Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads by PriceLess - Wont go away.


  • This topic is locked This topic is locked
20 replies to this topic

#1 Thunderfrog

Thunderfrog

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 20 November 2014 - 09:46 PM

# AdwCleaner v4.101 - Report created 20/11/2014 at 19:59:56
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kenny - KENNY-PC
# Running from : C:\Users\Kenny\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\WPM
Folder Deleted : C:\ProgramData\ea6e8fb18c25172c
Folder Deleted : C:\Program Files (x86)\MSR
Folder Deleted : C:\Program Files (x86)\LuckyTab
Folder Deleted : C:\Program Files\pcreg
Folder Deleted : C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\LuckyTab
Folder Deleted : C:\Users\Kenny\Documents\PC Speed Maximizer
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : LuckyTab
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\LuckyTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{75F9BF4A-AF67-A478-A37B-31D73186D3F3}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Google Chrome v38.0.2125.111
 
[C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : lifbcibllhkdhoafpjfnlhfpfgnpldfl
 
-\\ Chromium v
 
 
-\\ Comodo Dragon v
 
 
*************************
 
AdwCleaner[R0].txt - [2534 octets] - [20/11/2014 19:56:49]
AdwCleaner[S0].txt - [2420 octets] - [20/11/2014 19:59:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2480 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by Kenny on Thu 11/20/2014 at 19:52:25.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] pcregservice 
Successfully deleted: [Service] pcregservice 
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\Kenny\AppData\Roaming\v9"
Successfully deleted: [Folder] "C:\Users\Kenny\appdata\local\chromatic browser"
Successfully deleted: [Folder] "C:\Users\Kenny\appdata\local\torch"
Successfully deleted: [Folder] "C:\Program Files (x86)\bench"
Failed to delete: [Folder] "C:\Program Files (x86)\luckytab"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/20/2014 at 19:54:42.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
20:44:05.0221 0x0fd0  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
20:44:08.0901 0x0fd0  ============================================================
20:44:08.0901 0x0fd0  Current date / time: 2014/11/20 20:44:08.0901
20:44:08.0901 0x0fd0  SystemInfo:
20:44:08.0901 0x0fd0  
20:44:08.0901 0x0fd0  OS Version: 6.1.7601 ServicePack: 1.0
20:44:08.0901 0x0fd0  Product type: Workstation
20:44:08.0901 0x0fd0  ComputerName: KENNY-PC
20:44:08.0901 0x0fd0  UserName: Kenny
20:44:08.0901 0x0fd0  Windows directory: C:\Windows
20:44:08.0901 0x0fd0  System windows directory: C:\Windows
20:44:08.0901 0x0fd0  Running under WOW64
20:44:08.0901 0x0fd0  Processor architecture: Intel x64
20:44:08.0901 0x0fd0  Number of processors: 4
20:44:08.0901 0x0fd0  Page size: 0x1000
20:44:08.0901 0x0fd0  Boot type: Normal boot
20:44:08.0901 0x0fd0  ============================================================
20:44:09.0031 0x0fd0  KLMD registered as C:\Windows\system32\drivers\22725495.sys
20:44:10.0141 0x0fd0  System UUID: {89EB24B0-CF05-6201-69AB-0D7EF3BE177A}
20:44:10.0631 0x0fd0  Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:44:10.0651 0x0fd0  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 ( 1397.27 Gb ), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:44:10.0681 0x0fd0  ============================================================
20:44:10.0681 0x0fd0  \Device\Harddisk1\DR1:
20:44:10.0681 0x0fd0  MBR partitions:
20:44:10.0681 0x0fd0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x55EE6E0E
20:44:10.0681 0x0fd0  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x55EE6E4D, BlocksNum 0x165E4B4
20:44:10.0681 0x0fd0  \Device\Harddisk0\DR0:
20:44:10.0681 0x0fd0  MBR partitions:
20:44:10.0681 0x0fd0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:44:10.0681 0x0fd0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAEA54800
20:44:10.0681 0x0fd0  ============================================================
20:44:10.0701 0x0fd0  C: <-> \Device\Harddisk0\DR0\Partition2
20:44:10.0721 0x0fd0  E: <-> \Device\Harddisk1\DR1\Partition1
20:44:10.0781 0x0fd0  F: <-> \Device\Harddisk1\DR1\Partition2
20:44:10.0781 0x0fd0  ============================================================
20:44:10.0781 0x0fd0  Initialize success
20:44:10.0781 0x0fd0  ============================================================
20:44:14.0651 0x0d60  ============================================================
20:44:14.0651 0x0d60  Scan started
20:44:14.0651 0x0d60  Mode: Manual; 
20:44:14.0651 0x0d60  ============================================================
20:44:14.0651 0x0d60  KSN ping started
20:44:17.0161 0x0d60  KSN ping finished: true
20:44:17.0511 0x0d60  ================ Scan system memory ========================
20:44:17.0511 0x0d60  System memory - ok
20:44:17.0511 0x0d60  ================ Scan services =============================
20:44:17.0601 0x0d60  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:44:17.0601 0x0d60  1394ohci - ok
20:44:17.0651 0x0d60  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:44:17.0651 0x0d60  ACPI - ok
20:44:17.0671 0x0d60  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:44:17.0671 0x0d60  AcpiPmi - ok
20:44:17.0701 0x0d60  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:44:17.0701 0x0d60  AdobeARMservice - ok
20:44:17.0811 0x0d60  [ D51145F6B0CE987850F13A61DAD5E531, 67CB6AB8C42781FA717CBEF81F3C658747E3B7814383056A56EDA99583FDBFD5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:44:17.0811 0x0d60  AdobeFlashPlayerUpdateSvc - ok
20:44:17.0841 0x0d60  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:44:17.0851 0x0d60  adp94xx - ok
20:44:17.0871 0x0d60  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:44:17.0881 0x0d60  adpahci - ok
20:44:17.0901 0x0d60  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:44:17.0901 0x0d60  adpu320 - ok
20:44:17.0941 0x0d60  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:44:17.0941 0x0d60  AeLookupSvc - ok
20:44:18.0001 0x0d60  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
20:44:18.0011 0x0d60  AFD - ok
20:44:18.0021 0x0d60  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:44:18.0021 0x0d60  agp440 - ok
20:44:18.0041 0x0d60  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:44:18.0041 0x0d60  ALG - ok
20:44:18.0071 0x0d60  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:44:18.0071 0x0d60  aliide - ok
20:44:18.0091 0x0d60  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:44:18.0091 0x0d60  amdide - ok
20:44:18.0111 0x0d60  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:44:18.0111 0x0d60  AmdK8 - ok
20:44:18.0121 0x0d60  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:44:18.0131 0x0d60  AmdPPM - ok
20:44:18.0161 0x0d60  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:44:18.0161 0x0d60  amdsata - ok
20:44:18.0181 0x0d60  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:44:18.0181 0x0d60  amdsbs - ok
20:44:18.0191 0x0d60  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:44:18.0191 0x0d60  amdxata - ok
20:44:18.0211 0x0d60  [ EE4797DFEBBE8ACDB548DD8E80BE0A88, 9D56F835A5A9C045829EDFB546379E3448C9E539E5C2608B559DE4D052FEC769 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
20:44:18.0211 0x0d60  amd_sata - ok
20:44:18.0231 0x0d60  [ D56EAD71A86FD2ACAE2DB47D0A6A3A41, 2E5E6D0E00D25765CC8B9997B26DE43F305966BFA518CB72EA7CA77152001726 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
20:44:18.0231 0x0d60  amd_xata - ok
20:44:18.0251 0x0d60  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
20:44:18.0261 0x0d60  AppID - ok
20:44:18.0271 0x0d60  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:44:18.0281 0x0d60  AppIDSvc - ok
20:44:18.0311 0x0d60  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:44:18.0311 0x0d60  Appinfo - ok
20:44:18.0371 0x0d60  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:44:18.0371 0x0d60  Apple Mobile Device - ok
20:44:18.0391 0x0d60  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
20:44:18.0391 0x0d60  arc - ok
20:44:18.0401 0x0d60  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:44:18.0411 0x0d60  arcsas - ok
20:44:18.0451 0x0d60  [ EB6DC008A1F36DFD7999EB57E97EAACE, 2652798D622A751AD84429E03266F32B4EE86DECC34CA8153790D04F43E03A66 ] asahci64        C:\Windows\system32\DRIVERS\asahci64.sys
20:44:18.0451 0x0d60  asahci64 - ok
20:44:18.0481 0x0d60  [ 7D6179DB30EE10500D9570BC6FD5FDBA, 4C43A6C295E61C7BF41FCC34821C579B1C3249B73CA3A45D91EAF4E122286C0A ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
20:44:18.0481 0x0d60  asmthub3 - ok
20:44:18.0521 0x0d60  [ F5DAC44918FC38F6416CAFC7E3CC3190, 2D5458810266BF49B7819920F18D4295A9CDE18922BC47FE37B2742F29D43189 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
20:44:18.0521 0x0d60  asmtxhci - ok
20:44:18.0641 0x0d60  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:44:18.0661 0x0d60  aspnet_state - ok
20:44:18.0681 0x0d60  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:44:18.0681 0x0d60  AsyncMac - ok
20:44:18.0711 0x0d60  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:44:18.0711 0x0d60  atapi - ok
20:44:18.0761 0x0d60  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:44:18.0771 0x0d60  AudioEndpointBuilder - ok
20:44:18.0791 0x0d60  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:44:18.0801 0x0d60  AudioSrv - ok
20:44:18.0851 0x0d60  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:44:18.0851 0x0d60  AxInstSV - ok
20:44:18.0881 0x0d60  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:44:18.0891 0x0d60  b06bdrv - ok
20:44:18.0911 0x0d60  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:44:18.0921 0x0d60  b57nd60a - ok
20:44:18.0951 0x0d60  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:44:18.0951 0x0d60  BDESVC - ok
20:44:18.0971 0x0d60  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:44:18.0981 0x0d60  Beep - ok
20:44:19.0021 0x0d60  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:44:19.0041 0x0d60  BFE - ok
20:44:19.0101 0x0d60  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:44:19.0111 0x0d60  BITS - ok
20:44:19.0141 0x0d60  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:44:19.0141 0x0d60  blbdrive - ok
20:44:19.0211 0x0d60  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:44:19.0211 0x0d60  Bonjour Service - ok
20:44:19.0241 0x0d60  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:44:19.0241 0x0d60  bowser - ok
20:44:19.0261 0x0d60  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:44:19.0261 0x0d60  BrFiltLo - ok
20:44:19.0281 0x0d60  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:44:19.0281 0x0d60  BrFiltUp - ok
20:44:19.0311 0x0d60  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:44:19.0311 0x0d60  Browser - ok
20:44:19.0321 0x0d60  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:44:19.0331 0x0d60  Brserid - ok
20:44:19.0341 0x0d60  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:44:19.0341 0x0d60  BrSerWdm - ok
20:44:19.0351 0x0d60  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:44:19.0351 0x0d60  BrUsbMdm - ok
20:44:19.0371 0x0d60  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:44:19.0371 0x0d60  BrUsbSer - ok
20:44:19.0381 0x0d60  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:44:19.0381 0x0d60  BTHMODEM - ok
