
C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js
D:\Download\DAEMON.Tools.Pro.Advanced.v5.4.0.0377.Cracked-P2P\DAEMON.Tools.Pro.Advanced.v5.4.0.0377.Cracked-P2P\DAEMONToolsPro540-0377.exe
D:\Download\The.Walking.Dead.Episode.5-RELOADED\rld-twdep5.iso
D:\Games\SimCity\SimCity\1911.dll
D:\Games\The Walking Dead S1\steam_api.dll
D:\kit\ccsetup416.exe
D:\kit\YTDSetup.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Things I need to see in your next post:

Fixlog.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#12 calinoi

calinoi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 22 November 2014 - 03:26 AM

Oh and by the way,my computer is slower than ever  :( Anyway,here is the log: 

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-11-2014
Ran by REACTORUL at 2014-11-22 10:23:11 Run:2
Running from C:\Users\REACTORUL\Desktop
Loaded Profile: REACTORUL (Available profiles: REACTORUL)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jicmmoedimfidlkbpkgjifpegcfmegpc\2.14\content.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jidndkgndlobbhpjbdjomcpgkmpjphjo\2.14\content.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khlhdjlbggkajhjgijhajppmfdnjniio\1.0\content.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfckdjfpmpemamfpdflomlnhbcdjbeha\2.14\content.js
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js
C:\Users\REACTORUL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js
C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jicmmoedimfidlkbpkgjifpegcfmegpc\2.14\content.js
C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jidndkgndlobbhpjbdjomcpgkmpjphjo\2.14\content.js
C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khlhdjlbggkajhjgijhajppmfdnjniio\1.0\content.js
C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfckdjfpmpemamfpdflomlnhbcdjbeha\2.14\content.js
C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js
D:\Download\DAEMON.Tools.Pro.Advanced.v5.4.0.0377.Cracked-P2P\DAEMON.Tools.Pro.Advanced.v5.4.0.0377.Cracked-P2P\DAEMONToolsPro540-0377.exe
D:\Download\The.Walking.Dead.Episode.5-RELOADED\rld-twdep5.iso
D:\Games\SimCity\SimCity\1911.dll
D:\Games\The Walking Dead S1\steam_api.dll
D:\kit\ccsetup416.exe
D:\kit\YTDSetup.exe
End
*****************
 
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jicmmoedimfidlkbpkgjifpegcfmegpc\2.14\content.js => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jidndkgndlobbhpjbdjomcpgkmpjphjo\2.14\content.js => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khlhdjlbggkajhjgijhajppmfdnjniio\1.0\content.js => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfckdjfpmpemamfpdflomlnhbcdjbeha\2.14\content.js => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js => Moved successfully.
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js => Moved successfully.
C:\Users\REACTORUL\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js => Moved successfully.
C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jicmmoedimfidlkbpkgjifpegcfmegpc\2.14\content.js => Moved successfully.
C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jidndkgndlobbhpjbdjomcpgkmpjphjo\2.14\content.js => Moved successfully.
C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\khlhdjlbggkajhjgijhajppmfdnjniio\1.0\content.js => Moved successfully.
C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mfckdjfpmpemamfpdflomlnhbcdjbeha\2.14\content.js => Moved successfully.
C:\Users\REACTORUL\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig\107\content.js => Moved successfully.
D:\Download\DAEMON.Tools.Pro.Advanced.v5.4.0.0377.Cracked-P2P\DAEMON.Tools.Pro.Advanced.v5.4.0.0377.Cracked-P2P\DAEMONToolsPro540-0377.exe => Moved successfully.
D:\Download\The.Walking.Dead.Episode.5-RELOADED\rld-twdep5.iso => Moved successfully.
D:\Games\SimCity\SimCity\1911.dll => Moved successfully.
D:\Games\The Walking Dead S1\steam_api.dll => Moved successfully.
D:\kit\ccsetup416.exe => Moved successfully.
D:\kit\YTDSetup.exe => Moved successfully.
 
==== End of Fixlog ====


#13 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 AM

Posted 22 November 2014 - 04:26 AM

Oh and by the way,my computer is slower than ever :( Anyway,here is the log:


Ok, thank you for the update. Let's take a look and see if anything more nefarious is hiding on your system.


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!

Things I need to see in your next post:

TDSSKiller Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#14 calinoi

calinoi
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 22 November 2014 - 05:41 AM

