Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads by Unisales - HELP! :(


  • This topic is locked This topic is locked
22 replies to this topic

#1 SlovBoy

SlovBoy

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 04 January 2015 - 08:15 AM

Hey guys!

 

I am in need of some assistance with the Ads by Unisales extension that continues to pop up in my Google Chrome. 

 

(The whole thing was downloaded and installed by mistake).

 

I've tried everything - uninstalling the extension in Add or Remove programs, then going to Malwarebytes and doing a Full Scan (with results mind you) deleting everything it found, downloading Adware and doing a full scan with that..

 

But to no avail! It's still there, in the extensions tab. 

 

What am I missing? 

 

Thanks a lot! 

 


BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 PM

Posted 05 January 2015 - 08:43 PM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 SlovBoy

SlovBoy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 06 January 2015 - 11:55 AM

Thank you for the pleasant reply! :)

Here are the attachments: 

 

 

 

I hope it helps! 

 

Thanks again! :D

 

Attached Files



#4 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 PM

Posted 06 January 2015 - 05:58 PM

Thank you for the pleasant reply! :)

Here are the attachments:


You're quite welcome. :) In the future, please copy and paste logs into your replies instead of attaching them. It makes them so much easier to analyze. :) I'm going to paste your 2 logs into 2 replies and then began analysis. :thumbsup:

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#5 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 PM

Posted 06 January 2015 - 05:59 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 01
Ran by Miha (administrator) on MIHA-PC on 03-01-2015 18:29:52
Running from C:\Users\Miha\Downloads
Loaded Profile: Miha (Available profiles: Miha)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\LevelOne\Common\RaRegistry.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\LevelOne\Common\RaRegistry64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Digital Data Communications GmbH, Germany) C:\Program Files (x86)\LevelOne\Common\RaUI.exe
(Dropbox, Inc.) C:\Users\Miha\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Miha\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd)
HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\Run: [Google Update] => C:\Users\Miha\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-13] (Google Inc.)
HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1940160 2014-11-18] (Valve Corporation)
HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\Run: [Facebook Update] => C:\Users\Miha\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-29] (Facebook Inc.)
HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\MountPoints2: {625d7f80-b0f7-11e3-a9fd-002522d92f70} - E:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WUA-0606.lnk
ShortcutTarget: WUA-0606.lnk -> C:\Program Files (x86)\LevelOne\Common\RaUI.exe (Digital Data Communications GmbH, Germany)
Startup: C:\Users\Miha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Miha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 193.189.177.55 193.189.160.23