20:44:19.0391 0x0d60  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:44:19.0391 0x0d60  bthserv - ok
20:44:19.0501 0x0d60  [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
20:44:19.0531 0x0d60  c2cautoupdatesvc - ok
20:44:19.0611 0x0d60  [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
20:44:19.0651 0x0d60  c2cpnrsvc - ok
20:44:19.0681 0x0d60  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:44:19.0681 0x0d60  cdfs - ok
20:44:19.0721 0x0d60  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:44:19.0721 0x0d60  cdrom - ok
20:44:19.0751 0x0d60  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:44:19.0751 0x0d60  CertPropSvc - ok
20:44:19.0771 0x0d60  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:44:19.0771 0x0d60  circlass - ok
20:44:19.0801 0x0d60  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:44:19.0811 0x0d60  CLFS - ok
20:44:19.0851 0x0d60  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:44:19.0861 0x0d60  clr_optimization_v2.0.50727_32 - ok
20:44:19.0901 0x0d60  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:44:19.0901 0x0d60  clr_optimization_v2.0.50727_64 - ok
20:44:19.0971 0x0d60  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:44:20.0021 0x0d60  clr_optimization_v4.0.30319_32 - ok
20:44:20.0041 0x0d60  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:44:20.0041 0x0d60  clr_optimization_v4.0.30319_64 - ok
20:44:20.0051 0x0d60  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:44:20.0051 0x0d60  CmBatt - ok
20:44:20.0081 0x0d60  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:44:20.0081 0x0d60  cmdide - ok
20:44:20.0122 0x0d60  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
20:44:20.0132 0x0d60  CNG - ok
20:44:20.0142 0x0d60  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:44:20.0142 0x0d60  Compbatt - ok
20:44:20.0152 0x0d60  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:44:20.0152 0x0d60  CompositeBus - ok
20:44:20.0152 0x0d60  COMSysApp - ok
20:44:20.0172 0x0d60  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:44:20.0172 0x0d60  crcdisk - ok
20:44:20.0202 0x0d60  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:44:20.0212 0x0d60  CryptSvc - ok
20:44:20.0232 0x0d60  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:44:20.0242 0x0d60  DcomLaunch - ok
20:44:20.0272 0x0d60  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:44:20.0282 0x0d60  defragsvc - ok
20:44:20.0302 0x0d60  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:44:20.0302 0x0d60  DfsC - ok
20:44:20.0322 0x0d60  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:44:20.0322 0x0d60  Dhcp - ok
20:44:20.0332 0x0d60  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:44:20.0332 0x0d60  discache - ok
20:44:20.0352 0x0d60  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
20:44:20.0352 0x0d60  Disk - ok
20:44:20.0392 0x0d60  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:44:20.0392 0x0d60  Dnscache - ok
20:44:20.0422 0x0d60  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:44:20.0422 0x0d60  dot3svc - ok
20:44:20.0442 0x0d60  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:44:20.0452 0x0d60  DPS - ok
20:44:20.0482 0x0d60  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:44:20.0482 0x0d60  drmkaud - ok
20:44:20.0532 0x0d60  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:44:20.0542 0x0d60  DXGKrnl - ok
20:44:20.0562 0x0d60  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:44:20.0572 0x0d60  EapHost - ok
20:44:20.0622 0x0d60  EasyAntiCheat - ok
20:44:20.0722 0x0d60  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:44:20.0821 0x0d60  ebdrv - ok
20:44:20.0839 0x1420  Object required for P2P: [ D51145F6B0CE987850F13A61DAD5E531 ] AdobeFlashPlayerUpdateSvc
20:44:20.0873 0x0d60  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
20:44:20.0873 0x0d60  EFS - ok
20:44:20.0942 0x0d60  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:44:20.0962 0x0d60  ehRecvr - ok
20:44:20.0982 0x0d60  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:44:20.0982 0x0d60  ehSched - ok
20:44:21.0030 0x0d60  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:44:21.0040 0x0d60  elxstor - ok
20:44:21.0052 0x0d60  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:44:21.0062 0x0d60  ErrDev - ok
20:44:21.0102 0x0d60  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:44:21.0112 0x0d60  EventSystem - ok
20:44:21.0122 0x0d60  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:44:21.0132 0x0d60  exfat - ok
20:44:21.0142 0x0d60  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:44:21.0152 0x0d60  fastfat - ok
20:44:21.0192 0x0d60  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:44:21.0202 0x0d60  Fax - ok
20:44:21.0242 0x0d60  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
20:44:21.0242 0x0d60  fdc - ok
20:44:21.0262 0x0d60  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:44:21.0262 0x0d60  fdPHost - ok
20:44:21.0272 0x0d60  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:44:21.0282 0x0d60  FDResPub - ok
20:44:21.0302 0x0d60  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:44:21.0302 0x0d60  FileInfo - ok
20:44:21.0322 0x0d60  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:44:21.0322 0x0d60  Filetrace - ok
20:44:21.0332 0x0d60  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:44:21.0332 0x0d60  flpydisk - ok
20:44:21.0352 0x0d60  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:44:21.0362 0x0d60  FltMgr - ok
20:44:21.0422 0x0d60  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:44:21.0442 0x0d60  FontCache - ok
20:44:21.0482 0x0d60  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:44:21.0482 0x0d60  FontCache3.0.0.0 - ok
20:44:21.0492 0x0d60  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:44:21.0492 0x0d60  FsDepends - ok
20:44:21.0512 0x0d60  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:44:21.0512 0x0d60  Fs_Rec - ok
20:44:21.0542 0x0d60  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:44:21.0542 0x0d60  fvevol - ok
20:44:21.0582 0x0d60  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:44:21.0582 0x0d60  gagp30kx - ok
20:44:21.0602 0x0d60  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:44:21.0602 0x0d60  GEARAspiWDM - ok
20:44:21.0702 0x0d60  [ A27A06D8359BC5202F2F8E3240DE205F, C2BB64106D6894E6CF45121FE3ECCDE2A00CAE9268CF5ECA11F436C10DBFC6F0 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
20:44:21.0782 0x0d60  GfExperienceService - ok
20:44:21.0832 0x0d60  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:44:21.0842 0x0d60  gpsvc - ok
20:44:21.0892 0x0d60  gupdate - ok
20:44:21.0892 0x0d60  gupdatem - ok
20:44:21.0912 0x0d60  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:44:21.0912 0x0d60  hcw85cir - ok
20:44:21.0952 0x0d60  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:44:21.0962 0x0d60  HdAudAddService - ok
20:44:21.0992 0x0d60  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:44:21.0992 0x0d60  HDAudBus - ok
20:44:22.0002 0x0d60  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:44:22.0012 0x0d60  HidBatt - ok
20:44:22.0022 0x0d60  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:44:22.0022 0x0d60  HidBth - ok
20:44:22.0042 0x0d60  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:44:22.0042 0x0d60  HidIr - ok
20:44:22.0052 0x0d60  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
20:44:22.0052 0x0d60  hidserv - ok
20:44:22.0112 0x0d60  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
20:44:22.0112 0x0d60  HidUsb - ok
20:44:22.0132 0x0d60  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:44:22.0132 0x0d60  hkmsvc - ok
20:44:22.0152 0x0d60  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:44:22.0162 0x0d60  HomeGroupListener - ok
20:44:22.0172 0x0d60  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:44:22.0182 0x0d60  HomeGroupProvider - ok
20:44:22.0192 0x0d60  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:44:22.0202 0x0d60  HpSAMD - ok
20:44:22.0251 0x0d60  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:44:22.0265 0x0d60  HTTP - ok
20:44:22.0292 0x0d60  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:44:22.0292 0x0d60  hwpolicy - ok
20:44:22.0331 0x0d60  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:44:22.0334 0x0d60  i8042prt - ok
20:44:22.0355 0x0d60  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:44:22.0363 0x0d60  iaStorV - ok
20:44:22.0415 0x0d60  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:44:22.0432 0x0d60  idsvc - ok
20:44:22.0449 0x0d60  IEEtwCollectorService - ok
20:44:22.0460 0x0d60  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:44:22.0462 0x0d60  iirsp - ok
20:44:22.0510 0x0d60  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:44:22.0527 0x0d60  IKEEXT - ok
20:44:22.0546 0x0d60  IntcAzAudAddService - ok
20:44:22.0574 0x0d60  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:44:22.0575 0x0d60  intelide - ok
20:44:22.0603 0x0d60  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
20:44:22.0605 0x0d60  intelppm - ok
20:44:22.0620 0x0d60  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:44:22.0623 0x0d60  IPBusEnum - ok
20:44:22.0632 0x0d60  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:44:22.0632 0x0d60  IpFilterDriver - ok
20:44:22.0682 0x0d60  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:44:22.0692 0x0d60  iphlpsvc - ok
20:44:22.0702 0x0d60  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:44:22.0702 0x0d60  IPMIDRV - ok
20:44:22.0722 0x0d60  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:44:22.0722 0x0d60  IPNAT - ok
20:44:22.0788 0x0d60  [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:44:22.0800 0x0d60  iPod Service - ok
20:44:22.0827 0x0d60  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:44:22.0828 0x0d60  IRENUM - ok
20:44:22.0839 0x0d60  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:44:22.0840 0x0d60  isapnp - ok
20:44:22.0881 0x0d60  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:44:22.0887 0x0d60  iScsiPrt - ok
20:44:22.0906 0x0d60  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:44:22.0907 0x0d60  kbdclass - ok
20:44:22.0922 0x0d60  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:44:22.0923 0x0d60  kbdhid - ok
20:44:22.0937 0x0d60  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
20:44:22.0938 0x0d60  KeyIso - ok
20:44:22.0976 0x0d60  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:44:22.0980 0x0d60  KSecDD - ok
20:44:23.0017 0x0d60  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:44:23.0020 0x0d60  KSecPkg - ok
20:44:23.0023 0x0d60  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:44:23.0025 0x0d60  ksthunk - ok
20:44:23.0049 0x0d60  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:44:23.0057 0x0d60  KtmRm - ok
20:44:23.0079 0x0d60  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:44:23.0085 0x0d60  LanmanServer - ok
20:44:23.0115 0x0d60  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:44:23.0119 0x0d60  LanmanWorkstation - ok
20:44:23.0142 0x0d60  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:44:23.0144 0x0d60  lltdio - ok
20:44:23.0174 0x0d60  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:44:23.0177 0x0d60  lltdsvc - ok
20:44:23.0187 0x0d60  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:44:23.0187 0x0d60  lmhosts - ok
20:44:23.0217 0x0d60  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:44:23.0217 0x0d60  LSI_FC - ok