12:39:39.0300 0x1380  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
12:39:43.0013 0x1380  ============================================================
12:39:43.0013 0x1380  Current date / time: 2014/11/22 12:39:43.0013
12:39:43.0013 0x1380  SystemInfo:
12:39:43.0013 0x1380  
12:39:43.0013 0x1380  OS Version: 6.1.7601 ServicePack: 1.0
12:39:43.0013 0x1380  Product type: Workstation
12:39:43.0013 0x1380  ComputerName: REACTORUL-PC
12:39:43.0013 0x1380  UserName: REACTORUL
12:39:43.0013 0x1380  Windows directory: C:\Windows
12:39:43.0013 0x1380  System windows directory: C:\Windows
12:39:43.0013 0x1380  Running under WOW64
12:39:43.0013 0x1380  Processor architecture: Intel x64
12:39:43.0013 0x1380  Number of processors: 4
12:39:43.0013 0x1380  Page size: 0x1000
12:39:43.0013 0x1380  Boot type: Normal boot
12:39:43.0013 0x1380  ============================================================
12:39:44.0495 0x1380  KLMD registered as C:\Windows\system32\drivers\31704331.sys
12:39:44.0807 0x1380  System UUID: {4F429D97-0860-ABE0-66DE-124FA4E91810}
12:39:45.0206 0x1380  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:39:45.0206 0x1380  ============================================================
12:39:45.0206 0x1380  \Device\Harddisk0\DR0:
12:39:45.0206 0x1380  MBR partitions:
12:39:45.0206 0x1380  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0xC2A0800
12:39:45.0206 0x1380  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x683B6000
12:39:45.0206 0x1380  ============================================================
12:39:45.0222 0x1380  C: <-> \Device\Harddisk0\DR0\Partition1
12:39:45.0253 0x1380  D: <-> \Device\Harddisk0\DR0\Partition2
12:39:45.0253 0x1380  ============================================================
12:39:45.0253 0x1380  Initialize success
12:39:45.0253 0x1380  ============================================================
12:40:18.0451 0x0ac4  ============================================================
12:40:18.0451 0x0ac4  Scan started
12:40:18.0451 0x0ac4  Mode: Manual; SigCheck; TDLFS; 
12:40:18.0451 0x0ac4  ============================================================
12:40:18.0451 0x0ac4  KSN ping started
12:40:21.0131 0x0ac4  KSN ping finished: true
12:40:21.0568 0x0ac4  ================ Scan system memory ========================
12:40:21.0568 0x0ac4  System memory - ok
12:40:21.0568 0x0ac4  ================ Scan services =============================
12:40:21.0708 0x0ac4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:40:21.0771 0x0ac4  1394ohci - ok
12:40:21.0802 0x0ac4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:40:21.0802 0x0ac4  ACPI - ok
12:40:21.0817 0x0ac4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:40:21.0849 0x0ac4  AcpiPmi - ok
12:40:21.0911 0x0ac4  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:40:21.0927 0x0ac4  AdobeARMservice - ok
12:40:21.0989 0x0ac4  [ D51145F6B0CE987850F13A61DAD5E531, 67CB6AB8C42781FA717CBEF81F3C658747E3B7814383056A56EDA99583FDBFD5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:40:21.0989 0x0ac4  AdobeFlashPlayerUpdateSvc - ok
12:40:22.0005 0x0ac4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:40:22.0020 0x0ac4  adp94xx - ok
12:40:22.0036 0x0ac4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:40:22.0051 0x0ac4  adpahci - ok
12:40:22.0067 0x0ac4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:40:22.0067 0x0ac4  adpu320 - ok
12:40:22.0083 0x0ac4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:40:22.0145 0x0ac4  AeLookupSvc - ok
12:40:22.0176 0x0ac4  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
12:40:22.0207 0x0ac4  AFD - ok
12:40:22.0223 0x0ac4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:40:22.0223 0x0ac4  agp440 - ok
12:40:22.0223 0x0ac4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:40:22.0254 0x0ac4  ALG - ok
12:40:22.0270 0x0ac4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:40:22.0285 0x0ac4  aliide - ok
12:40:22.0285 0x0ac4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:40:22.0301 0x0ac4  amdide - ok
12:40:22.0301 0x0ac4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:40:22.0317 0x0ac4  AmdK8 - ok
12:40:22.0332 0x0ac4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:40:22.0348 0x0ac4  AmdPPM - ok
12:40:22.0348 0x0ac4  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:40:22.0363 0x0ac4  amdsata - ok
12:40:22.0379 0x0ac4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:40:22.0379 0x0ac4  amdsbs - ok
12:40:22.0395 0x0ac4  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:40:22.0395 0x0ac4  amdxata - ok
12:40:22.0395 0x0ac4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
12:40:22.0488 0x0ac4  AppID - ok
12:40:22.0488 0x0ac4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:40:22.0519 0x0ac4  AppIDSvc - ok
12:40:22.0535 0x0ac4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
12:40:22.0551 0x0ac4  Appinfo - ok
12:40:22.0707 0x0ac4  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:40:22.0707 0x0ac4  Apple Mobile Device - ok
12:40:22.0738 0x0ac4  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:40:22.0756 0x0ac4  AppMgmt - ok
12:40:22.0772 0x0ac4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
12:40:22.0772 0x0ac4  arc - ok
12:40:22.0788 0x0ac4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:40:22.0803 0x0ac4  arcsas - ok
12:40:22.0881 0x0ac4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:40:22.0881 0x0ac4  aspnet_state - ok
12:40:22.0897 0x0ac4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:40:22.0928 0x0ac4  AsyncMac - ok
12:40:22.0944 0x0ac4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:40:22.0944 0x0ac4  atapi - ok
12:40:22.0975 0x0ac4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:40:23.0006 0x0ac4  AudioEndpointBuilder - ok
12:40:23.0006 0x0ac4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:40:23.0037 0x0ac4  AudioSrv - ok
12:40:23.0053 0x0ac4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:40:23.0084 0x0ac4  AxInstSV - ok
12:40:23.0100 0x0ac4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:40:23.0131 0x0ac4  b06bdrv - ok
12:40:23.0146 0x0ac4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:40:23.0178 0x0ac4  b57nd60a - ok
12:40:23.0193 0x0ac4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:40:23.0209 0x0ac4  BDESVC - ok
12:40:23.0209 0x0ac4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:40:23.0240 0x0ac4  Beep - ok
12:40:23.0256 0x0ac4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
12:40:23.0287 0x0ac4  BFE - ok
12:40:23.0334 0x0ac4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
12:40:23.0365 0x0ac4  BITS - ok
12:40:23.0380 0x0ac4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:40:23.0396 0x0ac4  blbdrive - ok
12:40:23.0427 0x0ac4  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:40:23.0443 0x0ac4  Bonjour Service - ok
12:40:23.0474 0x0ac4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:40:23.0490 0x0ac4  bowser - ok
12:40:23.0490 0x0ac4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:40:23.0505 0x0ac4  BrFiltLo - ok
12:40:23.0505 0x0ac4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:40:23.0521 0x0ac4  BrFiltUp - ok
12:40:23.0536 0x0ac4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:40:23.0552 0x0ac4  Browser - ok
12:40:23.0568 0x0ac4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:40:23.0599 0x0ac4  Brserid - ok
12:40:23.0599 0x0ac4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:40:23.0614 0x0ac4  BrSerWdm - ok
12:40:23.0630 0x0ac4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:40:23.0630 0x0ac4  BrUsbMdm - ok
12:40:23.0630 0x0ac4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:40:23.0646 0x0ac4  BrUsbSer - ok
12:40:23.0646 0x0ac4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:40:23.0661 0x0ac4  BTHMODEM - ok
12:40:23.0677 0x0ac4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:40:23.0708 0x0ac4  bthserv - ok
12:40:23.0724 0x0ac4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:40:23.0739 0x0ac4  cdfs - ok
12:40:23.0786 0x0ac4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:40:23.0786 0x0ac4  cdrom - ok