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1984797524-3438127158-1362696721-1000: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKU\S-1-5-21-1984797524-3438127158-1362696721-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Miha\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1984797524-3438127158-1362696721-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Miha\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-1984797524-3438127158-1362696721-1000: @talk.google.com/O1DPlugin -> C:\Users\Miha\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-1984797524-3438127158-1362696721-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1984797524-3438127158-1362696721-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-1984797524-3438127158-1362696721-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Miha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1984797524-3438127158-1362696721-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Miha\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Miha\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-02-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-06-15]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Users\Miha\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Java™ Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Google Update) - C:\Users\Miha\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Miha\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Denarnica) - C:\Users\Miha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Click&Clean App) - C:\Users\Miha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-06-14]
CHR Extension: (uNNisales) - C:\ProgramData\jlbcnjhjknoclhgdjgeijpmjjpdmllno\ [2014-06-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [915736 2013-07-01] (BitRaider, LLC)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-24] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-08-12] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\LevelOne\Common\RaRegistry.exe [193888 2010-06-28] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\LevelOne\Common\RaRegistry64.exe [211808 2010-06-28] (Ralink Technology, Corp.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-06] (DT Soft Ltd)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [29672 2013-01-16] (REALiX™)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 RTLE8023x64; C:\Windows\System32\DRIVERS\Rtenic64.sys [280344 2010-07-06] (Realtek Semiconductor Corporation )
S3 Tosrfcom; No ImagePath
S3 BRDriver64; \??\C:\programdata\bitraider\BRDriver64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-03 18:29 - 2015-01-03 18:30 - 00023045 _____ () C:\Users\Miha\Downloads\FRST.txt
2015-01-03 18:22 - 2015-01-03 18:29 - 00000000 ____D () C:\FRST
2015-01-03 17:18 - 2015-01-03 17:18 - 00091286 _____ () C:\Users\Miha\Downloads\[kickass.so]batman.the.movie.1966.1080p.bluray.x264.tfin.torrent
2015-01-03 17:15 - 2015-01-03 17:15 - 00016542 _____ () C:\Users\Miha\Downloads\[kickass.so]batman.and.robin.1997.1080p.bluray.x264.1.5gb.yify.torrent
2015-01-03 15:45 - 2015-01-03 15:45 - 15298136 _____ () C:\Users\Miha\Downloads\RogueKiller.exe
2015-01-03 15:45 - 2015-01-03 15:45 - 02123776 _____ (Farbar) C:\Users\Miha\Downloads\FRST64.exe
2015-01-03 11:26 - 2015-01-03 11:26 - 00000310 _____ () C:\Windows\PFRO.log
2015-01-02 19:26 - 2015-01-02 19:26 - 00016563 _____ () C:\Users\Miha\Downloads\[kickass.so]batman.forever.1995.1080p.bluray.x264.1.5gb.yify.torrent
2015-01-02 19:15 - 2015-01-02 19:15 - 43059656 _____ () C:\Users\Miha\Downloads\BDPUARLauncher.exe
2015-01-02 15:27 - 2015-01-03 11:26 - 00000224 _____ () C:\Windows\setupact.log
2015-01-02 15:27 - 2015-01-02 15:27 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-02 15:22 - 2015-01-02 15:22 - 05317104 _____ (Piriform Ltd) C:\Users\Miha\Downloads\ccsetup501.exe
2015-01-02 14:12 - 2015-01-02 14:12 - 00002228 _____ () C:\Windows\system32\.crusader
2015-01-02 13:59 - 2015-01-02 14:13 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-02 13:59 - 2015-01-02 13:59 - 11222744 _____ (SurfRight B.V.) C:\Users\Miha\Downloads\HitmanPro_x64.exe
2015-01-02 11:28 - 2015-01-02 11:28 - 02173952 _____ () C:\Users\Miha\Downloads\AdwCleaner (1).exe
2015-01-01 20:35 - 2015-01-01 20:35 - 00018928 _____ () C:\Users\Miha\Downloads\[kickass.so]green.arrow.year.one.special.edition.001.2014.digital.th.torrent
2015-01-01 19:23 - 2015-01-01 19:23 - 00038513 _____ () C:\Users\Miha\Downloads\d4435577b50ff247c6811e0335c7eeb277f7f61b.zip
2015-01-01 19:01 - 2015-01-01 19:01 - 00019654 _____ () C:\Users\Miha\Downloads\[kickass.so]a.walk.among.the.tombstones.2014.1080p.brrip.x264.yify.torrent
2015-01-01 16:34 - 2015-01-01 16:34 - 00015709 _____ () C:\Users\Miha\Downloads\As_Above__So_Below_2014_SloSubs_1080p_BrRip_x264_YIFY.torrent
2014-12-30 19:58 - 2014-12-30 19:58 - 00052979 _____ () C:\Users\Miha\Downloads\[kickass.so]r.e.m.discography.torrent
2014-12-30 19:54 - 2014-12-30 19:54 - 00414405 _____ () C:\Users\Miha\Downloads\[kickass.so]iron.maiden.discography.part1.1980.2011.mp3.320.torrent
2014-12-30 19:53 - 2014-12-30 19:53 - 00020802 _____ () C:\Users\Miha\Downloads\[kickass.so]sum.41.discography.6.studio.albums.1998.2011.torrent
2014-12-30 19:52 - 2014-12-30 19:52 - 00080618 _____ () C:\Users\Miha\Downloads\[kickass.so]the.beatles.the.complete.discography.torrent
2014-12-30 19:51 - 2014-12-30 19:51 - 00106042 _____ () C:\Users\Miha\Downloads\[kickass.so]joni.mitchell.the.studio.albums.1968.1979.2012.mp3.320kbps.torrent
2014-12-30 19:50 - 2014-12-30 19:50 - 00143052 _____ () C:\Users\Miha\Downloads\[kickass.so]pearl.jam.discography.1991.2013.320.kbps.torrent
2014-12-30 19:48 - 2014-12-30 19:48 - 00018404 _____ () C:\Users\Miha\Downloads\[kickass.so]pearl.jam.lightning.bolt.320k.mp3.torrent
2014-12-30 19:46 - 2014-12-30 19:46 - 00000000 ____D () C:\Program Files (x86)\Messenger UNSEEN on Facebook
2014-12-30 19:45 - 2015-01-02 14:12 - 00000000 ____D () C:\Program Files (x86)\unissallees
2014-12-30 19:45 - 2014-12-30 20:26 - 00000000 ____D () C:\Program Files (x86)\uNNisales
2014-12-30 19:45 - 2014-12-30 19:45 - 00000000 ____D () C:\ProgramData\jlbcnjhjknoclhgdjgeijpmjjpdmllno
2014-12-29 14:24 - 2014-12-29 14:24 - 00015911 _____ () C:\Users\Miha\Downloads\The.Interview.2014.SLOSubs.HDRip.XVID.AC3.HQ.Hive-CM8.torrent
2014-12-29 14:23 - 2014-12-29 14:23 - 00015396 _____ () C:\Users\Miha\Downloads\The.Interview.2014.720p.WEBRiP.X264.AAC-Blackjesus.torrent
2014-12-28 12:46 - 2014-12-28 12:46 - 00003637 _____ () C:\Users\Miha\Downloads\Fury.2014.DVDSCR.Upscale.720p.x264.AC3-PsiX.torrent
2014-12-27 22:38 - 2014-12-27 22:38 - 00013597 _____ () C:\Users\Miha\Downloads\35bae9abc7a04b8e0ad5c6a6ad3cc96b69f12079.zip
2014-12-27 22:38 - 2014-12-27 22:38 - 00012645 _____ () C:\Users\Miha\Downloads\5e8aacbedf67324c228c70b93a7e4af3.zip
2014-12-27 22:28 - 2014-12-27 22:28 - 00016601 _____ () C:\Users\Miha\Downloads\e1d19c897bbbeee963f71cdccc2e583f49825836.zip
2014-12-27 22:28 - 2014-12-27 22:28 - 00015163 _____ () C:\Users\Miha\Downloads\bf6afedc0dbdc1108e7e2c73c3ef77d3.zip
2014-12-25 14:35 - 2014-12-25 14:35 - 00024786 _____ () C:\Users\Miha\Downloads\c6525c2aa99cb975f9424f30ee5e0997f5362aaf.zip
2014-12-25 14:09 - 2014-12-25 14:09 - 00071676 _____ () C:\Users\Miha\Downloads\4acaff6cf8d1137b3778dec0b6e5ba74a523dde7.zip
2014-12-24 14:43 - 2014-12-24 14:43 - 00000000 __SHD () C:\Users\Miha\AppData\Local\EmieBrowserModeList
2014-12-24 14:31 - 2014-12-24 14:31 - 00017531 _____ () C:\Users\Miha\Downloads\[kickass.so]the.maze.runner.2014.1080p.brrip.x264.yify.torrent
2014-12-24 14:28 - 2014-12-24 14:28 - 00022719 _____ () C:\Users\Miha\Downloads\[kickass.so]gone.girl.2014.1080p.brrip.x264.yify.torrent
2014-12-23 16:46 - 2014-12-23 16:46 - 00016578 _____ () C:\Users\Miha\Downloads\[kickass.so]batman.returns.1992.1080p.bluray.x264.1.5gb.yify.torrent
2014-12-23 16:45 - 2014-12-23 16:45 - 00016539 _____ () C:\Users\Miha\Downloads\[kickass.so]batman.1989.1080p.bluray.x264.1.5gb.yify.torrent
2014-12-21 18:17 - 2014-12-21 18:17 - 00001495 _____ () C:\Users\Miha\Downloads\[kickass.so]dragon.age.inquisition.crack.v2.3dm.torrent
2014-12-21 18:11 - 2014-12-21 18:11 - 00041718 _____ () C:\Users\Miha\Downloads\[kickass.so]dragon.age.inquisition.update.2.crack.v2.dual.core.fix.corrupted.files.for.torrent.dragon.age.inquisition.no.crack.3dmgame (1).torrent
2014-12-18 18:35 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 18:35 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 16:01 - 2014-12-17 16:01 - 00014820 _____ () C:\Users\Miha\Downloads\[kickass.so]the.babadook.2014.1080p.5.1ch.bluray.rip.geekrg.torrent
2014-12-16 16:44 - 2014-12-16 16:44 - 00041718 _____ () C:\Users\Miha\Downloads\[kickass.so]dragon.age.inquisition.update.2.crack.v2.dual.core.fix.corrupted.files.for.torrent.dragon.age.inquisition.no.crack.3dmgame.torrent
2014-12-15 18:26 - 2014-12-15 18:27 - 00021787 _____ () C:\Users\Miha\Downloads\Dragon.Age.Inquisition-AGB.Golden.Team.torrent
2014-12-15 02:02 - 2014-12-15 02:02 - 00090591 _____ () C:\Users\Miha\Downloads\Dragon.Age_Inquisition-Black.Box.torrent
2014-12-11 15:07 - 2014-12-11 15:07 - 00005485 _____ () C:\Users\Miha\Downloads\[kickass.so]arrow.s03e09.720p.hdtv.x264.dimension.torrent
2014-12-11 14:54 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 14:54 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 14:24 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 14:24 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-11 14:24 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 14:24 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 14:24 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 14:24 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 14:24 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 14:24 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 14:24 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 14:24 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 14:24 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 14:24 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 14:24 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 14:24 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 14:24 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 14:24 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 14:24 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 14:24 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-11 14:24 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 14:24 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-11 14:24 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 14:24 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 14:24 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 14:24 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-11 14:24 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-11 14:24 