20:44:23.0237 0x0d60  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:44:23.0237 0x0d60  LSI_SAS - ok
20:44:23.0247 0x0d60  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:44:23.0257 0x0d60  LSI_SAS2 - ok
20:44:23.0267 0x0d60  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:44:23.0267 0x0d60  LSI_SCSI - ok
20:44:23.0287 0x0d60  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:44:23.0287 0x0d60  luafv - ok
20:44:23.0307 0x0d60  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:44:23.0307 0x0d60  Mcx2Svc - ok
20:44:23.0327 0x0d60  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:44:23.0327 0x0d60  megasas - ok
20:44:23.0347 0x0d60  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:44:23.0347 0x0d60  MegaSR - ok
20:44:23.0417 0x0d60  Microsoft SharePoint Workspace Audit Service - ok
20:44:23.0460 0x0d60  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:44:23.0462 0x0d60  MMCSS - ok
20:44:23.0477 0x0d60  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:44:23.0479 0x0d60  Modem - ok
20:44:23.0501 0x0d60  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:44:23.0502 0x0d60  monitor - ok
20:44:23.0515 0x0d60  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:44:23.0516 0x1420  Object send P2P result: true
20:44:23.0516 0x0d60  mouclass - ok
20:44:23.0537 0x0d60  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:44:23.0538 0x0d60  mouhid - ok
20:44:23.0552 0x0d60  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:44:23.0553 0x0d60  mountmgr - ok
20:44:23.0600 0x0d60  [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:44:23.0605 0x0d60  MpFilter - ok
20:44:23.0624 0x0d60  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:44:23.0627 0x0d60  mpio - ok
20:44:23.0676 0x0d60  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:44:23.0678 0x0d60  mpsdrv - ok
20:44:23.0705 0x0d60  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:44:23.0722 0x0d60  MpsSvc - ok
20:44:23.0767 0x0d60  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:44:23.0771 0x0d60  MRxDAV - ok
20:44:23.0812 0x0d60  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:44:23.0815 0x0d60  mrxsmb - ok
20:44:23.0836 0x0d60  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:44:23.0841 0x0d60  mrxsmb10 - ok
20:44:23.0847 0x0d60  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:44:23.0857 0x0d60  mrxsmb20 - ok
20:44:23.0887 0x0d60  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:44:23.0887 0x0d60  msahci - ok
20:44:23.0897 0x0d60  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:44:23.0907 0x0d60  msdsm - ok
20:44:23.0917 0x0d60  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:44:23.0917 0x0d60  MSDTC - ok
20:44:23.0927 0x0d60  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:44:23.0927 0x0d60  Msfs - ok
20:44:23.0937 0x0d60  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:44:23.0947 0x0d60  mshidkmdf - ok
20:44:23.0947 0x0d60  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:44:23.0947 0x0d60  msisadrv - ok
20:44:23.0987 0x0d60  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:44:23.0987 0x0d60  MSiSCSI - ok
20:44:23.0987 0x0d60  msiserver - ok
20:44:24.0007 0x0d60  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:44:24.0007 0x0d60  MSKSSRV - ok
20:44:24.0082 0x0d60  [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:44:24.0082 0x0d60  MsMpSvc - ok
20:44:24.0102 0x0d60  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:44:24.0102 0x0d60  MSPCLOCK - ok
20:44:24.0102 0x0d60  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:44:24.0102 0x0d60  MSPQM - ok
20:44:24.0122 0x0d60  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:44:24.0122 0x0d60  MsRPC - ok
20:44:24.0132 0x0d60  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:44:24.0132 0x0d60  mssmbios - ok
20:44:24.0152 0x0d60  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:44:24.0152 0x0d60  MSTEE - ok
20:44:24.0162 0x0d60  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:44:24.0162 0x0d60  MTConfig - ok
20:44:24.0162 0x0d60  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:44:24.0172 0x0d60  Mup - ok
20:44:24.0212 0x0d60  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:44:24.0222 0x0d60  napagent - ok
20:44:24.0252 0x0d60  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:44:24.0262 0x0d60  NativeWifiP - ok
20:44:24.0302 0x0d60  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:44:24.0322 0x0d60  NDIS - ok
20:44:24.0342 0x0d60  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:44:24.0342 0x0d60  NdisCap - ok
20:44:24.0362 0x0d60  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:44:24.0362 0x0d60  NdisTapi - ok
20:44:24.0382 0x0d60  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:44:24.0382 0x0d60  Ndisuio - ok
20:44:24.0402 0x0d60  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:44:24.0402 0x0d60  NdisWan - ok
20:44:24.0422 0x0d60  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:44:24.0422 0x0d60  NDProxy - ok
20:44:24.0442 0x0d60  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:44:24.0442 0x0d60  NetBIOS - ok
20:44:24.0468 0x0d60  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:44:24.0473 0x0d60  NetBT - ok
20:44:24.0485 0x0d60  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
20:44:24.0486 0x0d60  Netlogon - ok
20:44:24.0525 0x0d60  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:44:24.0533 0x0d60  Netman - ok
20:44:24.0577 0x0d60  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:44:24.0580 0x0d60  NetMsmqActivator - ok
20:44:24.0585 0x0d60  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:44:24.0587 0x0d60  NetPipeActivator - ok
20:44:24.0610 0x0d60  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:44:24.0620 0x0d60  netprofm - ok
20:44:24.0622 0x0d60  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:44:24.0622 0x0d60  NetTcpActivator - ok
20:44:24.0622 0x0d60  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:44:24.0632 0x0d60  NetTcpPortSharing - ok
20:44:24.0642 0x0d60  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:44:24.0642 0x0d60  nfrd960 - ok
20:44:24.0692 0x0d60  [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:44:24.0692 0x0d60  NisDrv - ok
20:44:24.0732 0x0d60  [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
20:44:24.0742 0x0d60  NisSrv - ok
20:44:24.0782 0x0d60  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:44:24.0782 0x0d60  NlaSvc - ok
20:44:24.0822 0x0d60  [ FBCA3FD51604147770EB4FB53D6144A8, F542A902721AD25D85B6E4CBCD034710D15D2B7508AEE501DF69E76A6234DE15 ] NMgamingmsFltr  C:\Windows\system32\drivers\NMgamingms.sys
20:44:24.0822 0x0d60  NMgamingmsFltr - ok
20:44:24.0832 0x0d60  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:44:24.0832 0x0d60  Npfs - ok
20:44:24.0832 0x0d60  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:44:24.0832 0x0d60  nsi - ok
20:44:24.0842 0x0d60  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:44:24.0842 0x0d60  nsiproxy - ok
20:44:24.0922 0x0d60  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:44:24.0962 0x0d60  Ntfs - ok
20:44:25.0002 0x0d60  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:44:25.0002 0x0d60  Null - ok
20:44:25.0042 0x0d60  [ C87B11EB78428853F9E8495C47E53C10, FAE479DB0812967B3FF968773BA998591B4F50BE4329B8349BCA7E6EAB1B0474 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:44:25.0042 0x0d60  NVHDA - ok
20:44:25.0399 0x0d60  [ 5CE6B69D4E1BE1B4D95F86A439A82787, 11146B8F2B082C7C4D8A867E88EC0092DC94D59A6A6500C93531F787C228AC87 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:44:25.0684 0x0d60  nvlddmkm - ok
20:44:25.0859 0x0d60  [ 507E699BD36530491BA0F95251B22F06, BDE6EB91FADBCB8CE16C31EF43A97DC6CC5D0F4EBAEA7903810556D0D70F54BC ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
20:44:26.0551 0x0d60  NvNetworkService - ok
20:44:26.0584 0x0d60  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:44:26.0588 0x0d60  nvraid - ok
20:44:26.0597 0x0d60  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:44:26.0601 0x0d60  nvstor - ok
20:44:26.0638 0x0d60  [ 7E4C1879248629A2C9CC9ADF52CBB9B7, 856FF60FD111C3C80B137BC62B7EF92D3B95FBA462A29F97D65457A5A507506E ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
20:44:26.0672 0x0d60  NvStreamKms - ok
20:44:27.0184 0x0d60  [ C3EB27E4BC00283CA166A9FC42B90FC7, FED7F68D1C6EB442292E40DCFAEE7339AE21D5EF726A9DC9BCB6AB5C5873B3E0 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
20:44:27.0716 0x0d60  NvStreamSvc - ok
20:44:27.0816 0x0d60  [ FD317B3186017E8CC91DF7695768A700, 1605ABF3CCAFFEE85C7BE9FC5D057E40A2FD35C29644EBD38D54649EBE2D3C0A ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:44:27.0836 0x0d60  nvsvc - ok
20:44:27.0856 0x0d60  [ 1AF619620613869C07F9C147BC37520F, 0AD4E100354E201D5E72BA236C1464F5083A7E3B58C4AC6BA712489D258955F5 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
20:44:27.0866 0x0d60  nvvad_WaveExtensible - ok
20:44:27.0876 0x0d60  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:44:27.0886 0x0d60  nv_agp - ok
20:44:27.0921 0x0d60  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:44:27.0923 0x0d60  ohci1394 - ok
20:44:27.0969 0x0d60  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:44:27.0972 0x0d60  ose - ok
20:44:28.0158 0x0d60  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:44:28.0274 0x0d60  osppsvc - ok
20:44:28.0325 0x0d60  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:44:28.0335 0x0d60  p2pimsvc - ok
20:44:28.0355 0x0d60  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:44:28.0365 0x0d60  p2psvc - ok
20:44:28.0375 0x0d60  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
20:44:28.0375 0x0d60  Parport - ok
20:44:28.0405 0x0d60  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:44:28.0405 0x0d60  partmgr - ok
20:44:28.0442 0x0d60  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:44:28.0447 0x0d60  PcaSvc - ok
20:44:28.0461 0x0d60  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:44:28.0465 0x0d60  pci - ok
20:44:28.0492 0x0d60  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:44:28.0492 0x0d60  pciide - ok
20:44:28.0512 0x0d60  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:44:28.0512 0x0d60  pcmcia - ok
20:44:28.0522 0x0d60  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:44:28.0522 0x0d60  pcw - ok
20:44:28.0562 0x0d60  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:44:28.0572 0x0d60  PEAUTH - ok
20:44:28.0633 0x0d60  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:44:28.0634 0x0d60  PerfHost - ok
20:44:28.0685 0x0d60  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:44:28.0729 0x0d60  pla - ok
20:44:28.0769 0x0d60  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:44:28.0783 0x0d60  PlugPlay - ok
20:44:28.0797 0x0d60  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:44:28.0799 0x0d60  PNRPAutoReg - ok
20:44:28.0815 0x0d60  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:44:28.0825 0x0d60  PNRPsvc - ok
20:44:28.0862 0x0d60  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:44:28.0872 0x0d60  PolicyAgent - ok
20:44:28.0902 0x0d60  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:44:28.0902 0x0d60  Power - ok
20:44:28.0932 0x0d60  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:44:28.0932 0x0d60  PptpMiniport - ok
20:44:28.0942 0x0d60  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
20:44:28.0942 0x0d60  Processor - ok
20:44:28.0971 0x0d60  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:44:28.0981 0x0d60  ProfSvc - ok