12:40:23.0802 0x0ac4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:40:23.0833 0x0ac4  CertPropSvc - ok
12:40:23.0833 0x0ac4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:40:23.0849 0x0ac4  circlass - ok
12:40:23.0849 0x0ac4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
12:40:23.0864 0x0ac4  CLFS - ok
12:40:23.0895 0x0ac4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:40:23.0895 0x0ac4  clr_optimization_v2.0.50727_32 - ok
12:40:23.0911 0x0ac4  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:40:23.0927 0x0ac4  clr_optimization_v2.0.50727_64 - ok
12:40:23.0973 0x0ac4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:40:23.0973 0x0ac4  clr_optimization_v4.0.30319_32 - ok
12:40:23.0973 0x0ac4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:40:23.0989 0x0ac4  clr_optimization_v4.0.30319_64 - ok
12:40:23.0989 0x0ac4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:40:24.0020 0x0ac4  CmBatt - ok
12:40:24.0036 0x0ac4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:40:24.0036 0x0ac4  cmdide - ok
12:40:24.0074 0x0ac4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
12:40:24.0090 0x0ac4  CNG - ok
12:40:24.0093 0x0ac4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:40:24.0098 0x0ac4  Compbatt - ok
12:40:24.0105 0x0ac4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:40:24.0119 0x0ac4  CompositeBus - ok
12:40:24.0121 0x0ac4  COMSysApp - ok
12:40:24.0206 0x0ac4  [ 15FBADDC84ED202E59A4F1B201CC692C, A50092155B18DAD51049A72503002F08C1BB2DFDA239C4D3555360C163F2F782 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
12:40:24.0242 0x0ac4  cphs - ok
12:40:24.0253 0x0ac4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:40:24.0259 0x0ac4  crcdisk - ok
12:40:24.0284 0x0ac4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:40:24.0302 0x0ac4  CryptSvc - ok
12:40:24.0322 0x0ac4  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
12:40:24.0368 0x0ac4  CSC - ok
12:40:24.0384 0x0ac4  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
12:40:24.0400 0x0ac4  CscService - ok
12:40:24.0431 0x0ac4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:40:24.0462 0x0ac4  DcomLaunch - ok
12:40:24.0493 0x0ac4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:40:24.0509 0x0ac4  defragsvc - ok
12:40:24.0524 0x0ac4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:40:24.0540 0x0ac4  DfsC - ok
12:40:24.0556 0x0ac4  [ 1E0F456A03E204F92D24437CD907A512, 8BB28AF33BDEFFECC4EC5C6BFBFBDA525A32FA6A26382353E01FF94BAD2A200C ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:40:24.0571 0x0ac4  dg_ssudbus - ok
12:40:24.0587 0x0ac4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:40:24.0618 0x0ac4  Dhcp - ok
12:40:24.0618 0x0ac4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:40:24.0649 0x0ac4  discache - ok
12:40:24.0680 0x0ac4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
12:40:24.0680 0x0ac4  Disk - ok
12:40:24.0696 0x0ac4  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
12:40:24.0727 0x0ac4  dmvsc - ok
12:40:24.0762 0x0ac4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:40:24.0778 0x0ac4  Dnscache - ok
12:40:24.0778 0x0ac4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:40:24.0810 0x0ac4  dot3svc - ok
12:40:24.0825 0x0ac4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:40:24.0841 0x0ac4  DPS - ok
12:40:24.0872 0x0ac4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:40:24.0888 0x0ac4  drmkaud - ok
12:40:24.0934 0x0ac4  [ 9090485DB1A2A76D5F20893ED25C2BD8, 3582224348DF2C71424638ED62FDF0945D2F8EEE445A8F19DF7E3D646728D00F ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:40:24.0934 0x0ac4  dtsoftbus01 - ok
12:40:24.0966 0x0ac4  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:40:24.0997 0x0ac4  DXGKrnl - ok
12:40:25.0012 0x0ac4  EagleX64 - ok
12:40:25.0028 0x0ac4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:40:25.0059 0x0ac4  EapHost - ok
12:40:25.0059 0x0ac4  EasyAntiCheat - ok
12:40:25.0122 0x0ac4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:40:25.0200 0x0ac4  ebdrv - ok
12:40:25.0215 0x0ac4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
12:40:25.0231 0x0ac4  EFS - ok
12:40:25.0278 0x0ac4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:40:25.0309 0x0ac4  ehRecvr - ok
12:40:25.0309 0x0ac4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:40:25.0324 0x0ac4  ehSched - ok
12:40:25.0356 0x0ac4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:40:25.0371 0x0ac4  elxstor - ok
12:40:25.0371 0x0ac4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:40:25.0402 0x0ac4  ErrDev - ok
12:40:25.0418 0x0ac4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:40:25.0449 0x0ac4  EventSystem - ok
12:40:25.0465 0x0ac4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:40:25.0496 0x0ac4  exfat - ok
12:40:25.0496 0x0ac4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:40:25.0527 0x0ac4  fastfat - ok
12:40:25.0543 0x0ac4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:40:25.0574 0x0ac4  Fax - ok
12:40:25.0590 0x0ac4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
12:40:25.0605 0x0ac4  fdc - ok
12:40:25.0605 0x0ac4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:40:25.0621 0x0ac4  fdPHost - ok
12:40:25.0636 0x0ac4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:40:25.0652 0x0ac4  FDResPub - ok
12:40:25.0668 0x10b8  Object required for P2P: [ D51145F6B0CE987850F13A61DAD5E531 ] AdobeFlashPlayerUpdateSvc
12:40:25.0668 0x0ac4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:40:25.0683 0x0ac4  FileInfo - ok
12:40:25.0683 0x0ac4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:40:25.0699 0x0ac4  Filetrace - ok
12:40:25.0714 0x0ac4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:40:25.0714 0x0ac4  flpydisk - ok
12:40:25.0730 0x0ac4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:40:25.0730 0x0ac4  FltMgr - ok
12:40:25.0792 0x0ac4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
12:40:25.0839 0x0ac4  FontCache - ok
12:40:25.0870 0x0ac4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:40:25.0886 0x0ac4  FontCache3.0.0.0 - ok
12:40:25.0886 0x0ac4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:40:25.0886 0x0ac4  FsDepends - ok
12:40:25.0902 0x0ac4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:40:25.0902 0x0ac4  Fs_Rec - ok
12:40:25.0917 0x0ac4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:40:25.0933 0x0ac4  fvevol - ok
12:40:25.0933 0x0ac4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:40:25.0933 0x0ac4  gagp30kx - ok
12:40:25.0980 0x0ac4  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:40:25.0980 0x0ac4  GEARAspiWDM - ok
12:40:26.0073 0x0ac4  [ 34E75903D327D9D02AA5F92F87C808EF, D43C5085C1D265DA7516EFE893002CE02CAA515AA9B5C2A080F75C78048688C1 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
12:40:26.0104 0x0ac4  GfExperienceService - ok
12:40:26.0136 0x0ac4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:40:26.0167 0x0ac4  gpsvc - ok
12:40:26.0214 0x0ac4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:40:26.0214 0x0ac4  gupdate - ok
12:40:26.0229 0x0ac4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:40:26.0229 0x0ac4  gupdatem - ok
12:40:26.0245 0x0ac4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:40:26.0276 0x0ac4  hcw85cir - ok
12:40:26.0292 0x0ac4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:40:26.0323 0x0ac4  HdAudAddService - ok
12:40:26.0338 0x0ac4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:40:26.0354 0x0ac4  HDAudBus - ok
12:40:26.0370 0x0ac4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:40:26.0370 0x0ac4  HidBatt - ok
12:40:26.0385 0x0ac4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:40:26.0401 0x0ac4  HidBth - ok
12:40:26.0416 0x0ac4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:40:26.0416 0x0ac4  HidIr - ok
12:40:26.0432 0x0ac4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
12:40:26.0448 0x0ac4  hidserv - ok
12:40:26.0463 0x0ac4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:40:26.0479 0x0ac4  HidUsb - ok
12:40:26.0494 0x0ac4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:40:26.0526 0x0ac4  hkmsvc - ok
12:40:26.0541 0x0ac4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:40:26.0557 0x0ac4  HomeGroupListener - ok