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-11 14:24 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 14:24 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-11 14:24 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-11 14:24 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-11 14:24 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-11 14:24 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-11 14:24 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-11 14:24 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 14:24 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 14:24 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 14:24 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 14:24 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-11 14:24 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 14:24 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-11 14:24 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-11 14:24 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-11 14:24 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-11 14:24 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-11 14:24 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 14:24 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-11 14:24 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-11 14:24 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-11 14:24 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 14:24 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-11 14:24 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 14:24 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-11 14:24 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-11 14:24 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-11 14:24 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 14:24 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-11 14:24 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 14:23 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 14:23 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-11 14:23 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 14:23 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-11 14:23 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 14:23 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 14:23 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 14:23 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-11 14:23 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 14:23 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-11 14:23 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-11 14:23 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-11 14:23 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-11 14:23 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 14:02 - 2014-12-10 14:02 - 00000000 ____D () C:\Users\Miha\AppData\Roaming\AMD
2014-12-10 09:53 - 2014-12-10 09:53 - 00018736 _____ () C:\Users\Miha\Downloads\[kickass.so]the.flash.2014.s01e09.720p.hdtv.x264.dimension.torrent
2014-12-10 09:52 - 2014-12-10 09:52 - 00018562 _____ () C:\Users\Miha\Downloads\[kickass.so]marvels.agents.of.s.h.i.e.l.d.s02e10.720p.hdtv.x264.killers.torrent
2014-12-09 13:50 - 2014-12-09 13:50 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201412091350233884.log
2014-12-09 13:50 - 2014-12-09 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-09 13:50 - 2014-12-09 13:50 - 00000000 ____D () C:\ProgramData\ATI
2014-12-09 13:50 - 2014-12-09 13:50 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-09 13:44 - 2014-12-09 13:45 - 302470552 _____ (AMD Inc.) C:\Users\Miha\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2014-12-05 19:45 - 2014-12-05 19:47 - 131793250 _____ () C:\Users\Miha\Desktop\Arrow.S03E08.The.Brave.and.the.Bold.1080p.WEB-DL.DD5.1.AAC2.0.H.264-YFN.mkv.wmv
2014-12-05 19:36 - 2014-12-05 19:36 - 00010394 _____ () C:\Users\Miha\Downloads\C275DF697DA7A049F6261621FBB98BDFF4237596.torrent
2014-12-05 19:30 - 2014-12-05 19:30 - 00000000 ____D () C:\Users\Miha\AppData\Local\{98CCA514-20DA-434D-A26C-42CBE4BC44FE}
2014-12-05 18:40 - 2014-12-05 18:40 - 00134188 _____ () C:\Users\Miha\Downloads\[kickass.so]the.flash.2014.s01e08.flash.vs.arrow.1080p.web.dl.dd5.1.h264.yfn (1).torrent
2014-12-05 18:39 - 2014-12-05 18:39 - 00134188 _____ () C:\Users\Miha\Downloads\[kickass.so]the.flash.2014.s01e08.flash.vs.arrow.1080p.web.dl.dd5.1.h264.yfn.torrent
2014-12-05 18:39 - 2014-12-05 18:39 - 00128447 _____ () C:\Users\Miha\Downloads\[kickass.so]arrow.s03e08.the.brave.and.the.bold.1080p.web.dl.dd5.1.h.264.yfn.torrent
2014-12-04 13:13 - 2014-12-04 13:13 - 00041387 _____ () C:\Users\Miha\Downloads\27478B5CBD3FA29275D8B78C564CA3540091EC38.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-03 18:27 - 2014-06-14 20:48 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-03 18:20 - 2013-08-21 12:53 - 00000000 ____D () C:\Users\Miha\AppData\Roaming\vlc
2015-01-03 18:17 - 2012-07-29 20:29 - 00000000 ____D () C:\Users\Miha\AppData\Roaming\uTorrent
2015-01-03 18:08 - 2014-06-28 15:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 17:51 - 2012-04-03 15:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-03 17:44 - 2012-08-13 01:18 - 00001062 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1984797524-3438127158-1362696721-1000UA.job
2015-01-03 17:27 - 2014-06-14 20:48 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-03 17:19 - 2012-02-06 21:27 - 00000000 ____D () C:\Users\Miha\Documents\Miha
2015-01-03 15:55 - 2014-05-29 20:50 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1984797524-3438127158-1362696721-1000UA.job
2015-01-03 12:44 - 2012-08-13 01:18 - 00001010 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1984797524-3438127158-1362696721-1000Core.job
2015-01-03 11:33 - 2009-07-14 05:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-03 11:33 - 2009-07-14 05:45 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-03 11:30 - 2012-02-06 15:42 - 01795401 _____ () C:\Windows\WindowsUpdate.log
2015-01-03 11:27 - 2014-04-26 14:12 - 00000000 ____D () C:\Users\Miha\AppData\Roaming\Raptr
2015-01-03 11:27 - 2013-06-02 01:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-03 11:27 - 2012-09-29 18:16 - 00000000 ___RD () C:\Users\Miha\Dropbox
2015-01-03 11:27 - 2012-09-29 18:13 - 00000000 ____D () C:\Users\Miha\AppData\Roaming\Dropbox
2015-01-03 11:27 - 2012-02-06 20:26 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2015-01-03 11:26 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-03 11:25 - 2013-10-03 17:03 - 00000000 ____D () C:\AdwCleaner
2015-01-03 11:11 - 2012-10-04 00:16 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D09959C3-BC89-4FBA-B0B8-4B3236EB4C6E}
2015-01-03 02:00 - 2014-08-26 10:56 - 00000000 ____D () C:\Users\Miha\AppData\Local\Adobe
2015-01-02 21:55 - 2014-05-29 20:50 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1984797524-3438127158-1362696721-1000Core.job
2015-01-02 15:26 - 2012-09-18 22:09 - 00000000 ____D () C:\Users\Miha\AppData\Roaming\TeamViewer
2015-01-02 15:26 - 2012-02-06 22:44 - 00000000 ____D () C:\Users\Miha\AppData\Roaming\DAEMON Tools Lite
2015-01-02 15:23 - 2013-07-10 11:28 - 00000832 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-02 15:23 - 2013-07-10 11:28 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-02 11:30 - 2013-04-02 19:21 - 00000000 ____D () C:\Users\Miha\AppData\Roaming\Common
2015-01-02 11:30 - 2012-02-06 15:40 - 00000000 ____D () C:\Users\Miha
2015-01-02 01:02 - 2012-06-05 15:33 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-01-01 23:36 - 2012-02-06 17:45 - 00000000 ____D () C:\Users\Miha\Downloads\Microsoft.Office.Professional.Plus.2010.SLO.SP1.VL.(x86-x64)-NoGRP
2014-12-30 23:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA
2014-12-30 20:04 - 2014-06-28 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-30 20:04 - 2014-06-28 15:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-30 20:04 - 2012-09-23 11:13 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-28 13:33 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-27 01:41 - 2012-02-07 00:40 - 00000000 ____D () C:\Users\Miha\AppData\Roaming\Skype
2014-12-26 23:26 - 2012-02-07 00:40 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-26 23:26 - 2012-02-07 00:40 - 00000000 ____D () C:\ProgramData\Skype
2014-12-24 15:06 - 2012-02-15 21:16 - 00000000 ____D () C:\ProgramData\Origin
2014-12-24 15:04 - 2012-03-22 16:21 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-23 17:07 - 2014-11-09 17:16 - 00000000 ____D () C:\Program Files (x86)\SpeedFan
2014-12-21 18:23 - 2014-10-07 17:43 - 00000000 ____D () C:\Program Files (x86)\Arab-GB
2014-12-21 16:41 - 2014-10-18 12:40 - 00000000 ____D () C:\Users\Miha\Desktop\ebay
2014-12-16 16:32 - 2012-05-10 11:48 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-12-16 16:32 - 2012-05-10 11:48 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-12-13 17:28 - 2014-06-14 20:49 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 13:17 - 2012-09-29 18:16 - 00001025 _____ () C:\Users\Miha\Desktop\Dropbox.lnk
2014-12-12 13:17 - 2012-09-29 18:15 - 00000000 ____D () C:\Users\Miha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-11 16:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 15:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2014-12-11 15:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-12-11 15:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 15:00 - 2013-08-15 00:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 14:56 - 2012-02-06 18:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-11 14:56 - 2012-02-06 16:31 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 09:50 - 2014-04-26 14:12 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-10 02:37 - 2013-08-21 12:53 - 00001080 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-09 23:51 - 2012-04-03 15:38 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 23:51 - 2012-04-03 15:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 23:51 - 2012-02-06 21:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 13:50 - 2012-03-19 14:56 - 00000000 ____D () C:\ProgramData\AMD
2014-12-09 13:49 - 2012-05-17 21:49 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-09 13:47 - 2013-12-21 00:39 - 00000000 ____D () C:\Program Files\AMD
2014-12-09 13:47 - 2012-02-06 15:58 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-12-09 13:46 - 2012-02-06 19:46 - 00000000 ____D () C:\AMD
2014-12-08 14:55 - 2013-09-10 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-12-08 14:55 - 2013-01-02 21:11 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-12-08 14:55 - 2012-11-22 21:16 - 00000000 ____D () C:\ProgramData\DivX
2014-12-07 02:00 - 2012-05-10 13:46 - 00000000 ____D () C:\Users\Miha\Documents\My Games
2014-12-05 20:43 - 2013-05-06 23:29 - 00000000 ____D () C:\Users\Miha\Desktop\CAPTAIN AMERICA