20:44:28.0991 0x0d60  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:44:28.0991 0x0d60  ProtectedStorage - ok
20:44:29.0021 0x0d60  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:44:29.0021 0x0d60  Psched - ok
20:44:29.0072 0x0d60  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:44:29.0112 0x0d60  ql2300 - ok
20:44:29.0159 0x0d60  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:44:29.0159 0x0d60  ql40xx - ok
20:44:29.0189 0x0d60  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:44:29.0189 0x0d60  QWAVE - ok
20:44:29.0209 0x0d60  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:44:29.0210 0x0d60  QWAVEdrv - ok
20:44:29.0223 0x0d60  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:44:29.0224 0x0d60  RasAcd - ok
20:44:29.0239 0x0d60  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:44:29.0249 0x0d60  RasAgileVpn - ok
20:44:29.0267 0x0d60  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:44:29.0270 0x0d60  RasAuto - ok
20:44:29.0283 0x0d60  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:44:29.0286 0x0d60  Rasl2tp - ok
20:44:29.0294 0x0d60  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:44:29.0297 0x0d60  RasMan - ok
20:44:29.0307 0x0d60  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:44:29.0307 0x0d60  RasPppoe - ok
20:44:29.0317 0x0d60  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:44:29.0317 0x0d60  RasSstp - ok
20:44:29.0336 0x0d60  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:44:29.0342 0x0d60  rdbss - ok
20:44:29.0353 0x0d60  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:44:29.0355 0x0d60  rdpbus - ok
20:44:29.0365 0x0d60  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:44:29.0365 0x0d60  RDPCDD - ok
20:44:29.0385 0x0d60  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:44:29.0385 0x0d60  RDPENCDD - ok
20:44:29.0395 0x0d60  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:44:29.0395 0x0d60  RDPREFMP - ok
20:44:29.0475 0x0d60  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:44:29.0485 0x0d60  RdpVideoMiniport - ok
20:44:29.0518 0x0d60  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:44:29.0523 0x0d60  RDPWD - ok
20:44:29.0542 0x0d60  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:44:29.0546 0x0d60  rdyboost - ok
20:44:29.0555 0x0d60  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:44:29.0565 0x0d60  RemoteAccess - ok
20:44:29.0575 0x0d60  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:44:29.0575 0x0d60  RemoteRegistry - ok
20:44:29.0585 0x0d60  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:44:29.0585 0x0d60  RpcEptMapper - ok
20:44:29.0605 0x0d60  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:44:29.0605 0x0d60  RpcLocator - ok
20:44:29.0635 0x0d60  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:44:29.0639 0x0d60  RpcSs - ok
20:44:29.0659 0x0d60  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:44:29.0659 0x0d60  rspndr - ok
20:44:29.0721 0x0d60  [ 61A04C0C084D560BBEF1D09604608262, 27230BDFB479FBD1B18BB4035059A52F8BE74B19190951EAC95D569E284421B3 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:44:29.0733 0x0d60  RTL8167 - ok
20:44:29.0749 0x0d60  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
20:44:29.0749 0x0d60  SamSs - ok
20:44:29.0759 0x0d60  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:44:29.0759 0x0d60  sbp2port - ok
20:44:29.0779 0x0d60  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:44:29.0784 0x0d60  SCardSvr - ok
20:44:29.0792 0x0d60  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:44:29.0793 0x0d60  scfilter - ok
20:44:29.0835 0x0d60  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:44:29.0855 0x0d60  Schedule - ok
20:44:29.0880 0x0d60  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:44:29.0882 0x0d60  SCPolicySvc - ok
20:44:29.0900 0x0d60  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:44:29.0905 0x0d60  SDRSVC - ok
20:44:30.0003 0x0d60  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:44:30.0023 0x0d60  SDScannerService - ok
20:44:30.0110 0x0d60  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:44:30.0132 0x0d60  SDUpdateService - ok
20:44:30.0162 0x0d60  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:44:30.0165 0x0d60  SDWSCService - ok
20:44:30.0182 0x0d60  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:44:30.0183 0x0d60  secdrv - ok
20:44:30.0189 0x0d60  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:44:30.0189 0x0d60  seclogon - ok
20:44:30.0199 0x0d60  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:44:30.0199 0x0d60  SENS - ok
20:44:30.0219 0x0d60  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:44:30.0219 0x0d60  SensrSvc - ok
20:44:30.0229 0x0d60  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:44:30.0229 0x0d60  Serenum - ok
20:44:30.0245 0x0d60  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:44:30.0245 0x0d60  Serial - ok
20:44:30.0265 0x0d60  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:44:30.0265 0x0d60  sermouse - ok
20:44:30.0286 0x0d60  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:44:30.0290 0x0d60  SessionEnv - ok
20:44:30.0375 0x0d60  [ 18A4EB256E35A6DD233C4D005835879A, 1993C6DC6578862B6DD2F1F85EF1101D40993600FB7E02FD6C289806C0CD71B2 ] SetupARService  C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
20:44:30.0396 0x0d60  SetupARService - ok
20:44:30.0405 0x0d60  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:44:30.0405 0x0d60  sffdisk - ok
20:44:30.0415 0x0d60  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:44:30.0415 0x0d60  sffp_mmc - ok
20:44:30.0415 0x0d60  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:44:30.0415 0x0d60  sffp_sd - ok
20:44:30.0425 0x0d60  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:44:30.0425 0x0d60  sfloppy - ok
20:44:30.0463 0x0d60  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:44:30.0467 0x0d60  SharedAccess - ok
20:44:30.0477 0x0d60  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:44:30.0487 0x0d60  ShellHWDetection - ok
20:44:30.0517 0x0d60  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:44:30.0517 0x0d60  SiSRaid2 - ok
20:44:30.0527 0x0d60  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:44:30.0527 0x0d60  SiSRaid4 - ok
20:44:30.0597 0x0d60  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:44:30.0603 0x0d60  SkypeUpdate - ok
20:44:30.0625 0x0d60  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:44:30.0625 0x0d60  Smb - ok
20:44:30.0645 0x0d60  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:44:30.0655 0x0d60  SNMPTRAP - ok
20:44:30.0665 0x0d60  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:44:30.0665 0x0d60  spldr - ok
20:44:30.0715 0x0d60  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:44:30.0735 0x0d60  Spooler - ok
20:44:30.0849 0x0d60  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:44:30.0961 0x0d60  sppsvc - ok
20:44:30.0971 0x0d60  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:44:30.0971 0x0d60  sppuinotify - ok
20:44:31.0031 0x0d60  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:44:31.0031 0x0d60  srv - ok
20:44:31.0060 0x0d60  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:44:31.0068 0x0d60  srv2 - ok
20:44:31.0093 0x0d60  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:44:31.0103 0x0d60  srvnet - ok
20:44:31.0123 0x0d60  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:44:31.0123 0x0d60  SSDPSRV - ok
20:44:31.0133 0x0d60  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:44:31.0133 0x0d60  SstpSvc - ok
20:44:31.0195 0x0d60  [ 7A04FB623BE442450E716AA2A5476BE1, A24AD210F545460E0E0EE8F09991E665B34DCE2EF5EC6D495E314ADBB88B18D5 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:44:31.0514 0x0d60  Steam Client Service - ok
20:44:31.0564 0x0d60  [ 0E7DE141313312A701D625E98BCC4B53, 84FCF86B3E83F6715463647CC928D02230F7BA8261E162EC521F0361C46F3B9C ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:44:32.0308 0x0d60  Stereo Service - ok
20:44:32.0328 0x0d60  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:44:32.0328 0x0d60  stexstor - ok
20:44:32.0368 0x0d60  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:44:32.0378 0x0d60  stisvc - ok
20:44:32.0398 0x0d60  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:44:32.0398 0x0d60  swenum - ok
20:44:32.0419 0x0d60  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:44:32.0429 0x0d60  swprv - ok
20:44:32.0479 0x0d60  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:44:32.0531 0x0d60  SysMain - ok
20:44:32.0551 0x0d60  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:44:32.0551 0x0d60  TabletInputService - ok
20:44:32.0571 0x0d60  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:44:32.0581 0x0d60  TapiSrv - ok
20:44:32.0593 0x0d60  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:44:32.0593 0x0d60  TBS - ok
20:44:32.0663 0x0d60  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:44:32.0724 0x0d60  Tcpip - ok
20:44:32.0777 0x0d60  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:44:32.0797 0x0d60  TCPIP6 - ok
20:44:32.0827 0x0d60  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:44:32.0827 0x0d60  tcpipreg - ok
20:44:32.0847 0x0d60  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:44:32.0847 0x0d60  TDPIPE - ok
20:44:32.0867 0x0d60  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:44:32.0867 0x0d60  TDTCP - ok
20:44:32.0877 0x0d60  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:44:32.0877 0x0d60  tdx - ok
20:44:32.0897 0x0d60  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:44:32.0907 0x0d60  TermDD - ok
20:44:32.0947 0x0d60  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
20:44:32.0957 0x0d60  TermService - ok
20:44:32.0997 0x0d60  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:44:32.0997 0x0d60  Themes - ok
20:44:33.0017 0x0d60  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:44:33.0017 0x0d60  THREADORDER - ok
20:44:33.0027 0x0d60  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:44:33.0037 0x0d60  TrkWks - ok
20:44:33.0077 0x0d60  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:44:33.0087 0x0d60  TrustedInstaller - ok
20:44:33.0117 0x0d60  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:44:33.0117 0x0d60  tssecsrv - ok
20:44:33.0137 0x0d60  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:44:33.0137 0x0d60  TsUsbFlt - ok
20:44:33.0157 0x0d60  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:44:33.0157 0x0d60  TsUsbGD - ok
20:44:33.0197 0x0d60  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:44:33.0197 0x0d60  tunnel - ok
20:44:33.0223 0x0d60  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:44:33.0224 0x0d60  uagp35 - ok
20:44:33.0238 0x0d60  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:44:33.0238 0x0d60  udfs - ok
20:44:33.0258 0x0d60  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:44:33.0258 0x0d60  UI0Detect - ok
20:44:33.0268 0x0d60  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:44:33.0268 0x0d60  uliagpkx - ok
20:44:33.0308 0x0d60  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:44:33.0308 0x0d60  umbus - ok
20:44:33.0328 0x0d60  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:44:33.0328 0x0d60  UmPass - ok
20:44:33.0348 0x0d60  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:44:33.0348 0x0d60  upnphost - ok
20:44:33.0388 0x0d60  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:44:33.0388 0x0d60  usbaudio - ok