12:40:26.0572 0x0ac4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:40:26.0588 0x0ac4  HomeGroupProvider - ok
12:40:26.0604 0x0ac4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:40:26.0604 0x0ac4  HpSAMD - ok
12:40:26.0619 0x0ac4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:40:26.0666 0x0ac4  HTTP - ok
12:40:26.0682 0x0ac4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:40:26.0697 0x0ac4  hwpolicy - ok
12:40:26.0697 0x0ac4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:40:26.0713 0x0ac4  i8042prt - ok
12:40:26.0728 0x0ac4  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:40:26.0744 0x0ac4  iaStorV - ok
12:40:26.0791 0x0ac4  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:40:26.0822 0x0ac4  idsvc - ok
12:40:26.0822 0x0ac4  IEEtwCollectorService - ok
12:40:26.0900 0x0ac4  [ C38AFE18A40ADF005647090DD3AC24F3, 302810C31B005DD4C9143233AB5B4F332C62AD866A7C7AB0E8F8F81AE1766B11 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
12:40:27.0009 0x0ac4  igfx - ok
12:40:27.0025 0x0ac4  [ 7A510A9AFC7955DEE63F8DC243E31292, 13906F6212F4C116BE224F2A8AFFF089ACFED8F543E26FC6208FF38463366173 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
12:40:27.0040 0x0ac4  igfxCUIService1.0.0.0 - ok
12:40:27.0056 0x0ac4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:40:27.0056 0x0ac4  iirsp - ok
12:40:27.0087 0x0ac4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:40:27.0118 0x0ac4  IKEEXT - ok
12:40:27.0212 0x0ac4  [ 39246F2CFBF1D32C3A12E242661EC039, EADF06D9B142844C16C2B0E412D708DB02BA07E2CD96BBFB2F0984DD6BB63E28 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:40:27.0306 0x0ac4  IntcAzAudAddService - ok
12:40:27.0306 0x0ac4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:40:27.0321 0x0ac4  intelide - ok
12:40:27.0321 0x0ac4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:40:27.0337 0x0ac4  intelppm - ok
12:40:27.0352 0x0ac4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:40:27.0384 0x0ac4  IPBusEnum - ok
12:40:27.0399 0x0ac4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:40:27.0415 0x0ac4  IpFilterDriver - ok
12:40:27.0446 0x0ac4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:40:27.0493 0x0ac4  iphlpsvc - ok
12:40:27.0493 0x0ac4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:40:27.0524 0x0ac4  IPMIDRV - ok
12:40:27.0540 0x0ac4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:40:27.0571 0x0ac4  IPNAT - ok
12:40:27.0602 0x0ac4  [ 635F7587F7576AA14871B850EB95BFB8, 75CB8F4D511964BB9104E93EF31D2DDF1227DACE1EDB9DE25AE9719835B6C34B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:40:27.0618 0x0ac4  iPod Service - ok
12:40:27.0649 0x0ac4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:40:27.0649 0x0ac4  IRENUM - ok
12:40:27.0664 0x0ac4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:40:27.0664 0x0ac4  isapnp - ok
12:40:27.0696 0x0ac4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:40:27.0696 0x0ac4  iScsiPrt - ok
12:40:27.0727 0x0ac4  [ 897B93573F07C9CB1140516DAC44BC7E, C80665FEA4913DDC72F2140EC92CD4FA5D693BD8D0E4029A99DB96D63172E3D1 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
12:40:27.0742 0x0ac4  iusb3hcs - ok
12:40:27.0742 0x0ac4  [ 2D15CEDF619796002E8640F73A4BF920, FCC0137CB5AE32266A550EE46106B80F431F0B55342599951B9D032F8EA10649 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
12:40:27.0758 0x0ac4  iusb3hub - ok
12:40:27.0789 0x0ac4  [ F1E93FE111924D0BC853155AADF8048B, 2DFD5B3D042286A0FD5E482C81FAE339E4F05C0A6DFF43061D8502C4551125F7 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
12:40:27.0820 0x0ac4  iusb3xhc - ok
12:40:27.0836 0x0ac4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:40:27.0836 0x0ac4  kbdclass - ok
12:40:27.0852 0x0ac4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:40:27.0867 0x0ac4  kbdhid - ok
12:40:27.0883 0x0ac4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
12:40:27.0898 0x0ac4  KeyIso - ok
12:40:27.0914 0x0ac4  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:40:27.0930 0x0ac4  KSecDD - ok
12:40:27.0930 0x0ac4  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:40:27.0945 0x0ac4  KSecPkg - ok
12:40:27.0945 0x0ac4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:40:27.0976 0x0ac4  ksthunk - ok
12:40:27.0992 0x0ac4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:40:28.0008 0x0ac4  KtmRm - ok
12:40:28.0039 0x0ac4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:40:28.0054 0x0ac4  LanmanServer - ok
12:40:28.0086 0x0ac4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:40:28.0101 0x0ac4  LanmanWorkstation - ok
12:40:28.0132 0x0ac4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:40:28.0148 0x0ac4  lltdio - ok
12:40:28.0164 0x0ac4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:40:28.0195 0x0ac4  lltdsvc - ok
12:40:28.0195 0x0ac4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:40:28.0210 0x0ac4  lmhosts - ok
12:40:28.0242 0x0ac4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:40:28.0242 0x0ac4  LSI_FC - ok
12:40:28.0273 0x0ac4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:40:28.0273 0x0ac4  LSI_SAS - ok
12:40:28.0288 0x0ac4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:40:28.0288 0x0ac4  LSI_SAS2 - ok
12:40:28.0304 0x0ac4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:40:28.0320 0x0ac4  LSI_SCSI - ok
12:40:28.0335 0x0ac4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:40:28.0351 0x0ac4  luafv - ok
12:40:28.0382 0x0ac4  [ 5C3669B71657F22E67A1D4BD49D2CBE7, 7CAE59AA6CA9CBBD70BBD707A155FB169BF3F71096275BF7C0F415B6A092C671 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:40:28.0382 0x0ac4  MBAMProtector - ok
12:40:28.0429 0x10b8  Object send P2P result: true
12:40:28.0444 0x0ac4  [ 6D8A2EE4244630B290A837E79C0F37A1, 6783BBC0BDC93E4D6D43531A1AD0DF5CD26C3BBFA6384927C5CF65AD97FB04AD ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
12:40:28.0476 0x0ac4  MBAMScheduler - ok
12:40:28.0507 0x0ac4  [ 09D4503CBB6ADB3A54E7C7A75090B728, 6139EA3338FD64205481EDEC813A44F8D395FDA7B67AA431DA61F3631C3EDAE6 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
12:40:28.0538 0x0ac4  MBAMService - ok
12:40:28.0569 0x0ac4  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
12:40:28.0569 0x0ac4  MBAMSwissArmy - ok
12:40:28.0616 0x0ac4  [ 95EF63A7827D4E3A229CBBCB42619E93, FA38DD035B2C4FC82B60868F49D45A39FBBC96096AAD5A2C8BD752A250255BA7 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
12:40:28.0616 0x0ac4  MBAMWebAccessControl - ok
12:40:28.0632 0x0ac4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:40:28.0647 0x0ac4  Mcx2Svc - ok
12:40:28.0647 0x0ac4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:40:28.0663 0x0ac4  megasas - ok
12:40:28.0678 0x0ac4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:40:28.0694 0x0ac4  MegaSR - ok
12:40:28.0710 0x0ac4  [ 2BB3EAE2EA641515D4B205CAB29E1624, D3F18EE393EB1B0F919484281269A3C55A092D023E62C59D74CB63A55612024B ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
12:40:28.0725 0x0ac4  MEIx64 - ok
12:40:28.0725 0x0ac4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:40:28.0757 0x0ac4  MMCSS - ok
12:40:28.0757 0x0ac4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:40:28.0789 0x0ac4  Modem - ok
12:40:28.0804 0x0ac4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:40:28.0820 0x0ac4  monitor - ok
12:40:28.0835 0x0ac4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:40:28.0835 0x0ac4  mouclass - ok
12:40:28.0851 0x0ac4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:40:28.0867 0x0ac4  mouhid - ok
12:40:28.0882 0x0ac4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:40:28.0898 0x0ac4  mountmgr - ok
12:40:28.0913 0x0ac4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:40:28.0913 0x0ac4  mpio - ok
12:40:28.0945 0x0ac4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:40:28.0960 0x0ac4  mpsdrv - ok
12:40:28.0976 0x0ac4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:40:29.0023 0x0ac4  MpsSvc - ok
12:40:29.0038 0x0ac4  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:40:29.0054 0x0ac4  MRxDAV - ok
12:40:29.0069 0x0ac4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:40:29.0101 0x0ac4  mrxsmb - ok