Some content of TEMP:
====================
C:\Users\Miha\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxbr2zi.dll
C:\Users\Miha\AppData\Local\Temp\HitmanPro.exe
C:\Users\Miha\AppData\Local\Temp\Quarantine.exe
C:\Users\Miha\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 13:55

==================== End Of Log ============================

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#6 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 PM

Posted 06 January 2015 - 05:59 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2015 01
Ran by Miha at 2015-01-03 18:30:28
Running from C:\Users\Miha\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.4 - Futuremark Corporation)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Profiles (HKLM-x32\...\{EA374A45-BF30-0849-7A00-BD8A0BC8CE3E}) (Version: 2.0.4504.34814 - Advanced Micro Devices, Inc.)
Application Profiles (HKLM-x32\...\{F57FD7AF-DC0A-2E99-B850-9047DAB3F24C}) (Version: 2.0.4414.36457 - Advanced Micro Devices, Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version: - Audacity Team)
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.6.3 - BitRaider, LLC)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - )
Canon MG4100 series On-screen Manual (HKLM-x32\...\Canon MG4100 series On-screen Manual) (Version: - )
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4255 - CDBurnerXP)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version: - dvd8n)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CL-Eye Driver (HKLM-x32\...\CL-Eye Driver) (Version: 5.3.0.0341 - Code Laboratories, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.2.0287 - DT Soft Ltd)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.04 - Electronic Arts, Inc.)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
Dropbox (HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
ffdshow v1.1.3800 [2011-03-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.3800.0 - )
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.1.32.905 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.3.916 - Foxit Software Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free YouTube to iPod Converter version 3.11.44.908 (HKLM-x32\...\Free YouTube to iPod Converter_is1) (Version: 3.11.44.908 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.16.1030 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.16.1030 - DVDVideoSoft Ltd.)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
K-Lite Mega Codec Pack 9.2.8 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.8 - )
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\Mass Effect 2_is1) (Version: - )
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MilkShape 3D 1.8.4 (HKLM-x32\...\MilkShape 3D 1.8.4) (Version: 1.8.4 - chUmbaLum sOft)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
Paint.NET v3.36 (HKLM\...\{43602F34-1AA3-44FB-AEB2-D08C2C737440}) (Version: 3.36.0 - dotPDN LLC)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1002.0 - Passmark Software)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)
ReGet Deluxe (HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\ReGetDx) (Version: 5.2 DevBuild - ReGet Software)
Registracija uporabnika Canon MG4100 series (HKLM-x32\...\Registracija uporabnika Canon MG4100 series) (Version: - )
s3pe - Sims3 Package Editor (HKLM-x32\...\s3pe) (Version: 14-0113-1123 - Peter L Jones)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Subtitle Workshop 6.0b (HKLM-x32\...\SubtitleWorkshop) (Version: - )
SUPER © v2014.build.61+Recorder (2014/06/19) version v2014.buil (HKLM-x32\...\{8E2A18E2-96AF-8549-4DE7-5C06B75719A4}_is1) (Version: v2014.build.61+Recorder - eRightSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{E362724E-9320-4946-AF34-874E7B6B2927}) (Version: 6.0.7.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}) (Version: 4.5.5.0 - Husdawg, LLC)
System Requirements Lab Test (HKLM-x32\...\{D62576C2-C084-4698-974A-5BE77714FDDD}) (Version: 5.0.6.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.62.153 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
The Sims™ 3 Fast Lane Stuff (HKLM-x32\...\{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}) (Version: 5.8.1 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts)
The Sims™ 3 Into the Future (HKLM-x32\...\{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}) (Version: 21.0.150 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM-x32\...\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) (Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Sims™ 3 Movie Stuff (HKLM-x32\...\{D0087539-3C57-44E0-BEE7-D779D546CBE1}) (Version: 20.0.53 - Electronic Arts)
The Sims™ 3 Outdoor Living Stuff (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.3.2 - Electronic Arts)
The Sims™ 3 Seasons (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
The Sims™ 3 Showtime (HKLM-x32\...\{3BBFD444-5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 - Electronic Arts)
The Sims™ 3 Town Life Stuff (HKLM-x32\...\{7B11296A-F894-449C-8DF6-6AAAA7D4D118}) (Version: 9.0.73 - Electronic Arts)
The Sims™ 3 University Life (HKLM-x32\...\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) (Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.17.2 - Electronic Arts)
Unity Web Player (HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC Setup Helper (HKLM-x32\...\VLC Setup Helper_is1) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Worms Revolution (HKLM-x32\...\Worms Revolution_is1) (Version: - )
WUA-0606 (HKLM-x32\...\{27F117DA-D255-4E4F-A3B6-922C8365B9CC}) (Version: 1.5.8.5 - LevelOne)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Miha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Miha\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