20:44:33.0408 0x0d60  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:44:33.0408 0x0d60  usbccgp - ok
20:44:33.0454 0x0d60  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:44:33.0457 0x0d60  usbcir - ok
20:44:33.0491 0x0d60  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:44:33.0491 0x0d60  usbehci - ok
20:44:33.0511 0x0d60  [ 504901430B6E03B99EBB6BF26E0868C6, D00C0904B7008305DCA5D1E6FED153DD8875CAD14D80348E59F42A182FA7E832 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
20:44:33.0511 0x0d60  usbfilter - ok
20:44:33.0541 0x0d60  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:44:33.0551 0x0d60  usbhub - ok
20:44:33.0571 0x0d60  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:44:33.0571 0x0d60  usbohci - ok
20:44:33.0591 0x0d60  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:44:33.0591 0x0d60  usbprint - ok
20:44:33.0621 0x0d60  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:44:33.0621 0x0d60  USBSTOR - ok
20:44:33.0641 0x0d60  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:44:33.0641 0x0d60  usbuhci - ok
20:44:33.0651 0x0d60  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:44:33.0651 0x0d60  UxSms - ok
20:44:33.0661 0x0d60  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
20:44:33.0661 0x0d60  VaultSvc - ok
20:44:33.0671 0x0d60  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:44:33.0671 0x0d60  vdrvroot - ok
20:44:33.0701 0x0d60  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:44:33.0711 0x0d60  vds - ok
20:44:33.0721 0x0d60  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:44:33.0721 0x0d60  vga - ok
20:44:33.0731 0x0d60  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:44:33.0731 0x0d60  VgaSave - ok
20:44:33.0750 0x0d60  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:44:33.0755 0x0d60  vhdmp - ok
20:44:33.0791 0x0d60  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:44:33.0791 0x0d60  viaide - ok
20:44:33.0801 0x0d60  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:44:33.0811 0x0d60  volmgr - ok
20:44:33.0821 0x0d60  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:44:33.0831 0x0d60  volmgrx - ok
20:44:33.0851 0x0d60  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:44:33.0851 0x0d60  volsnap - ok
20:44:33.0871 0x0d60  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:44:33.0881 0x0d60  vsmraid - ok
20:44:33.0931 0x0d60  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:44:33.0981 0x0d60  VSS - ok
20:44:34.0021 0x0d60  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:44:34.0021 0x0d60  vwifibus - ok
20:44:34.0041 0x0d60  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:44:34.0051 0x0d60  W32Time - ok
20:44:34.0061 0x0d60  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:44:34.0061 0x0d60  WacomPen - ok
20:44:34.0091 0x0d60  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:44:34.0091 0x0d60  WANARP - ok
20:44:34.0091 0x0d60  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:44:34.0101 0x0d60  Wanarpv6 - ok
20:44:34.0181 0x0d60  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:44:34.0211 0x0d60  WatAdminSvc - ok
20:44:34.0265 0x0d60  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:44:34.0298 0x0d60  wbengine - ok
20:44:34.0318 0x0d60  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:44:34.0328 0x0d60  WbioSrvc - ok
20:44:34.0338 0x0d60  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:44:34.0348 0x0d60  wcncsvc - ok
20:44:34.0368 0x0d60  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:44:34.0370 0x0d60  WcsPlugInService - ok
20:44:34.0371 0x0d60  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
20:44:34.0371 0x0d60  Wd - ok
20:44:34.0421 0x0d60  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:44:34.0441 0x0d60  Wdf01000 - ok
20:44:34.0461 0x0d60  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:44:34.0461 0x0d60  WdiServiceHost - ok
20:44:34.0471 0x0d60  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:44:34.0471 0x0d60  WdiSystemHost - ok
20:44:34.0501 0x0d60  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
20:44:34.0501 0x0d60  WebClient - ok
20:44:34.0531 0x0d60  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:44:34.0531 0x0d60  Wecsvc - ok
20:44:34.0541 0x0d60  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:44:34.0551 0x0d60  wercplsupport - ok
20:44:34.0561 0x0d60  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:44:34.0571 0x0d60  WerSvc - ok
20:44:34.0581 0x0d60  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:44:34.0591 0x0d60  WfpLwf - ok
20:44:34.0591 0x0d60  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:44:34.0591 0x0d60  WIMMount - ok
20:44:34.0621 0x0d60  WinDefend - ok
20:44:34.0621 0x0d60  WinHttpAutoProxySvc - ok
20:44:34.0681 0x0d60  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:44:34.0681 0x0d60  Winmgmt - ok
20:44:34.0741 0x0d60  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:44:34.0801 0x0d60  WinRM - ok
20:44:34.0851 0x0d60  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:44:34.0851 0x0d60  WinUsb - ok
20:44:34.0891 0x0d60  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:44:34.0911 0x0d60  Wlansvc - ok
20:44:34.0921 0x0d60  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:44:34.0921 0x0d60  WmiAcpi - ok
20:44:34.0941 0x0d60  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:44:34.0941 0x0d60  wmiApSrv - ok
20:44:34.0951 0x0d60  WMPNetworkSvc - ok
20:44:34.0961 0x0d60  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:44:34.0961 0x0d60  WPCSvc - ok
20:44:34.0981 0x0d60  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:44:34.0981 0x0d60  WPDBusEnum - ok
20:44:34.0991 0x0d60  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:44:34.0991 0x0d60  ws2ifsl - ok
20:44:35.0011 0x0d60  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
20:44:35.0011 0x0d60  wscsvc - ok
20:44:35.0011 0x0d60  WSearch - ok
20:44:35.0101 0x0d60  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:44:35.0181 0x0d60  wuauserv - ok
20:44:35.0201 0x0d60  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:44:35.0201 0x0d60  WudfPf - ok
20:44:35.0221 0x0d60  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:44:35.0221 0x0d60  WUDFRd - ok
20:44:35.0251 0x0d60  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:44:35.0251 0x0d60  wudfsvc - ok
20:44:35.0281 0x0d60  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:44:35.0281 0x0d60  WwanSvc - ok
20:44:35.0291 0x0d60  ================ Scan global ===============================
20:44:35.0331 0x0d60  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:44:35.0361 0x0d60  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:44:35.0371 0x0d60  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:44:35.0391 0x0d60  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:44:35.0411 0x0d60  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:44:35.0411 0x0d60  [ Global ] - ok
20:44:35.0411 0x0d60  ================ Scan MBR ==================================
20:44:35.0411 0x0d60  [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk1\DR1
20:44:35.0591 0x0d60  \Device\Harddisk1\DR1 - ok
20:44:35.0671 0x0d60  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:44:35.0831 0x0d60  \Device\Harddisk0\DR0 - ok
20:44:35.0831 0x0d60  ================ Scan VBR ==================================
20:44:35.0831 0x0d60  [ CF81D8035A3EA2CD15FB79FC8DAA5521 ] \Device\Harddisk1\DR1\Partition1
20:44:35.0871 0x0d60  \Device\Harddisk1\DR1\Partition1 - ok
20:44:35.0871 0x0d60  [ D5E96D9D5C504D646276B85DB85D97C8 ] \Device\Harddisk1\DR1\Partition2
20:44:35.0911 0x0d60  \Device\Harddisk1\DR1\Partition2 - ok
20:44:35.0911 0x0d60  [ F1E8096A96E3C6946481083FF7E3F22A ] \Device\Harddisk0\DR0\Partition1
20:44:35.0971 0x0d60  \Device\Harddisk0\DR0\Partition1 - ok
20:44:35.0981 0x0d60  [ 86C44CD910CB8D197BE9C7B0466EDBB4 ] \Device\Harddisk0\DR0\Partition2
20:44:36.0031 0x0d60  \Device\Harddisk0\DR0\Partition2 - ok
20:44:36.0031 0x0d60  ================ Scan generic autorun ======================
20:44:36.0142 0x0d60  [ 4F011F572DAC7057DF9D6E9064AA77E8, CC05441572740A9996525C3B9382191022E4F918C45C09EC0DE4C11215F81008 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
20:44:36.0242 0x0d60  NvBackend - ok
20:44:36.0322 0x0d60  [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] c:\Program Files\Microsoft Security Client\msseces.exe
20:44:36.0352 0x0d60  MSC - ok
20:44:36.0352 0x0d60  pcreg - ok
20:44:36.0362 0x0d60  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
20:44:36.0372 0x0d60  ShadowPlay - ok
20:44:36.0422 0x0d60  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:44:36.0442 0x0d60  Adobe ARM - ok
20:44:36.0492 0x0d60  [ 79C28DDF889C26FDD6162F796FD49BC4, C1E2468B4F0F52BD707D16656F33CC438AF8E18A38BB6CFB64D11F23993F72F0 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
20:44:36.0492 0x0d60  iTunesHelper - ok
20:44:36.0552 0x0d60  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
20:44:36.0562 0x0d60  BCSSync - ok
20:44:36.0682 0x0d60  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
20:44:36.0742 0x0d60  SDTray - ok
20:44:36.0812 0x0d60  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:44:36.0832 0x0d60  Sidebar - ok
20:44:36.0862 0x0d60  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:44:36.0862 0x0d60  mctadmin - ok
20:44:36.0902 0x0d60  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:44:36.0912 0x0d60  Sidebar - ok
20:44:36.0942 0x0d60  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:44:36.0952 0x0d60  mctadmin - ok
20:44:37.0092 0x0d60  [ 88EE0FCDB773DF373EDFE7C2BD944EEB, 7F6A1A2491162ED823B7AA75F72F55BBD0C76552FFB2E6791515EDF9FE157245 ] C:\Program Files (x86)\Origin\Origin.exe
20:44:37.0212 0x0d60  EADM - ok
20:44:37.0242 0x0d60  Skype - ok
20:44:37.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:38.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:39.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:40.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:41.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:42.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:43.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:44.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:45.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:46.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:47.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:48.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:49.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:50.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:51.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:52.0242 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:53.0243 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:54.0243 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:55.0243 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:56.0243 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:57.0243 0x0d60  Waiting for KSN requests completion. In queue: 304
20:44:58.0243 0x0d60  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
20:44:58.0263 0x0d60  Win FW state via NFP2: enabled
20:45:00.0743 0x0d60  ============================================================
20:45:00.0743 0x0d60  Scan finished
20:45:00.0743 0x0d60  ============================================================
20:45:00.0743 0x0300  Detected object count: 0
20:45:00.0743 0x0300  Actual detected object count: 0
 