12:40:29.0116 0x0ac4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:40:29.0116 0x0ac4  mrxsmb10 - ok
12:40:29.0132 0x0ac4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:40:29.0132 0x0ac4  mrxsmb20 - ok
12:40:29.0147 0x0ac4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:40:29.0163 0x0ac4  msahci - ok
12:40:29.0163 0x0ac4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:40:29.0179 0x0ac4  msdsm - ok
12:40:29.0194 0x0ac4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:40:29.0194 0x0ac4  MSDTC - ok
12:40:29.0225 0x0ac4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:40:29.0241 0x0ac4  Msfs - ok
12:40:29.0241 0x0ac4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:40:29.0272 0x0ac4  mshidkmdf - ok
12:40:29.0272 0x0ac4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:40:29.0288 0x0ac4  msisadrv - ok
12:40:29.0288 0x0ac4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:40:29.0335 0x0ac4  MSiSCSI - ok
12:40:29.0335 0x0ac4  msiserver - ok
12:40:29.0350 0x0ac4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:40:29.0366 0x0ac4  MSKSSRV - ok
12:40:29.0381 0x0ac4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:40:29.0413 0x0ac4  MSPCLOCK - ok
12:40:29.0413 0x0ac4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:40:29.0444 0x0ac4  MSPQM - ok
12:40:29.0459 0x0ac4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:40:29.0475 0x0ac4  MsRPC - ok
12:40:29.0475 0x0ac4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:40:29.0475 0x0ac4  mssmbios - ok
12:40:29.0491 0x0ac4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:40:29.0522 0x0ac4  MSTEE - ok
12:40:29.0522 0x0ac4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:40:29.0537 0x0ac4  MTConfig - ok
12:40:29.0553 0x0ac4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:40:29.0553 0x0ac4  Mup - ok
12:40:29.0584 0x0ac4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:40:29.0615 0x0ac4  napagent - ok
12:40:29.0631 0x0ac4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:40:29.0647 0x0ac4  NativeWifiP - ok
12:40:29.0693 0x0ac4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:40:29.0709 0x0ac4  NDIS - ok
12:40:29.0725 0x0ac4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:40:29.0740 0x0ac4  NdisCap - ok
12:40:29.0771 0x0ac4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:40:29.0787 0x0ac4  NdisTapi - ok
12:40:29.0803 0x0ac4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:40:29.0818 0x0ac4  Ndisuio - ok
12:40:29.0834 0x0ac4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:40:29.0865 0x0ac4  NdisWan - ok
12:40:29.0865 0x0ac4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:40:29.0896 0x0ac4  NDProxy - ok
12:40:29.0896 0x0ac4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:40:29.0927 0x0ac4  NetBIOS - ok
12:40:29.0943 0x0ac4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:40:29.0959 0x0ac4  NetBT - ok
12:40:29.0974 0x0ac4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
12:40:29.0990 0x0ac4  Netlogon - ok
12:40:30.0021 0x0ac4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:40:30.0037 0x0ac4  Netman - ok
12:40:30.0068 0x0ac4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:40:30.0083 0x0ac4  NetMsmqActivator - ok
12:40:30.0083 0x0ac4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:40:30.0099 0x0ac4  NetPipeActivator - ok
12:40:30.0099 0x0ac4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:40:30.0130 0x0ac4  netprofm - ok
12:40:30.0146 0x0ac4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:40:30.0161 0x0ac4  NetTcpActivator - ok
12:40:30.0161 0x0ac4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:40:30.0161 0x0ac4  NetTcpPortSharing - ok
12:40:30.0177 0x0ac4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:40:30.0193 0x0ac4  nfrd960 - ok
12:40:30.0208 0x0ac4  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:40:30.0224 0x0ac4  NlaSvc - ok
12:40:30.0239 0x0ac4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:40:30.0255 0x0ac4  Npfs - ok
12:40:30.0255 0x0ac4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:40:30.0271 0x0ac4  nsi - ok
12:40:30.0286 0x0ac4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:40:30.0302 0x0ac4  nsiproxy - ok
12:40:30.0349 0x0ac4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:40:30.0395 0x0ac4  Ntfs - ok
12:40:30.0411 0x0ac4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:40:30.0427 0x0ac4  Null - ok
12:40:30.0427 0x0ac4  NVHDA - ok
12:40:30.0734 0x0ac4  [ FDB03499693DEFD0B6754264C187F967, 7A011832868A685E37DFA7815AABABD7BE14D7E4F05FE1F5349E5BC96AA1DE82 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:40:30.0984 0x0ac4  nvlddmkm - ok
12:40:31.0062 0x0ac4  [ 9EA1D43D68AAAE216CDA9C89CEF24D9E, 6554DD56EA804BC69EA5B50FA5F7CCCE790B5CC650F17DF5C474BEF7E5C99990 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
12:40:31.0093 0x0ac4  NvNetworkService - ok
12:40:31.0124 0x0ac4  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:40:31.0140 0x0ac4  nvraid - ok
12:40:31.0140 0x0ac4  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:40:31.0155 0x0ac4  nvstor - ok
12:40:31.0186 0x0ac4  [ 63734B0FBD8E6DAF841AD3DD47DEFFFB, 8D458301C8349591C5649E53D7DA6C67D71FF3C82B2ADF426231DE208ECF85ED ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
12:40:31.0186 0x0ac4  NvStreamKms - ok
12:40:31.0530 0x0ac4  [ 8EB877DD871935DF1074BFF18CB301AB, 44B94840E24BF83D445C516756F78DAF4CF9C665B74A318AF3A6C5648DF8C45D ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
12:40:31.0842 0x0ac4  NvStreamSvc - ok
12:40:31.0888 0x0ac4  [ C135A25E8CF21EB631AB041ABB1F73EA, D0A3DC0411E888D0934B7579EEB980FA7824E3F22F70819A33411D8B8BC9EE42 ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:40:31.0920 0x0ac4  nvsvc - ok
12:40:31.0935 0x0ac4  [ 1FE5C1F4CCA8EAEA75C90FB2A85D9CC3, 4C3C36ADC9EC0FDED3E3FFC7918680B643652AD39458FAA8525392DAD0ABD845 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
12:40:31.0951 0x0ac4  nvvad_WaveExtensible - ok
12:40:31.0966 0x0ac4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:40:31.0966 0x0ac4  nv_agp - ok
12:40:31.0982 0x0ac4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:40:31.0982 0x0ac4  ohci1394 - ok
12:40:32.0013 0x0ac4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:40:32.0013 0x0ac4  ose - ok
12:40:32.0154 0x0ac4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:40:32.0247 0x0ac4  osppsvc - ok
12:40:32.0278 0x0ac4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:40:32.0310 0x0ac4  p2pimsvc - ok
12:40:32.0341 0x0ac4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:40:32.0356 0x0ac4  p2psvc - ok
12:40:32.0356 0x0ac4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:40:32.0372 0x0ac4  Parport - ok
12:40:32.0388 0x0ac4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:40:32.0403 0x0ac4  partmgr - ok
12:40:32.0403 0x0ac4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:40:32.0419 0x0ac4  PcaSvc - ok
12:40:32.0434 0x0ac4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
12:40:32.0450 0x0ac4  pci - ok
12:40:32.0466 0x0ac4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:40:32.0466 0x0ac4  pciide - ok
12:40:32.0481 0x0ac4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:40:32.0481 0x0ac4  pcmcia - ok
12:40:32.0497 0x0ac4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:40:32.0497 0x0ac4  pcw - ok
12:40:32.0512 0x0ac4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:40:32.0559 0x0ac4  PEAUTH - ok
12:40:32.0606 0x0ac4  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:40:32.0668 0x0ac4  PeerDistSvc - ok
12:40:32.0731 0x0ac4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:40:32.0731 0x0ac4  PerfHost - ok
12:40:32.0765 0x0ac4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
12:40:32.0827 0x0ac4  pla - ok
12:40:32.0859 0x0ac4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:40:32.0890 0x0ac4  PlugPlay - ok
12:40:32.0905 0x0ac4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:40:32.0905 0x0ac4  PNRPAutoReg - ok
12:40:32.0921 0x0ac4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:40:32.0921 0x0ac4  PNRPsvc - ok