25-12-2014 14:02:07 Scheduled Checkpoint
26-12-2014 14:32:43 Windows Update
30-12-2014 19:41:14 Windows Update
02-01-2015 14:11:41 Checkpoint by HitmanPro
02-01-2015 14:12:42 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FC1934D-9FB7-44AC-89CE-1C6CFB809DE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: {162C6878-05AA-4271-A112-EDC4774CE2C5} - System32\Tasks\{0156AAFA-2F76-459D-B4AE-985E7812F28D} => C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe [2008-05-30] (BioWare)
Task: {19287254-1FEE-42D8-BB8A-DB4B67757810} - System32\Tasks\{1A7C7D10-D49F-4482-82CA-F1D2A20B28AB} => pcalua.exe -a "C:\Program Files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe"
Task: {1AE9A2A8-BEEF-4234-BE6F-98A6E4FC569F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {36B79BE4-A04E-4878-997A-4E0BE30AF6D6} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1984797524-3438127158-1362696721-1000Core => C:\Users\Miha\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-29] (Facebook Inc.)
Task: {57857EAD-39DF-4A84-B2E9-BECDFD2B98DC} - System32\Tasks\{ECC4DF87-C85E-42E0-A942-D895F8248B3D} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {57B721BB-3E60-449D-B2DD-C114E7FD062E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5E5F2C12-1805-4E4A-8E64-AA437EB430D7} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {6FEC5141-187A-4977-B9D8-65BE0F6BB0B3} - System32\Tasks\{3A0519CD-5D9A-47DB-8959-7CC56571220B} => pcalua.exe -a "C:\Program Files (x86)\Hobbyist Software\VLC Setup Helper\VLC Setup Helper.exe" -d "C:\Program Files (x86)\Hobbyist Software\VLC Setup Helper"
Task: {89F9B28A-FF5F-4C96-B9C5-4B4C39F9129F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {930CC5B4-B44A-421E-A33D-C4489131814A} - System32\Tasks\{799B25AB-EFEA-4460-A96C-A38717CF302A} => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Task: {9626669C-EA09-4844-B445-D2F90815D3AC} - System32\Tasks\{47CFC242-2851-4FD0-AD31-269201BBA3B6} => pcalua.exe -a "C:\Program Files (x86)\Bridge Commander Maximum Warp\SP_Modded\BC-Mod Installer\uninstall.exe"
Task: {B38013D1-30A1-4335-8074-4FD477AD6199} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1984797524-3438127158-1362696721-1000Core => C:\Users\Miha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-13] (Google Inc.)
Task: {BC0266BF-EF29-47AF-AD64-4983FF927CB5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1984797524-3438127158-1362696721-1000UA => C:\Users\Miha\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-13] (Google Inc.)
Task: {BF532A55-4D01-4ED6-ACEB-E053DE7B9719} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {BFDFBA6F-E596-432C-88BA-44B315A4F620} - System32\Tasks\AdobeAAMUpdater-1.0-Miha-PC-Miha => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {C0F838D4-A544-43A7-B2FE-121886215CE3} - System32\Tasks\{C53EAE1E-5DB3-4C80-B500-EAAA5031C1C2} => C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
Task: {C7600987-D7AD-4159-8AE7-9BF4CA4544B8} - System32\Tasks\{EB29C175-894C-4B63-88C1-0432AF696261} => C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe [2008-05-30] (BioWare)
Task: {CE390BBE-FF4E-43D3-AC4C-4746AB43FD87} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1984797524-3438127158-1362696721-1000UA => C:\Users\Miha\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-29] (Facebook Inc.)
Task: {D41E2C38-C8E3-4F34-A7C0-9E328DED3048} - System32\Tasks\{2353E50F-4044-494D-987A-9185C9CC815F} => C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe [2008-05-30] (BioWare)
Task: {FB3F8750-C563-461B-AFED-5FEBA58EDD23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1984797524-3438127158-1362696721-1000Core.job => C:\Users\Miha\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1984797524-3438127158-1362696721-1000UA.job => C:\Users\Miha\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1984797524-3438127158-1362696721-1000Core.job => C:\Users\Miha\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1984797524-3438127158-1362696721-1000UA.job => C:\Users\Miha\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-05 15:59 - 2011-02-07 08:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-11-23 13:45 - 2014-08-12 23:30 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-02-08 14:19 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-05 15:48 - 2010-06-14 13:38 - 00984416 _____ () C:\Program Files (x86)\LevelOne\Common\RaWLAPI.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Miha\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-03 11:27 - 2015-01-03 11:27 - 00043008 _____ () c:\users\miha\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxbr2zi.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Miha\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Miha\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Miha\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-13 17:28 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 17:28 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 17:28 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 17:28 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\win.ini:s1
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
AlternateDataStreams: C:\Users\Miha\Local Settings:ZvRdNuWDmjpHoXRzsCkk8Y9uT
AlternateDataStreams: C:\Users\Miha\Desktop\2014-10-29 12.00.44.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Miha\AppData\Local:ZvRdNuWDmjpHoXRzsCkk8Y9uT
AlternateDataStreams: C:\Users\Miha\AppData\Local\Application Data:ZvRdNuWDmjpHoXRzsCkk8Y9uT

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1984797524-3438127158-1362696721-500 - Administrator - Disabled)
Guest (S-1-5-21-1984797524-3438127158-1362696721-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1984797524-3438127158-1362696721-1002 - Limited - Enabled)
Miha (S-1-5-21-1984797524-3438127158-1362696721-1000 - Administrator - Enabled) => C:\Users\Miha

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/03/2015 02:09:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (01/03/2015 11:28:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2015 11:03:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2015 03:41:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11060

Error: (01/02/2015 03:41:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11060

Error: (01/02/2015 03:41:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/02/2015 03:41:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10062

Error: (01/02/2015 03:41:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10062

Error: (01/02/2015 03:41:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/02/2015 03:41:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9063


System errors:
=============
Error: (01/03/2015 11:26:45 AM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel LDK License Manager failed to start in a promptly manner!