 
 
 
 
I have ran the whole suite, Adw, JWT, Spybot, Malwarebytes, TDSSKiller (found nothing).
 
I'm sure you fine pros know the drill, hyperlinking buzz words for ad choices, random tab spawns, and keeps coming back after being removed from extensions and chrome settings reset.
 
Please help. I'll pay if it helps.
 
 


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:45 PM

Posted 25 November 2014 - 07:03 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

If the system has been used after topic creation time we need to take a look at fresh logs.
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Thunderfrog

Thunderfrog
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 25 November 2014 - 10:12 PM

Thanks for your time.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Kenny (administrator) on KENNY-PC on 25-11-2014 21:09:23
Running from C:\Users\Kenny\Downloads
Loaded Profile: Kenny (Available profiles: Kenny)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Curse, Inc) C:\Users\Kenny\AppData\Roaming\Curse Client\Bin\Curse.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-16] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-873591935-3150344606-23739815-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-11-23] (Electronic Arts)
HKU\S-1-5-21-873591935-3150344606-23739815-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-873591935-3150344606-23739815-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-873591935-3150344606-23739815-1000\...\MountPoints2: {1c83f3fc-cbf3-11e3-9bf9-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
Startup: C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\Kenny\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-873591935-3150344606-23739815-1000] => localhost:21320
SearchScopes: HKU\.DEFAULT -> TopResultURL http://www.bing.com/search?q={searchTerms}&src=ie9tr
SearchScopes: HKU\.DEFAULT -> TopResultURLFallback http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-873591935-3150344606-23739815-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-25]
CHR Extension: (PriceLess) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjakimcnaehjfildfljoalacgjcphmc [2014-11-14]
CHR Extension: (Google Search) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-25]
CHR Extension: (Google Wallet) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]
CHR Extension: (Gmail) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-25]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-04] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-16] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-16] (NVIDIA Corporation)
R3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-23] (Electronic Arts)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SetupARService; C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe [24576 2014-04-24] (Realtek Semiconductor.) [File not signed]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-25 21:06 - 2014-11-25 21:08 - 00018922 _____ () C:\Users\Kenny\Downloads\Addition.txt
2014-11-25 21:05 - 2014-11-25 21:09 - 00015469 _____ () C:\Users\Kenny\Downloads\FRST.txt
2014-11-25 20:59 - 2014-11-25 21:09 - 00000000 ____D () C:\FRST
2014-11-25 20:59 - 2014-11-25 20:59 - 02118144 _____ (Farbar) C:\Users\Kenny\Downloads\FRST64.exe
2014-11-23 17:18 - 2014-11-23 17:18 - 00000000 ____D () C:\Users\Kenny\Documents\BioWare
2014-11-23 17:12 - 2014-11-23 17:12 - 00001320 _____ () C:\Users\Public\Desktop\Dragon Age Inquisition.lnk
2014-11-23 17:12 - 2014-11-23 17:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age Inquisition
2014-11-20 19:56 - 2014-11-20 19:59 - 00000000 ____D () C:\AdwCleaner
2014-11-20 19:56 - 2014-11-20 19:56 - 02140160 _____ () C:\Users\Kenny\Downloads\AdwCleaner.exe
2014-11-20 19:54 - 2014-11-20 19:54 - 00001424 _____ () C:\Users\Kenny\Desktop\JRT.txt
2014-11-20 19:52 - 2014-11-20 19:52 - 01707532 _____ (Thisisu) C:\Users\Kenny\Downloads\JRT.exe
2014-11-20 19:52 - 2014-11-20 19:52 - 00000000 ____D () C:\Windows\ERUNT
2014-11-20 19:49 - 2014-11-20 19:50 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Kenny\Downloads\tdsskiller.exe
2014-11-19 03:23 - 2014-11-25 01:36 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-11-18 13:24 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 13:24 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 13:24 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 13:24 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-15 20:10 - 2014-11-15 20:10 - 00548301 _____ () C:\Users\Kenny\Downloads\WF8_2.84 (1).ab
2014-11-15 19:50 - 2014-11-15 19:50 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Kenny\Downloads\mbam-setup-2.0.3.1025 (1).exe
2014-11-15 19:50 - 2014-11-15 19:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-15 19:50 - 2014-11-15 19:50 - 00001098 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-15 19:50 - 2014-11-15 19:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-15 19:50 - 2014-11-15 19:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-15 19:50 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-15 19:50 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-15 19:50 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-15 18:44 - 2014-04-30 21:33 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141115-184441.backup
2014-11-15 17:48 - 2014-11-15 17:48 - 00001387 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-15 17:48 - 2014-11-15 17:48 - 00001375 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-15 17:48 - 2014-11-15 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-15 17:48 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-15 17:46 - 2014-11-15 17:47 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Kenny\Downloads\spybot-2.4.exe
2014-11-15 17:31 - 2014-11-15 17:31 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Kenny\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-14 15:00 - 2014-11-14 15:00 - 00210944 _____ () C:\Users\Kenny\Downloads\GW_Product_List_11_14_14.xls
2014-11-14 14:09 - 2014-11-14 14:09 - 00002083 _____ () C:\Windows\patsearch.bin
2014-11-14 14:09 - 2014-11-14 14:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-11-14 14:08 - 2014-11-14 14:08 - 00003212 _____ () C:\Windows\System32\Tasks\YourFileDownloader Installer Starter
2014-11-13 16:00 - 2014-11-13 16:00 - 00000000 __SHD () C:\Users\Kenny\AppData\Local\EmieBrowserModeList
2014-11-12 22:55 - 2014-11-12 22:55 - 00000000 ____D () C:\Users\Kenny\7Daysbackup
2014-11-12 22:48 - 2014-11-12 22:48 - 00000000 ____D () C:\Users\Kenny\Desktop\ColdNite Backups
2014-11-12 19:22 - 2014-11-12 19:22 - 00000222 _____ () C:\Users\Kenny\Desktop\Five Nights at Freddy's.url
2014-11-12 19:22 - 2014-11-12 19:22 - 00000000 ____D () C:\Users\Kenny\AppData\Roaming\MMFApplications
2014-11-11 16:58 - 2014-11-20 21:47 - 00001422 _____ () C:\Users\Public\Desktop\7 Days To Die Server Manager V2.lnk
2014-11-11 16:58 - 2014-11-11 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FrontRunnerTek
2014-11-11 16:58 - 2014-11-11 16:58 - 00000000 ____D () C:\Program Files (x86)\FrontRunnerTek
2014-11-11 16:46 - 2014-11-07 13:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 16:46 - 2014-11-07 13:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 16:46 - 2014-11-05 22:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 16:46 - 2014-11-05 22:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 16:46 - 2014-11-05 22:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 16:46 - 2014-11-05 21:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 16:46 - 2014-11-05 21:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 16:46 - 2014-11-05 21:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 16:46 - 2014-11-05 21:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 16:46 - 2014-11-05 21:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 16:46 - 2014-11-05 21:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 16:46 - 2014-11-05 21:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 16:46 - 2014-11-05 21:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 16:46 - 2014-11-05 21:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 16:46 - 2014-11-05 21:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 16:46 - 2014-11-05 21:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 16:46 - 2014-11-05 21:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 16:46 - 2014-11-05 21:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 16:46 - 2014-11-05 21:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 16:46 - 2014-11-05 21:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 16:46 - 2014-11-05 21:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 16:46 - 2014-11-05 21:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 16:46 - 2014-11-05 21:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 16:46 - 2014-11-05 21:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 16:46 - 2014-11-05 21:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 16:46 - 2014-11-05 21:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 16:46 - 2014-11-05 21:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 16:46 - 2014-11-05 21:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 16:46 - 2014-11-05 21:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 16:46 - 2014-11-05 21:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 16:46 - 2014-11-05 21:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 16:46 - 2014-11-05 21:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 16:46 - 2014-11-05 20:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 16:46 - 2014-11-05 20:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 16:46 - 2014-11-05 20:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 16:46 - 2014-11-05 20:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 16:46 - 2014-11-05 20:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 16:46 - 2014-11-05 20:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 16:46 - 2014-11-05 20:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 16:46 - 2014-11-05 20:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 16:46 - 2014-11-05 20:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 16:46 - 2014-11-05 20:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 16:46 - 2014-11-05 20:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 16:46 - 2014-11-05 20:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 16:46 - 2014-11-05 20:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 16:46 - 2014-11-05 20:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 16:46 - 2014-11-05 20:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 16:46 - 2014-11-05 20:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 16:46 - 2014-11-05 20:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 16:46 - 2014-11-05 20:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 16:46 - 2014-11-05 20:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 16:46 - 2014-11-05 20:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 16:46 - 2014-11-05 19:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 16:46 - 2014-11-05 19:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 16:46 - 2014-11-05 19:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 16:46 - 2014-11-05 19:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 16:46 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 16:46 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 16:46 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 16:46 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 16:46 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 16:46 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 16:46 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 16:46 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 16:46 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 16:46 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 16:46 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 16:46 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 16:45 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 16:45 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 16:45 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 16:45 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 16:45 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 16:45 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 16:45 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 16:45 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 16:45 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 16:45 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 16:45 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 16:45 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 16:45 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 16:45 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 16:45 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 16:45 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 16:45 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 16:45 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 16:45 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 16:45 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 16:45 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 16:45 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 16:45 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 16:45 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 16:45 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 16:45 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 16:45 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 16:45 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 16:45 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 16:45 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 16:45 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 16:45 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 16:45 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 16:11 - 2014-11-11 16:11 - 12415579 _____ (FrontRunnerTek LLC ) C:\Users\Kenny\Downloads\7DaysToDieServerManagerV2Setup_v1.0.0.1.exe
2014-11-06 20:47 - 2014-11-06 20:47 - 00548301 _____ () C:\Users\Kenny\Downloads\WF8_2.84.ab
2014-11-06 20:47 - 2014-10-29 18:56 - 00614728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-06 20:45 - 2014-10-29 22:53 - 31890064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 24554824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 20922696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 19966856 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 17258696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 14029400 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 13942368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 13189832 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-06 20:45 - 2014-10-29 22:53 - 11395672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 11333848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 04289856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 04011840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434460.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434460.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 00961224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 00932168 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 00922944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 00896144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 00870112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-06 20:45 - 2014-10-29 22:53 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-03 21:05 - 2014-11-03 21:05 - 00011239 _____ () C:\Users\Kenny\Desktop\Console Commands.txt
2014-10-28 15:42 - 2014-10-28 15:42 - 00310310 _____ () C:\Users\Kenny\Desktop\photo.htm
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-25 21:05 - 2014-04-30 21:35 - 00000000 ____D () C:\Users\Kenny\AppData\Roaming\Skype
2014-11-25 21:03 - 2014-07-16 20:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-25 20:12 - 2014-04-25 13:36 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-25 19:03 - 2014-07-16 20:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-25 19:03 - 2014-07-16 20:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 19:03 - 2014-07-16 20:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 08:12 - 2014-04-25 13:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 04:16 - 2014-04-24 15:02 - 01828980 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 01:41 - 2009-07-13 22:45 - 00038368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-25 01:41 - 2009-07-13 22:45 - 00038368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-24 22:33 - 2014-07-22 22:19 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-24 22:13 - 2009-07-13 22:51 - 00081305 _____ () C:\Windows\setupact.log
2014-11-23 17:18 - 2014-07-22 22:20 - 00000000 ____D () C:\ProgramData\Origin
2014-11-23 17:18 - 2014-07-22 22:20 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-11-23 17:17 - 2014-07-22 22:20 - 00000000 ____D () C:\Users\Kenny\AppData\Local\Origin
2014-11-23 17:12 - 2014-04-25 13:45 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-23 17:12 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-23 16:05 - 2014-07-22 22:20 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-11-23 15:17 - 2014-07-22 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-23 13:15 - 2014-04-24 20:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-22 01:27 - 2014-04-24 17:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-22 01:27 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 23:32 - 2014-05-07 16:26 - 00000000 ____D () C:\ProgramData\Army Builder
2014-11-20 20:01 - 2010-11-20 21:47 - 00204262 _____ () C:\Windows\PFRO.log
2014-11-20 19:53 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-20 19:36 - 2009-07-13 22:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-16 10:11 - 2009-07-13 23:13 - 00786622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-15 20:01 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PLA
2014-11-15 20:00 - 2014-04-28 17:18 - 00000000 ____D () C:\temp
2014-11-15 19:21 - 2014-05-18 13:43 - 00000000 ____D () C:\Users\Guest
2014-11-15 19:21 - 2014-05-18 13:43 - 00000000 ____D () C:\Users\Administrator
2014-11-15 18:43 - 2014-05-19 01:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-15 17:54 - 2014-05-19 01:24 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-14 14:09 - 2014-04-30 20:47 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-11-14 14:09 - 2014-04-25 13:36 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-13 14:49 - 2014-10-12 15:09 - 00000000 ____D () C:\Program Files (x86)\Pathfinder Online
2014-11-13 08:07 - 2014-04-25 13:36 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 08:07 - 2014-04-25 13:36 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-12 22:55 - 2014-04-24 13:21 - 00000000 ____D () C:\Users\Kenny
2014-11-12 04:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-11-12 03:26 - 2014-04-24 18:56 - 00109296 _____ () C:\Users\Kenny\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 03:25 - 2009-07-13 22:45 - 00408216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:23 - 2014-04-24 19:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 03:08 - 2014-04-25 09:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 03:04 - 2014-04-24 17:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:01 - 2014-04-24 17:07 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-06 20:47 - 2014-05-31 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-06 20:47 - 2014-04-24 17:37 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-04 02:29 - 2014-04-25 19:19 - 00007599 _____ () C:\Users\Kenny\AppData\Local\Resmon.ResmonCfg
2014-10-30 05:25 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 22:53 - 2014-05-31 17:38 - 18497600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-29 22:53 - 2014-03-20 22:03 - 20966504 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-29 22:53 - 2014-03-20 22:03 - 00987008 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-10-29 22:53 - 2014-03-20 22:02 - 16886168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-10-29 22:53 - 2014-03-20 22:02 - 03237528 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-10-29 22:53 - 2014-03-20 22:02 - 02849224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-10-29 22:53 - 2014-03-20 22:02 - 00027024 _____ () C:\Windows\system32\nvinfo.pb
2014-10-29 20:10 - 2014-04-24 17:37 - 06880968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-10-29 20:10 - 2014-04-24 17:37 - 03533632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-10-29 20:10 - 2014-04-24 17:37 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-10-29 20:10 - 2014-04-24 17:37 - 00935232 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-10-29 20:10 - 2014-04-24 17:37 - 00385352 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-10-29 20:10 - 2014-04-24 17:37 - 00061640 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-10-28 04:06 - 2014-04-25 13:37 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-27 22:40 - 2014-04-30 21:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-27 22:40 - 2014-04-30 21:35 - 00000000 ____D () C:\ProgramData\Skype
2014-10-26 18:34 - 2014-04-24 17:37 - 04066553 _____ () C:\Windows\system32\nvcoproc.bin
 