12:40:32.0968 0x0ac4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:40:32.0999 0x0ac4  PolicyAgent - ok
12:40:33.0015 0x0ac4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
12:40:33.0046 0x0ac4  Power - ok
12:40:33.0061 0x0ac4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:40:33.0077 0x0ac4  PptpMiniport - ok
12:40:33.0093 0x0ac4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
12:40:33.0108 0x0ac4  Processor - ok
12:40:33.0124 0x0ac4  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:40:33.0155 0x0ac4  ProfSvc - ok
12:40:33.0155 0x0ac4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:40:33.0171 0x0ac4  ProtectedStorage - ok
12:40:33.0171 0x0ac4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:40:33.0202 0x0ac4  Psched - ok
12:40:33.0249 0x0ac4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:40:33.0280 0x0ac4  ql2300 - ok
12:40:33.0295 0x0ac4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:40:33.0311 0x0ac4  ql40xx - ok
12:40:33.0327 0x0ac4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:40:33.0342 0x0ac4  QWAVE - ok
12:40:33.0358 0x0ac4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:40:33.0358 0x0ac4  QWAVEdrv - ok
12:40:33.0373 0x0ac4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:40:33.0389 0x0ac4  RasAcd - ok
12:40:33.0405 0x0ac4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:40:33.0420 0x0ac4  RasAgileVpn - ok
12:40:33.0436 0x0ac4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:40:33.0467 0x0ac4  RasAuto - ok
12:40:33.0483 0x0ac4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:40:33.0498 0x0ac4  Rasl2tp - ok
12:40:33.0514 0x0ac4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:40:33.0529 0x0ac4  RasMan - ok
12:40:33.0545 0x0ac4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:40:33.0561 0x0ac4  RasPppoe - ok
12:40:33.0576 0x0ac4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:40:33.0592 0x0ac4  RasSstp - ok
12:40:33.0607 0x0ac4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:40:33.0623 0x0ac4  rdbss - ok
12:40:33.0639 0x0ac4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:40:33.0654 0x0ac4  rdpbus - ok
12:40:33.0654 0x0ac4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:40:33.0670 0x0ac4  RDPCDD - ok
12:40:33.0685 0x0ac4  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:40:33.0717 0x0ac4  RDPDR - ok
12:40:33.0717 0x0ac4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:40:33.0748 0x0ac4  RDPENCDD - ok
12:40:33.0763 0x0ac4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:40:33.0779 0x0ac4  RDPREFMP - ok
12:40:33.0810 0x0ac4  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:40:33.0826 0x0ac4  RdpVideoMiniport - ok
12:40:33.0857 0x0ac4  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:40:33.0873 0x0ac4  RDPWD - ok
12:40:33.0888 0x0ac4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:40:33.0888 0x0ac4  rdyboost - ok
12:40:33.0919 0x0ac4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:40:33.0935 0x0ac4  RemoteAccess - ok
12:40:33.0951 0x0ac4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:40:33.0966 0x0ac4  RemoteRegistry - ok
12:40:33.0997 0x0ac4  [ 7B04C9843921AB1F695FB395422C5360, C9B02BE0384357FD242613C2A12029B45322AF9A795CD69F33500CA7530899A7 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:40:34.0013 0x0ac4  RimUsb - ok
12:40:34.0029 0x0ac4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:40:34.0044 0x0ac4  RpcEptMapper - ok
12:40:34.0060 0x0ac4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:40:34.0060 0x0ac4  RpcLocator - ok
12:40:34.0075 0x0ac4  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
12:40:34.0107 0x0ac4  RpcSs - ok
12:40:34.0107 0x0ac4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:40:34.0138 0x0ac4  rspndr - ok
12:40:34.0169 0x0ac4  [ B358C047E081AC70035017BD1D7ED818, D52455156F2913C5A88B18EC76C4C10B3589FE95F9735DD687A0307FA00FF500 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
12:40:34.0200 0x0ac4  RTL8167 - ok
12:40:34.0216 0x0ac4  [ E4E034F79D88B34C5B4BA28BAE2259F7, A48E0ACFE75F92793E1961D108242A0B6B890ED8541757B7BF7EAAC1D6E963C1 ] RzKLService     C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
12:40:34.0216 0x0ac4  RzKLService - ok
12:40:34.0231 0x0ac4  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:40:34.0247 0x0ac4  s3cap - ok
12:40:34.0263 0x0ac4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
12:40:34.0263 0x0ac4  SamSs - ok
12:40:34.0278 0x0ac4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:40:34.0278 0x0ac4  sbp2port - ok
12:40:34.0309 0x0ac4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:40:34.0341 0x0ac4  SCardSvr - ok
12:40:34.0341 0x0ac4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:40:34.0372 0x0ac4  scfilter - ok
12:40:34.0403 0x0ac4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
12:40:34.0450 0x0ac4  Schedule - ok
12:40:34.0465 0x0ac4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:40:34.0481 0x0ac4  SCPolicySvc - ok
12:40:34.0497 0x0ac4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:40:34.0512 0x0ac4  SDRSVC - ok
12:40:34.0528 0x0ac4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:40:34.0543 0x0ac4  secdrv - ok
12:40:34.0559 0x0ac4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
12:40:34.0575 0x0ac4  seclogon - ok
12:40:34.0575 0x0ac4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
12:40:34.0606 0x0ac4  SENS - ok
12:40:34.0606 0x0ac4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:40:34.0637 0x0ac4  SensrSvc - ok
12:40:34.0653 0x0ac4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:40:34.0653 0x0ac4  Serenum - ok
12:40:34.0684 0x0ac4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:40:34.0684 0x0ac4  Serial - ok
12:40:34.0699 0x0ac4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:40:34.0715 0x0ac4  sermouse - ok
12:40:34.0715 0x0ac4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:40:34.0746 0x0ac4  SessionEnv - ok
12:40:34.0762 0x0ac4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:40:34.0762 0x0ac4  sffdisk - ok
12:40:34.0778 0x0ac4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:40:34.0794 0x0ac4  sffp_mmc - ok
12:40:34.0810 0x0ac4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:40:34.0825 0x0ac4  sffp_sd - ok
12:40:34.0841 0x0ac4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:40:34.0856 0x0ac4  sfloppy - ok
12:40:34.0872 0x0ac4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:40:34.0888 0x0ac4  SharedAccess - ok
12:40:34.0919 0x0ac4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:40:34.0934 0x0ac4  ShellHWDetection - ok
12:40:34.0950 0x0ac4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:40:34.0950 0x0ac4  SiSRaid2 - ok
12:40:34.0966 0x0ac4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:40:34.0966 0x0ac4  SiSRaid4 - ok
12:40:35.0012 0x0ac4  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:40:35.0028 0x0ac4  SkypeUpdate - ok
12:40:35.0044 0x0ac4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:40:35.0075 0x0ac4  Smb - ok
12:40:35.0090 0x0ac4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:40:35.0090 0x0ac4  SNMPTRAP - ok
12:40:35.0106 0x0ac4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:40:35.0106 0x0ac4  spldr - ok
12:40:35.0122 0x0ac4  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
12:40:35.0153 0x0ac4  Spooler - ok
12:40:35.0231 0x0ac4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:40:35.0340 0x0ac4  sppsvc - ok
12:40:35.0356 0x0ac4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:40:35.0371 0x0ac4  sppuinotify - ok
12:40:35.0402 0x0ac4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:40:35.0418 0x0ac4  srv - ok
12:40:35.0434 0x0ac4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:40:35.0449 0x0ac4  srv2 - ok
12:40:35.0465 0x0ac4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:40:35.0480 0x0ac4  srvnet - ok
12:40:35.0496 0x0ac4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:40:35.0512 0x0ac4  SSDPSRV - ok
12:40:35.0527 0x0ac4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:40:35.0543 0x0ac4  SstpSvc - ok
12:40:35.0574 0x0ac4  [ F38232291F05CE25BA1C47FB51EB64CB, 7F72E87D02F3072E0D61D528BEBB8F4BFB6AD67FC94A93745493C9A0907FF435 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:40:35.0574 0x0ac4  ssudmdm - ok