Error: (01/03/2015 11:26:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TOSHIBA Bluetooth Service service failed to start due to the following error:
%%2

Error: (01/03/2015 11:01:42 AM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel LDK License Manager failed to start in a promptly manner!

Error: (01/03/2015 11:01:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TOSHIBA Bluetooth Service service failed to start due to the following error:
%%2

Error: (01/03/2015 11:01:40 AM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel LDK License Manager failed to start in a promptly manner!

Error: (01/02/2015 03:27:45 PM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel LDK License Manager failed to start in a promptly manner!

Error: (01/02/2015 03:27:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TOSHIBA Bluetooth Service service failed to start due to the following error:
%%2

Error: (01/02/2015 03:26:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/02/2015 02:14:46 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.

Error: (01/02/2015 02:14:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TOSHIBA Bluetooth Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (01/03/2015 02:09:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe

Error: (01/03/2015 11:28:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2015 11:03:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/02/2015 03:41:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11060

Error: (01/02/2015 03:41:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11060

Error: (01/02/2015 03:41:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/02/2015 03:41:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10062

Error: (01/02/2015 03:41:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10062

Error: (01/02/2015 03:41:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/02/2015 03:41:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9063


CodeIntegrity Errors:
===================================
Date: 2013-10-05 13:43:39.666
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Miha\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-05 13:43:39.628
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Miha\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-05 13:43:39.429
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-05 13:43:39.392
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-04-08 22:42:11.906
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Miha\Downloads\Canon\iP2200\cnmpar21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-04-08 22:42:11.893
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Miha\Downloads\Canon\iP2200\cnmpar21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-04-08 22:40:49.975
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Miha\Downloads\Canon\iP2200\cnmpar21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-04-08 22:40:49.968
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Miha\Downloads\Canon\iP2200\cnmpar21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-04-08 22:40:18.588
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Miha\Downloads\Canon\iP2200\cnmpar21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-04-08 22:40:18.579
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Miha\Downloads\Canon\iP2200\cnmpar21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8174.67 MB
Available physical RAM: 5935.92 MB
Total Pagefile: 16347.52 MB
Available Pagefile: 13673.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1110.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 4927403A)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End Of Log ============================

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#7 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 PM

Posted 06 January 2015 - 06:59 PM

Scan with CKScanner


Download CKScanner from here.

Important: Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator.)

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify that the file is saved.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#8 SlovBoy

SlovBoy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 07 January 2015 - 08:40 AM

I am very sorry for the late reply, I haven't been at the computer. 

 

I'll post it on here, now I know :D Sorry about that! 

 

I've run the CKScanner, but it freezes and doesn't do a thing. I tried leaving it on, but it closes on me. What now?

I have a question though: 

I've now seen where that pesky Unisales is located: CHR Extension: (uNNisales) - C:\ProgramData\jlbcnjhjknoclhgdjgeijpmjjpdmllno\ [2014-06-14]
 

Would it be possible to just delete that? 




 



#9 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 PM

Posted 07 January 2015 - 07:16 PM

I am very sorry for the late reply, I haven't been at the computer.

I'll post it on here, now I know :D Sorry about that!


No worries, we'll do this on the schedule that works best for you. :)
 

I've run the CKScanner, but it freezes and doesn't do a thing. I tried leaving it on, but it closes on me. What now?


Was Ckscanner run from the desktop?
 

I've now seen where that pesky Unisales is located: CHR Extension: (uNNisales) - C:\ProgramData\jlbcnjhjknoclhgdjgeijpmjjpdmllno\ [2014-06-14]


Would it be possible to just delete that?


Yes, but there are some other directories in your log as well. We'll deal with these in the fix below. :thumbup2:


One of the infections has changed your version of Chrome to dev build which vastly lowers it's security. Upon successfully cleaning your machine, we'll need to completely uninstall Chrome and reinstall the latest version.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.



The Dangers of P2P Programs

I noticed that you have a P2P file sharing program (uTorrent) on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Step 1: Fix with FRST

Note: Before executing this step, please move FRST64.exe from C:\Users\Miha\Downloads to your Desktop or the fix will not work. All tools must be run from the desktop.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\MountPoints2: {625d7f80-b0f7-11e3-a9fd-002522d92f70} - E:\setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin HKU\S-1-5-21-1984797524-3438127158-1362696721-1000: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKU\S-1-5-21-1984797524-3438127158-1362696721-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
C:\ProgramData\jlbcnjhjknoclhgdjgeijpmjjpdmllno
2014-12-30 19:45 - 2015-01-02 14:12 - 00000000 ____D () C:\Program Files (x86)\unissallees
2014-12-30 19:45 - 2014-12-30 20:26 - 00000000 ____D () C:\Program Files (x86)\uNNisales
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
AlternateDataStreams: C:\Users\Miha\Local Settings:ZvRdNuWDmjpHoXRzsCkk8Y9uT
AlternateDataStreams: C:\Users\Miha\AppData\Local:ZvRdNuWDmjpHoXRzsCkk8Y9uT
AlternateDataStreams: C:\Users\Miha\AppData\Local\Application Data:ZvRdNuWDmjpHoXRzsCkk8Y9uT
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Junkware Removal Too


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 4: Scan with TDSSKille


Please download TDSSKiller to the desktop.

Alternate download is here.
  • Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
  • When the main GUI(graphical user interface) window opens, click on Change Parameters
  • Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • A Report will have been created by TDSSKiller in your root directory C:\
  • To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
  • Post the contents of that log in your next reply please.
Note: Do not have TDSSKiller remove anything if found at this point in time!


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

TDSSKiller Log

How is the machine running at this time?

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#10 SlovBoy

SlovBoy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 08 January 2015 - 08:59 AM

Was Ckscanner run from the desktop?

 

 

Yes, multiple times. It freezes and doesn't go anywhere :(

 

Things I need to see in your next post:
 

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

TDSSKiller Log

How is the machine running at this time?
 