Some content of TEMP:
====================
C:\Users\Kenny\AppData\Local\Temp\7DaysToDieServerManagerV2Setup_v1.0.1.1.exe
C:\Users\Kenny\AppData\Local\Temp\Quarantine.exe
C:\Users\Kenny\AppData\Local\Temp\rootsupd.exe
C:\Users\Kenny\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-25 00:35
 
==================== End Of Log ============================

I should also point out, the first time I ran the check it crashed closed. The second time it took maybe 10 seconds from start to finish and spit out the log.



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:45 PM

Posted 26 November 2014 - 01:51 PM

Hello,

 

You forgot to post the Addition.txt. Please post that log in your next reply too. :)

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#5 Thunderfrog

Thunderfrog
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 26 November 2014 - 02:34 PM

Sorry!
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Kenny at 2014-11-25 21:06:41
Running from C:\Users\Kenny\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
7 Days To Die Server Manager V2 (HKLM-x32\...\{1B920B49-E20D-403F-B3B5-96FCA605DA61}_is1) (Version: 1.0.1.1 - FrontRunnerTek)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Army Builder 3.3b (HKLM-x32\...\{43867B63-C464-4570-823D-D92DC08E3400}_is1) (Version: 3.3b - Lone Wolf Development, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.10.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Battle Chronicler (HKLM-x32\...\{E31C4368-2353-41C8-A778-31D8CB5824A1}) (Version: 1.2.3 - Battle Chronicler)
bccomps (HKLM-x32\...\{9744F1F4-2D8E-43B7-8D9D-63A593867A92}) (Version: 1.6.0 - Battle Chronicler)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.1 - Electronic Arts)
Fallout 3 (HKLM-x32\...\Steam App 22300) (Version:  - Bethesda Game Studios)
Five Nights at Freddy's (HKLM-x32\...\Steam App 319510) (Version:  - Scott Cawthon)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hero Lab 5.1a (HKLM-x32\...\{760AA190-82DF-4A80-BE05-B9FEEC88946D}_is1) (Version: 5.1a - LWD Technology, Inc.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MechWarrior Online (HKLM-x32\...\{ffbbd184-8eba-469f-bb26-ea4e1f6bfd4c}) (Version: 1.4.1.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.4.1.0 - Piranha Games Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Neverwinter Nights (HKLM-x32\...\{C1583439-B034-4881-819C-D52A0587662B}) (Version:  - )
NVIDIA 3D Vision Controller Driver 344.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.46 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.60 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Pathfinder Online version Development Build (HKLM-x32\...\{5F5833A5-285E-415C-A221-B47B0AC22BC6}_is1) (Version: Development Build - Goblinworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Warhammer 40,000: Dawn of War – Dark Crusade (HKLM-x32\...\Steam App 4580) (Version:  - Relic Entertainment)
Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM-x32\...\Steam App 4570) (Version:  - Relic Entertainment)
Warhammer 40,000: Dawn of War – Soulstorm (HKLM-x32\...\Steam App 9450) (Version:  - Relic Entertainment)
Warhammer 40,000: Dawn of War – Winter Assault (HKLM-x32\...\Steam App 9310) (Version:  - Relic Entertainment)
X3 Terran Conflict v3.2 (HKLM-x32\...\X3TerranConflict_is1) (Version:  - EGOSOFT)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
18-11-2014 10:32:37 Windows Update
19-11-2014 09:00:13 Windows Update
22-11-2014 11:25:43 Windows Update
23-11-2014 23:10:56 Installed DirectX
23-11-2014 23:11:26 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
23-11-2014 23:12:00 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2014-11-15 18:44 - 00450713 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00266BB6-6A87-4F92-872C-4BC948E426C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {137E59C8-DCA3-491A-912D-E69A16A51942} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {32BAC54C-222D-4F06-9F57-F18724982DD2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {3C1D2DA1-D255-47E4-BFC6-3A272CDB27A5} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: {4308B988-8AAD-461B-9C25-8F251D551A3E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {4E9EBDC6-4BC1-4E73-8D0B-530A5BF06962} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {71A11A96-CE34-4BE6-8805-B8E6CDC707A7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-04-25] ()
Task: {9A351704-231C-4624-8E56-A9B1F7F2FA67} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {BA286901-0C11-4F31-831B-CC7E0B90183D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {C67609CB-C83A-444A-B5E8-812AB3BBC066} - System32\Tasks\YourFileDownloader Installer Starter => C:\Users\Kenny\AppData\Local\Temp\YourFileDownloaderm5Bows7OIB.exe <==== ATTENTION
Task: {E86D663D-A422-4443-A921-5B7EC949DD0F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-24 17:37 - 2014-10-29 20:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-19 16:04 - 2014-05-19 16:04 - 00307712 _____ () C:\Users\Kenny\AppData\Roaming\Curse Client\Bin\opus.dll
2014-05-19 16:05 - 2014-05-19 16:05 - 00437248 _____ () C:\Users\Kenny\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll
2014-11-15 17:48 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-15 17:48 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-15 17:48 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-08-28 14:13 - 2014-11-11 12:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-28 14:13 - 2014-11-11 12:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-28 14:13 - 2014-11-11 12:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-06-01 14:09 - 2014-11-11 12:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-06-01 14:09 - 2014-11-18 14:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-28 14:13 - 2014-11-11 12:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-28 14:13 - 2014-11-11 12:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-06-01 14:09 - 2014-11-18 14:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-06-01 14:09 - 2014-11-11 12:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-26 20:43 - 2014-11-11 12:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-07-22 22:22 - 2014-11-23 15:17 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-07-22 22:22 - 2014-11-23 15:17 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-07-22 22:22 - 2014-11-23 15:17 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-07-22 22:22 - 2014-11-23 15:17 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-07-22 22:22 - 2014-11-23 15:17 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-07-22 22:22 - 2014-11-23 15:17 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-07-22 22:22 - 2014-11-23 15:17 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-07-22 22:22 - 2014-11-23 15:17 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-11-23 15:17 - 2014-11-23 15:17 - 00060928 _____ () C:\Program Files (x86)\Origin\audio\qtaudio_windows.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-28 04:06 - 2014-10-21 22:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 04:06 - 2014-10-21 22:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 04:06 - 2014-10-21 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 04:06 - 2014-10-21 22:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:45 PM

Posted 26 November 2014 - 03:29 PM

Hello,

 

 

STEP 1

 

Please temporarily uninstall Spybot Search & Destroy as it could interfere with the fix.