12:40:35.0590 0x0ac4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:40:35.0590 0x0ac4  stexstor - ok
12:40:35.0621 0x0ac4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:40:35.0652 0x0ac4  stisvc - ok
12:40:35.0668 0x0ac4  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:40:35.0668 0x0ac4  storflt - ok
12:40:35.0683 0x0ac4  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:40:35.0699 0x0ac4  storvsc - ok
12:40:35.0699 0x0ac4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:40:35.0714 0x0ac4  swenum - ok
12:40:35.0792 0x0ac4  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:40:35.0808 0x0ac4  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
12:40:38.0540 0x0ac4  Detect skipped due to KSN trusted
12:40:38.0540 0x0ac4  SwitchBoard - ok
12:40:38.0555 0x0ac4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:40:38.0587 0x0ac4  swprv - ok
12:40:38.0602 0x0ac4  [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
12:40:38.0602 0x0ac4  Synth3dVsc - ok
12:40:38.0646 0x0ac4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
12:40:38.0693 0x0ac4  SysMain - ok
12:40:38.0693 0x0ac4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:40:38.0719 0x0ac4  TabletInputService - ok
12:40:38.0756 0x0ac4  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
12:40:38.0763 0x0ac4  tap0901 - ok
12:40:38.0774 0x0ac4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:40:38.0805 0x0ac4  TapiSrv - ok
12:40:38.0817 0x0ac4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
12:40:38.0837 0x0ac4  TBS - ok
12:40:38.0888 0x0ac4  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:40:38.0940 0x0ac4  Tcpip - ok
12:40:38.0987 0x0ac4  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:40:39.0020 0x0ac4  TCPIP6 - ok
12:40:39.0042 0x0ac4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:40:39.0048 0x0ac4  tcpipreg - ok
12:40:39.0055 0x0ac4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:40:39.0080 0x0ac4  TDPIPE - ok
12:40:39.0099 0x0ac4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:40:39.0105 0x0ac4  TDTCP - ok
12:40:39.0115 0x0ac4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:40:39.0130 0x0ac4  tdx - ok
12:40:39.0145 0x0ac4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:40:39.0145 0x0ac4  TermDD - ok
12:40:39.0161 0x0ac4  [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
12:40:39.0177 0x0ac4  terminpt - ok
12:40:39.0177 0x0ac4  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
12:40:39.0208 0x0ac4  TermService - ok
12:40:39.0223 0x0ac4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:40:39.0223 0x0ac4  Themes - ok
12:40:39.0255 0x0ac4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:40:39.0270 0x0ac4  THREADORDER - ok
12:40:39.0286 0x0ac4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:40:39.0301 0x0ac4  TrkWks - ok
12:40:39.0333 0x0ac4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:40:39.0348 0x0ac4  TrustedInstaller - ok
12:40:39.0381 0x0ac4  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:40:39.0397 0x0ac4  tssecsrv - ok
12:40:39.0413 0x0ac4  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:40:39.0428 0x0ac4  TsUsbFlt - ok
12:40:39.0459 0x0ac4  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:40:39.0475 0x0ac4  TsUsbGD - ok
12:40:39.0491 0x0ac4  [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
12:40:39.0506 0x0ac4  tsusbhub - ok
12:40:39.0522 0x0ac4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:40:39.0537 0x0ac4  tunnel - ok
12:40:39.0569 0x0ac4  [ 798A78C8049CE51E6197A9F757D2878A, 1C9D00B8ACE8E5C2F7C958EB3FB75CE145312917FC609E077D60A4F8138BC05F ] TunnelBearMaintenance C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe
12:40:39.0569 0x0ac4  TunnelBearMaintenance - ok
12:40:39.0584 0x0ac4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:40:39.0584 0x0ac4  uagp35 - ok
12:40:39.0600 0x0ac4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:40:39.0631 0x0ac4  udfs - ok
12:40:39.0631 0x0ac4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:40:39.0647 0x0ac4  UI0Detect - ok
12:40:39.0662 0x0ac4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:40:39.0662 0x0ac4  uliagpkx - ok
12:40:39.0678 0x0ac4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:40:39.0693 0x0ac4  umbus - ok
12:40:39.0693 0x0ac4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:40:39.0709 0x0ac4  UmPass - ok
12:40:39.0740 0x0ac4  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
12:40:39.0756 0x0ac4  UmRdpService - ok
12:40:39.0771 0x0ac4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:40:39.0803 0x0ac4  upnphost - ok
12:40:39.0834 0x0ac4  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:40:39.0849 0x0ac4  USBAAPL64 - ok
12:40:39.0881 0x0ac4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:40:39.0896 0x0ac4  usbccgp - ok
12:40:39.0912 0x0ac4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:40:39.0943 0x0ac4  usbcir - ok
12:40:39.0959 0x0ac4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:40:39.0974 0x0ac4  usbehci - ok
12:40:39.0990 0x0ac4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:40:40.0005 0x0ac4  usbhub - ok
12:40:40.0021 0x0ac4  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:40:40.0021 0x0ac4  usbohci - ok
12:40:40.0021 0x0ac4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
12:40:40.0037 0x0ac4  usbprint - ok
12:40:40.0052 0x0ac4  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:40:40.0068 0x0ac4  USBSTOR - ok
12:40:40.0068 0x0ac4  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:40:40.0083 0x0ac4  usbuhci - ok
12:40:40.0099 0x0ac4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
12:40:40.0115 0x0ac4  UxSms - ok
12:40:40.0115 0x0ac4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
12:40:40.0130 0x0ac4  VaultSvc - ok
12:40:40.0130 0x0ac4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:40:40.0130 0x0ac4  vdrvroot - ok
12:40:40.0161 0x0ac4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
12:40:40.0177 0x0ac4  vds - ok
12:40:40.0193 0x0ac4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:40:40.0193 0x0ac4  vga - ok
12:40:40.0208 0x0ac4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:40:40.0224 0x0ac4  VgaSave - ok
12:40:40.0224 0x0ac4  VGPU - ok
12:40:40.0239 0x0ac4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:40:40.0255 0x0ac4  vhdmp - ok
12:40:40.0271 0x0ac4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:40:40.0271 0x0ac4  viaide - ok
12:40:40.0302 0x0ac4  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:40:40.0302 0x0ac4  vmbus - ok
12:40:40.0317 0x0ac4  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:40:40.0333 0x0ac4  VMBusHID - ok
12:40:40.0349 0x0ac4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:40:40.0349 0x0ac4  volmgr - ok
12:40:40.0364 0x0ac4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:40:40.0364 0x0ac4  volmgrx - ok
12:40:40.0380 0x0ac4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:40:40.0395 0x0ac4  volsnap - ok
12:40:40.0395 0x0ac4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:40:40.0411 0x0ac4  vsmraid - ok
12:40:40.0458 0x0ac4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
12:40:40.0520 0x0ac4  VSS - ok
12:40:40.0536 0x0ac4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:40:40.0551 0x0ac4  vwifibus - ok
12:40:40.0567 0x0ac4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
12:40:40.0598 0x0ac4  W32Time - ok
12:40:40.0614 0x0ac4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:40:40.0629 0x0ac4  WacomPen - ok
12:40:40.0645 0x0ac4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:40:40.0692 0x0ac4  WANARP - ok
12:40:40.0692 0x0ac4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:40:40.0707 0x0ac4  Wanarpv6 - ok
12:40:40.0739 0x0ac4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:40:40.0820 0x0ac4  wbengine - ok
12:40:40.0835 0x0ac4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:40:40.0851 0x0ac4  WbioSrvc - ok
12:40:40.0851 0x0ac4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:40:40.0882 0x0ac4  wcncsvc - ok