 

 

Well, the machine is running as it always has (which is good :D), but the good news is, after running JRT, the Unisales extension is gone and it didn't reappear after I closed the browser :bananas: 

 

Now that there are more issues, I'm locked in to fix them :D Here are the logs: 

Fixlog.txt 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Miha at 2015-01-08 14:13:36 Run:1
Running from C:\Users\Miha\Desktop
Loaded Profile: Miha (Available profiles: Miha)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\...\MountPoints2: {625d7f80-b0f7-11e3-a9fd-002522d92f70} - E:\setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin HKU\S-1-5-21-1984797524-3438127158-1362696721-1000: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll No File
FF Plugin HKU\S-1-5-21-1984797524-3438127158-1362696721-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
C:\ProgramData\jlbcnjhjknoclhgdjgeijpmjjpdmllno
2014-12-30 19:45 - 2015-01-02 14:12 - 00000000 ____D () C:\Program Files (x86)\unissallees
2014-12-30 19:45 - 2014-12-30 20:26 - 00000000 ____D () C:\Program Files (x86)\uNNisales
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE
AlternateDataStreams: C:\Users\Miha\Local Settings:ZvRdNuWDmjpHoXRzsCkk8Y9uT
AlternateDataStreams: C:\Users\Miha\AppData\Local:ZvRdNuWDmjpHoXRzsCkk8Y9uT
AlternateDataStreams: C:\Users\Miha\AppData\Local\Application Data:ZvRdNuWDmjpHoXRzsCkk8Y9uT
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Miha\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{625d7f80-b0f7-11e3-a9fd-002522d92f70}" => Key deleted successfully.
HKCR\CLSID\{625d7f80-b0f7-11e3-a9fd-002522d92f70} => Key not found. 
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0" => Key deleted successfully.
C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll not found.
"HKU\S-1-5-21-1984797524-3438127158-1362696721-1000\Software\MozillaPlugins\ubisoft.com/uplaypc" => Key deleted successfully.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll not found.
C:\ProgramData\jlbcnjhjknoclhgdjgeijpmjjpdmllno => Moved successfully.
C:\Program Files (x86)\unissallees => Moved successfully.
C:\Program Files (x86)\uNNisales => Moved successfully.
"HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
C:\ProgramData\TEMP => ":8CE646EE" ADS removed successfully.
"C:\Users\Miha\Local Settings" => ":ZvRdNuWDmjpHoXRzsCkk8Y9uT" ADS not found.
C:\Users\Miha\AppData\Local => ":ZvRdNuWDmjpHoXRzsCkk8Y9uT" ADS removed successfully.
"C:\Users\Miha\AppData\Local\Application Data" => ":ZvRdNuWDmjpHoXRzsCkk8Y9uT" ADS not found.
"HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-1984797524-3438127158-1362696721-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
 
Junkware Removal Tool Log: 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Miha on źet 08.01.2015 at 14:19:45,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Miha\appdata\local\{E904A0B3-47AE-4873-A9E5-B23B43388085}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on źet 08.01.2015 at 14:21:53,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
AdwCleaner Log: (I'll post the PRE-REMOVE one and the POST-REMOVE one)

Pre-Remove:
# AdwCleaner v4.106 - Report created 08/01/2015 at 14:23:17
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Miha - MIHA-PC
# Running from : C:\Users\Miha\Downloads\AdwCleaner (1).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Miha\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [7447 octets] - [03/10/2013 17:03:29]
AdwCleaner[R1].txt - [7366 octets] - [02/01/2015 11:28:27]
AdwCleaner[R2].txt - [943 octets] - [02/01/2015 11:38:35]
AdwCleaner[R3].txt - [1002 octets] - [03/01/2015 11:24:47]
AdwCleaner[R4].txt - [1123 octets] - [03/01/2015 22:09:03]
AdwCleaner[R5].txt - [1063 octets] - [08/01/2015 14:23:17]
AdwCleaner[S0].txt - [8002 octets] - [02/01/2015 11:30:44]
AdwCleaner[S1].txt - [1063 octets] - [03/01/2015 11:25:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1243 octets] ##########
 
Post-Remove
# AdwCleaner v4.106 - Report created 08/01/2015 at 14:36:10
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Miha - MIHA-PC
# Running from : C:\Users\Miha\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\Miha\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
-\\ Chromium v
 
[C:\Users\Miha\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [7447 octets] - [03/10/2013 17:03:29]
AdwCleaner[R1].txt - [7366 octets] - [02/01/2015 11:28:27]
AdwCleaner[R2].txt - [943 octets] - [02/01/2015 11:38:35]
AdwCleaner[R3].txt - [1002 octets] - [03/01/2015 11:24:47]
AdwCleaner[R4].txt - [1123 octets] - [03/01/2015 22:09:03]
AdwCleaner[R5].txt - [1323 octets] - [08/01/2015 14:23:17]
AdwCleaner[S0].txt - [8002 octets] - [02/01/2015 11:30:44]
AdwCleaner[S1].txt - [1063 octets] - [03/01/2015 11:25:52]
AdwCleaner[S2].txt - [1387 octets] - [08/01/2015 14:36:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1447 octets] ##########

 

TDSSKiller Log:
 