 

Next please download the following file => [attachment=158605:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

STEP 2

 

 

Now we need to downgrade Google Chrome to the latest stable release. The adware has updated your browser to the developer version where Chrome internal checks are disabled and the adware will reinstall the malicious extensions periodically again if not downgraded...

Make sure that you export your passwords and favorites/bookmarks if you have any before you proceed with the steps below.

Now please download and install Revo Uninstaller 1.95.
Then please run Revo Uninstaller and select Google Chrome.
Please click Uninstall icon to uninstall the selected program.
Please choose Advanced.
Then click Next and follow the prompts.
Please click Select All and Delete to delete all registry items, folders and files listed by Revo.
If asked to restart the computer, please do so.

Repeat the steps for the Google Update Helper.

Now you can reinstall Google Chrome to the latest stable build Google Chrome 39.0.2171.71 Stable

 

 

Regards,

Georgi


cXfZ4wS.png


#7 Thunderfrog

Thunderfrog
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 26 November 2014 - 06:46 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Kenny at 2014-11-26 16:01:22 Run:1
Running from C:\Users\Kenny\Desktop
Loaded Profile: Kenny (Available profiles: Kenny)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [pcreg] => C:\Program Files\pcreg\service.exe
C:\Program Files\pcreg
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Extension: (PriceLess) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjakimcnaehjfildfljoalacgjcphmc [2014-11-14]
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Task: {3C1D2DA1-D255-47E4-BFC6-3A272CDB27A5} - System32\Tasks\pcreg => C:\Program Files\pcreg\service.exe <==== ATTENTION
Task: {C67609CB-C83A-444A-B5E8-812AB3BBC066} - System32\Tasks\YourFileDownloader Installer Starter => C:\Users\Kenny\AppData\Local\Temp\YourFileDownloaderm5Bows7OIB.exe <==== ATTENTION
emptytemp:
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pcreg => value deleted successfully.
"C:\Program Files\pcreg" => File/Directory not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjakimcnaehjfildfljoalacgjcphmc => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C1D2DA1-D255-47E4-BFC6-3A272CDB27A5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C1D2DA1-D255-47E4-BFC6-3A272CDB27A5}" => Key deleted successfully.
C:\Windows\System32\Tasks\pcreg => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C67609CB-C83A-444A-B5E8-812AB3BBC066}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C67609CB-C83A-444A-B5E8-812AB3BBC066}" => Key deleted successfully.
C:\Windows\System32\Tasks\YourFileDownloader Installer Starter => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFileDownloader Installer Starter" => Key deleted successfully.
EmptyTemp: => Removed 880.7 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

 

 

Revo seems to have worked, in conjunction with the other stuff.

 

Beers via paypal are headed your way.

 

Regards,

 

Thunderfrog



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:45 PM

Posted 27 November 2014 - 05:26 AM

Nice work. We are almost done here! :)

Lets check for leftovers.

 

 

STEP 1

 

 

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 

  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 2

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 3

 

 

Before I let you go I'd like to scan your machine with ESET OnlineScan
 

  • Please download and the run exe from the link below:
    ESET OnlineScan
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check the option beside: Enable detection of potentially unwanted applications
  • Now click on Advanced Settings and make sure that the option Remove found threats is NOT checked, and select the following:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory and drive C:\

fhSji42.png

 

  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

STEP 4

 

 

Also let's check for outdated and vulnerable software on your pc

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

Let me know for any remaining issues.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#9 Thunderfrog

Thunderfrog
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 04 December 2014 - 02:12 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/3/2014
Scan Time: 5:05:17 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.12.03.13
Rootkit Database: v2014.12.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Kenny
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340215
Time Elapsed: 12 min, 56 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 
--------------------------========
 
 
 
HitmanPro 3.7.9.232
www.hitmanpro.com
 
   Computer name . . . . : KENNY-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Kenny-PC\Kenny
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-12-04 00:06:17
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 44s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 67
 
   Objects scanned . . . : 1,698,621
   Files scanned . . . . : 31,355
   Remnants scanned  . . : 299,304 files / 1,367,962 keys
 
Malware _____________________________________________________________________
 
   C:\Users\Kenny\Downloads\Lonewolf_Hero_Lab_4_0_crack.exe
      Size . . . . . . . : 200,224 bytes
      Age  . . . . . . . : 223.2 days (2014-04-24 19:54:24)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : A29BA49A2B1818C94FE18C06853BA498B1551CF55D7E625DC464737C7ED1D200
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.Adkubru.B
      Fuzzy  . . . . . . : 107.0
 
 
Suspicious files ____________________________________________________________
 
   C:\Users\Kenny\Desktop\FRST64.exe
      Size . . . . . . . : 2,117,632 bytes
      Age  . . . . . . . : 8.1 days (2014-11-25 20:59:08)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 0A3AF33164BDB71EDE4BC4EC461207C03FC8E9FFEF291B4538F8BEC99AB804D8
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Kenny\Desktop\FRST64.exe
          0.0s C:\Users\Kenny\Downloads\FRST-OlderVersion\FRST64.exe
          0.9s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.186.Crwl
 
   C:\Users\Kenny\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,118,144 bytes
      Age  . . . . . . . : 8.1 days (2014-11-25 20:59:08)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 00EAA9915EDE35DCF294023D59351A0FBFD132D6C0E3E5729FF1352009726F49
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Kenny\Desktop\FRST64.exe
          0.0s C:\Users\Kenny\Downloads\FRST-OlderVersion\FRST64.exe
          0.9s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.186.Crwl
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:action.media6degrees.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediade.sk
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.rtbidder.net
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:escortads.xxx
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:leeenterprises.112.2o7.net
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:livejasmin.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:pd0.imp.revsci.net
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
   C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Cookies\5OAFI0L9.txt
   C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Cookies\8P4TRF84.txt
   C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Cookies\92Q7O6QM.txt
   C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Cookies\DEPCIG92.txt
   C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Cookies\JQXQ43M0.txt
   C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Cookies\MAPV8OPO.txt
   C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Cookies\MV1AZ2T9.txt
   C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Cookies\NU08VL6C.txt
   C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Cookies\ONEWRPNZ.txt
   C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Cookies\QVCKU3KF.txt
   C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Cookies\TDCGTAY9.txt
   C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Cookies\U0HN7SIR.txt
   C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Cookies\W8DGA1UL.txt
   C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Cookies\YN304IY3.txt
   C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Cookies\Z2T15RUH.txt
 
 
 
 
 
 
 
HEre's the first part. Going to bed and then posting ESETs results. 
 
They DO take awhile.
 


#10 Thunderfrog

Thunderfrog
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 04 December 2014 - 05:11 PM

C:\AdwCleaner\Quarantine\C\Program Files\pcreg\pcreg.exe.vir a variant of Win32/Conduit.SearchProtect.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\LuckyTab\LuckyTab.exe.vir a variant of Win32/LuckyTab.A potentially unwanted application
C:\FRST\Quarantine\C\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdjakimcnaehjfildfljoalacgjcphmc\5.2\ors7dnZcnA.js JS/Kryptik.ATB trojan
C:\temp\launcher.exe Win32/Conduit.SearchProtect.M potentially unwanted application
C:\Users\Kenny\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdjakimcnaehjfildfljoalacgjcphmc\5.2\ors7dnZcnA.js JS/Kryptik.ATB trojan
C:\Users\Kenny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdjakimcnaehjfildfljoalacgjcphmc\5.2\ors7dnZcnA.js JS/Kryptik.ATB trojan
C:\Users\Kenny\Downloads\Chrome.exe a variant of Win32/AirAdInstaller.A potentially unwanted application
C:\Users\Kenny\Downloads\Lonewolf_Hero_Lab_4_0_crack.exe Win32/BundleInstaller potentially unwanted application
C:\Users\Kenny\Downloads\warhammer-vampire-counts-8th-edition-pdf-mediafire.zip a variant of Generik.KNGBULK trojan
C:\Users\Kenny\Downloads\Torrents\Lonewolf_Hero_Lab_4_0_crack.exe Win32/BundleInstaller potentially unwanted application


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:45 PM

Posted 05 December 2014 - 07:56 AM

Hi,
 

 

Let's remove the remnants of potentially unwanted files from the system"
 
Please download the following file => [attachment=158918:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Let me know how are things now.
 

Regards,
Georgi


cXfZ4wS.png


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:45 PM

Posted 08 December 2014 - 04:56 AM

Hi,

 

Are you still around? Just checking. No rush. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#13 Thunderfrog

Thunderfrog
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 08 December 2014 - 10:31 AM

Yes, my weekends are usually hella busy with family and such. 

 

I shall run these steps today.



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:45 PM

Posted 08 December 2014 - 11:22 AM

Thanks for the feedback! :thumbup2:

We are almost done here. ;)

 

 

Regards,

Georgi


cXfZ4wS.png


#15 Thunderfrog

Thunderfrog
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 11 December 2014 - 06:58 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2014 03
Ran by Kenny at 2014-12-11 17:58:01 Run:2
Running from C:\Users\Kenny\Desktop
Loaded Profile: Kenny (Available profiles: Kenny)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
C:\Users\Kenny\Downloads\Lonewolf_Hero_Lab_4_0_crack.exe
C:\temp\launcher.exe
C:\Users\Kenny\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdjakimcnaehjfildfljoalacgjcphmc
C:\Users\Kenny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdjakimcnaehjfildfljoalacgjcphmc
C:\Users\Kenny\Downloads\Chrome.exe
C:\Users\Kenny\Downloads\Lonewolf_Hero_Lab_4_0_crack.exe
C:\Users\Kenny\Downloads\warhammer-vampire-counts-8th-edition-pdf-mediafire.zip
C:\Users\Kenny\Downloads\Torrents\Lonewolf_Hero_Lab_4_0_crack.exe
end
*****************
 
C:\Users\Kenny\Downloads\Lonewolf_Hero_Lab_4_0_crack.exe => Moved successfully.
C:\temp\launcher.exe => Moved successfully.
C:\Users\Kenny\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cdjakimcnaehjfildfljoalacgjcphmc => Moved successfully.
C:\Users\Kenny\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cdjakimcnaehjfildfljoalacgjcphmc => Moved successfully.
C:\Users\Kenny\Downloads\Chrome.exe => Moved successfully.
"C:\Users\Kenny\Downloads\Lonewolf_Hero_Lab_4_0_crack.exe" => File/Directory not found.
C:\Users\Kenny\Downloads\warhammer-vampire-counts-8th-edition-pdf-mediafire.zip => Moved successfully.
C:\Users\Kenny\Downloads\Torrents\Lonewolf_Hero_Lab_4_0_crack.exe => Moved successfully.
 
==== End of Fixlog ====
 
 
 
Things seem alright.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users