12:40:40.0898 0x0ac4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:40:40.0929 0x0ac4  WcsPlugInService - ok
12:40:40.0929 0x0ac4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
12:40:40.0944 0x0ac4  Wd - ok
12:40:40.0976 0x0ac4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:40:40.0991 0x0ac4  Wdf01000 - ok
12:40:41.0007 0x0ac4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:40:41.0069 0x0ac4  WdiServiceHost - ok
12:40:41.0069 0x0ac4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:40:41.0085 0x0ac4  WdiSystemHost - ok
12:40:41.0085 0x0ac4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
12:40:41.0100 0x0ac4  WebClient - ok
12:40:41.0116 0x0ac4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:40:41.0147 0x0ac4  Wecsvc - ok
12:40:41.0163 0x0ac4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:40:41.0178 0x0ac4  wercplsupport - ok
12:40:41.0194 0x0ac4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:40:41.0210 0x0ac4  WerSvc - ok
12:40:41.0225 0x0ac4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:40:41.0241 0x0ac4  WfpLwf - ok
12:40:41.0241 0x0ac4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:40:41.0256 0x0ac4  WIMMount - ok
12:40:41.0272 0x0ac4  WinDefend - ok
12:40:41.0272 0x0ac4  WinHttpAutoProxySvc - ok
12:40:41.0303 0x0ac4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:40:41.0334 0x0ac4  Winmgmt - ok
12:40:41.0366 0x0ac4  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:40:41.0444 0x0ac4  WinRM - ok
12:40:41.0475 0x0ac4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:40:41.0490 0x0ac4  WinUsb - ok
12:40:41.0506 0x0ac4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:40:41.0553 0x0ac4  Wlansvc - ok
12:40:41.0553 0x0ac4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:40:41.0584 0x0ac4  WmiAcpi - ok
12:40:41.0600 0x0ac4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:40:41.0615 0x0ac4  wmiApSrv - ok
12:40:41.0615 0x0ac4  WMPNetworkSvc - ok
12:40:41.0631 0x0ac4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:40:41.0646 0x0ac4  WPCSvc - ok
12:40:41.0662 0x0ac4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:40:41.0678 0x0ac4  WPDBusEnum - ok
12:40:41.0678 0x0ac4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:40:41.0709 0x0ac4  ws2ifsl - ok
12:40:41.0724 0x0ac4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
12:40:41.0740 0x0ac4  wscsvc - ok
12:40:41.0740 0x0ac4  WSearch - ok
12:40:41.0802 0x0ac4  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:40:41.0849 0x0ac4  wuauserv - ok
12:40:41.0880 0x0ac4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:40:41.0896 0x0ac4  WudfPf - ok
12:40:41.0912 0x0ac4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:40:41.0927 0x0ac4  WUDFRd - ok
12:40:41.0943 0x0ac4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:40:41.0958 0x0ac4  wudfsvc - ok
12:40:41.0990 0x0ac4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:40:42.0021 0x0ac4  WwanSvc - ok
12:40:42.0021 0x0ac4  ================ Scan global ===============================
12:40:42.0036 0x0ac4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:40:42.0052 0x0ac4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:40:42.0068 0x0ac4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:40:42.0083 0x0ac4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:40:42.0083 0x0ac4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:40:42.0099 0x0ac4  [ Global ] - ok
12:40:42.0099 0x0ac4  ================ Scan MBR ==================================
12:40:42.0114 0x0ac4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:40:42.0504 0x0ac4  \Device\Harddisk0\DR0 - ok
12:40:42.0504 0x0ac4  ================ Scan VBR ==================================
12:40:42.0520 0x0ac4  [ 22ABF58E9F7B295331FE14951B0D5A26 ] \Device\Harddisk0\DR0\Partition1
12:40:42.0551 0x0ac4  \Device\Harddisk0\DR0\Partition1 - ok
12:40:42.0551 0x0ac4  [ 9BCB7E181630CAD04E59B853FBE4941C ] \Device\Harddisk0\DR0\Partition2
12:40:42.0551 0x0ac4  \Device\Harddisk0\DR0\Partition2 - ok
12:40:42.0551 0x0ac4  ================ Scan generic autorun ======================
12:40:42.0645 0x0ac4  [ 90AC42BBCDF908DD576853CB5CACA761, DACDE2E100970229CA219D2640B483E955A22C45F34BC494BDF92F974C6DB611 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
12:40:42.0692 0x0ac4  NvBackend - ok
12:40:42.0707 0x0ac4  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
12:40:42.0723 0x0ac4  ShadowPlay - ok
12:40:42.0770 0x0ac4  [ 1315C5C5C54CE2AA37A155F97027DB59, 70CDA6AE7FF4FD08FAD931477C524957952EDC89985696FD988B9786A349C565 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
12:40:42.0770 0x0ac4  AdobeAAMUpdater-1.0 - ok
12:40:43.0023 0x0ac4  [ 47D99FEC44A9E082B2D761AB5A938CA8, FF8CAD5CD331A7DAFAA616C530F500E74663EC86BB832032D2EFD3F77EBF75FF ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
12:40:43.0210 0x0ac4  RtHDVCpl - ok
12:40:43.0257 0x0ac4  [ 0436F64FD296BE331B3BB0CE446548BF, 53A8F8E58F451A7B030AE61E30DBB9BDFD5342046674177941A838B66D80FD70 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
12:40:43.0257 0x0ac4  USB3MON - ok
12:40:43.0304 0x0ac4  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:40:43.0335 0x0ac4  Adobe ARM - ok
12:40:43.0366 0x0ac4  [ 356BD2D8FF8AA1283D3BBF875A696605, 0D9295B0E109808E28EEB58B72C5BCA64EF8F7C95F3D5D0D5FEB46BB8FA2BE92 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
12:40:43.0382 0x0ac4  KiesTrayAgent - ok
12:40:43.0413 0x0ac4  [ 545676F48851A5C65A38CAE5B5518C95, F7CD893B8198AA22347CB96A61C258217FA0A1B1CC1733784B5FD84A7B208264 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
12:40:43.0429 0x0ac4  APSDaemon - ok
12:40:43.0429 0x0ac4  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:40:43.0444 0x0ac4  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
12:40:43.0444 0x0ac4  Detect skipped due to KSN trusted
12:40:43.0444 0x0ac4  SwitchBoard - ok
12:40:43.0507 0x0ac4  [ 8FE651ACBA3344E645CFEB6286FFF6B8, ECE4DFFEB7EB0B19B6790FD0F619A5C4B23CA0BA9CC3F25924925F8EA07264B6 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
12:40:43.0522 0x0ac4  AdobeCS6ServiceManager - ok
12:40:43.0554 0x0ac4  [ D88B2D487439305A2EC308A6796C3044, 79DF0A41ECB08D5BEB3393B2BA15E6C88AD626803E1734EFBA0DBE4ECF7274D7 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
12:40:43.0569 0x0ac4  iTunesHelper - ok
12:40:43.0600 0x0ac4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:40:43.0647 0x0ac4  Sidebar - ok
12:40:43.0663 0x0ac4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:40:43.0694 0x0ac4  mctadmin - ok
12:40:43.0710 0x0ac4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:40:43.0725 0x0ac4  Sidebar - ok
12:40:43.0741 0x0ac4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:40:43.0741 0x0ac4  mctadmin - ok
12:40:43.0819 0x0ac4  [ B9D480BF6ABC51DD07769950629192D6, 424426563CA89378D4130DC20E18F5AA33A28E745DCDE727DE573E34CEB2922D ] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
12:40:43.0894 0x0ac4  DAEMON Tools Pro Agent - ok
12:40:44.0056 0x0ac4  [ 026F1C9189552AFC443F3250AFD25CA5, 23AC9719BFA064460385573BD8C6DE9A6F88BDE9B4393ABC180710675D4D909F ] C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe
12:40:44.0229 0x0ac4  iFunBox Price Watch - detected UnsignedFile.Multi.Generic ( 1 )
12:40:46.0923 0x0ac4  Detect skipped due to KSN trusted
12:40:46.0923 0x0ac4  iFunBox Price Watch - ok
12:40:46.0923 0x0ac4  Waiting for KSN requests completion. In queue: 105
12:40:47.0937 0x0ac4  Waiting for KSN requests completion. In queue: 105
12:40:48.0954 0x0ac4  Win FW state via NFP2: enabled
12:40:51.0633 0x0ac4  ============================================================
12:40:51.0633 0x0ac4  Scan finished
12:40:51.0633 0x0ac4  ============================================================
12:40:51.0633 0x1050  Detected object count: 0
12:40:51.0633 0x1050  Actual detected object count: 0
12:40:59.0625 0x1338  Deinitialize success


#15 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:47 AM

Posted 22 November 2014 - 07:29 AM

Hmm..nothing there with TDSSKiller. Please run a scan with FRST and post the log.

Edited by pystryker, 22 November 2014 - 01:02 PM.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users