14:42:09.0334 0x0610  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20

14:42:22.0347 0x0610  ============================================================
14:42:22.0347 0x0610  Current date / time: 2015/01/08 14:42:22.0347
14:42:22.0347 0x0610  SystemInfo:
14:42:22.0348 0x0610  
14:42:22.0348 0x0610  OS Version: 6.1.7601 ServicePack: 1.0
14:42:22.0348 0x0610  Product type: Workstation
14:42:22.0348 0x0610  ComputerName: MIHA-PC
14:42:22.0348 0x0610  UserName: Miha
14:42:22.0348 0x0610  Windows directory: C:\Windows
14:42:22.0348 0x0610  System windows directory: C:\Windows
14:42:22.0348 0x0610  Running under WOW64
14:42:22.0348 0x0610  Processor architecture: Intel x64
14:42:22.0348 0x0610  Number of processors: 8
14:42:22.0348 0x0610  Page size: 0x1000
14:42:22.0348 0x0610  Boot type: Normal boot
14:42:22.0348 0x0610  ============================================================
14:42:24.0160 0x0610  KLMD registered as C:\Windows\system32\drivers\70665894.sys
14:42:24.0470 0x0610  System UUID: {1BC84103-B58B-5F67-4153-25AF293AFC5F}
14:42:24.0795 0x0610  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:42:24.0808 0x0610  ============================================================
14:42:24.0808 0x0610  \Device\Harddisk0\DR0:
14:42:24.0809 0x0610  MBR partitions:
14:42:24.0809 0x0610  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
14:42:24.0809 0x0610  ============================================================
14:42:24.0852 0x0610  C: <-> \Device\Harddisk0\DR0\Partition1
14:42:24.0852 0x0610  ============================================================
14:42:24.0852 0x0610  Initialize success
14:42:24.0852 0x0610  ============================================================
14:43:07.0528 0x0a30  ============================================================
14:43:07.0528 0x0a30  Scan started
14:43:07.0528 0x0a30  Mode: Manual; SigCheck; TDLFS; 
14:43:07.0528 0x0a30  ============================================================
14:43:07.0528 0x0a30  KSN ping started
14:43:10.0209 0x0a30  KSN ping finished: true
14:43:11.0542 0x0a30  ================ Scan system memory ========================
14:43:11.0542 0x0a30  System memory - ok
14:43:11.0543 0x0a30  ================ Scan services =============================
14:43:11.0717 0x0a30  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:43:11.0804 0x0a30  1394ohci - ok
14:43:11.0826 0x0a30  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:43:11.0838 0x0a30  ACPI - ok
14:43:11.0843 0x0a30  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:43:11.0902 0x0a30  AcpiPmi - ok
14:43:12.0017 0x0a30  [ 749F94C424524285DCDA84D695ABC12F, E5AD194AF5B8B4FDB3976D3E3F9EF942DECFEC4EBAA9881A8EF7707BB781E4AD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:43:12.0028 0x0a30  AdobeFlashPlayerUpdateSvc - ok
14:43:12.0049 0x0a30  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:43:12.0065 0x0a30  adp94xx - ok
14:43:12.0078 0x0a30  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:43:12.0089 0x0a30  adpahci - ok
14:43:12.0099 0x0a30  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:43:12.0108 0x0a30  adpu320 - ok
14:43:12.0126 0x0a30  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:43:12.0229 0x0a30  AeLookupSvc - ok
14:43:12.0292 0x0a30  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
14:43:12.0351 0x0a30  AFD - ok
14:43:12.0364 0x0a30  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
14:43:12.0372 0x0a30  agp440 - ok
14:43:12.0414 0x0a30  [ 44F360B65C37A42EB5B71C2E5179FDD5, A7E65515FEE1698C96F647111F5C7D009C5FAC9A1F62D027802861A699AF1F93 ] aksdf           C:\Windows\system32\drivers\aksdf.sys
14:43:12.0459 0x0a30  aksdf - ok
14:43:12.0484 0x0a30  [ BC61697103C9EFC3DBA83777CEA8E76B, 15F55C9E4ACB695A5A9BEF52D69AFE9D8D50F8307B81349FB4300368B52493D3 ] aksfridge       C:\Windows\system32\drivers\aksfridge.sys
14:43:12.0492 0x0a30  aksfridge - ok
14:43:12.0505 0x0a30  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
14:43:12.0560 0x0a30  ALG - ok
14:43:12.0571 0x0a30  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:43:12.0578 0x0a30  aliide - ok
14:43:12.0655 0x0a30  [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:43:12.0686 0x0a30  AMD External Events Utility - ok
14:43:12.0712 0x0a30  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:43:12.0718 0x0a30  amdide - ok
14:43:12.0730 0x0a30  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:43:12.0766 0x0a30  AmdK8 - ok
14:43:13.0371 0x0a30  [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:43:13.0723 0x0a30  amdkmdag - ok
14:43:13.0786 0x0a30  [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:43:13.0828 0x0a30  amdkmdap - ok
14:43:13.0847 0x0a30  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:43:13.0873 0x0a30  AmdPPM - ok
14:43:13.0905 0x0a30  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:43:13.0914 0x0a30  amdsata - ok
14:43:13.0937 0x0a30  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:43:13.0947 0x0a30  amdsbs - ok
14:43:13.0957 0x0a30  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:43:13.0963 0x0a30  amdxata - ok
14:43:13.0999 0x0a30  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
14:43:14.0042 0x0a30  AppID - ok
14:43:14.0049 0x0a30  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:43:14.0078 0x0a30  AppIDSvc - ok
14:43:14.0149 0x0a30  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
14:43:14.0195 0x0a30  Appinfo - ok
14:43:14.0471 0x0a30  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:43:14.0484 0x0a30  Apple Mobile Device - ok
14:43:14.0511 0x0a30  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
14:43:14.0558 0x0a30  AppMgmt - ok
14:43:14.0574 0x0a30  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
14:43:14.0582 0x0a30  arc - ok
14:43:14.0593 0x0a30  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:43:14.0601 0x0a30  arcsas - ok
14:43:14.0710 0x0a30  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:43:14.0719 0x0a30  aspnet_state - ok
14:43:14.0737 0x0a30  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:43:14.0758 0x0a30  AsyncMac - ok
14:43:14.0790 0x0a30  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:43:14.0796 0x0a30  atapi - ok
14:43:14.0829 0x0a30  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:43:14.0838 0x0a30  AtiHDAudioService - ok
14:43:14.0896 0x0a30  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:43:14.0964 0x0a30  AudioEndpointBuilder - ok
14:43:14.0977 0x0a30  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:43:14.0994 0x0a30  AudioSrv - ok
14:43:15.0021 0x0a30  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:43:15.0064 0x0a30  AxInstSV - ok
14:43:15.0086 0x0a30  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:43:15.0105 0x0a30  b06bdrv - ok
14:43:15.0129 0x0a30  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:43:15.0162 0x0a30  b57nd60a - ok
14:43:15.0198 0x0a30  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:43:15.0213 0x0a30  BDESVC - ok
14:43:15.0238 0x0a30  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:43:15.0277 0x0a30  Beep - ok
14:43:15.0343 0x0a30  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
14:43:15.0367 0x0a30  BFE - ok
14:43:15.0404 0x0a30  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
14:43:15.0550 0x0a30  BITS - ok
14:43:15.0563 0x0a30  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:43:15.0572 0x0a30  blbdrive - ok
14:43:15.0736 0x0a30  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:43:15.0750 0x0a30  Bonjour Service - ok
14:43:15.0786 0x0a30  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:43:15.0831 0x0a30  bowser - ok
14:43:15.0896 0x0a30  BRDriver64 - ok
14:43:15.0912 0x0a30  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:43:15.0922 0x0a30  BrFiltLo - ok
14:43:15.0934 0x0a30  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:43:15.0944 0x0a30  BrFiltUp - ok
14:43:16.0048 0x0a30  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
14:43:16.0099 0x0a30  Browser - ok
14:43:16.0129 0x0a30  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:43:16.0191 0x0a30  Brserid - ok
14:43:16.0200 0x0a30  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:43:16.0220 0x0a30  BrSerWdm - ok
14:43:16.0273 0x0a30  [ 2B0B52BC483C3C52E42B1C930962890D, 4240E4138A480E3496DC1D2FFBAED2408A482C091038A08E6C84F5B32984CA85 ] BRSptSvc        C:\ProgramData\BitRaider\BRSptSvc.exe
14:43:16.0317 0x0a30  BRSptSvc - ok
14:43:16.0337 0x0a30  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:43:16.0346 0x0a30  BrUsbMdm - ok
14:43:16.0351 0x0a30  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:43:16.0376 0x0a30  BrUsbSer - ok
14:43:16.0396 0x0a30  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:43:16.0418 0x0a30  BTHMODEM - ok
14:43:16.0450 0x0a30  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
14:43:16.0507 0x0a30  bthserv - ok
14:43:16.0515 0x0a30  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:43:16.0559 0x0a30  cdfs - ok
14:43:16.0599 0x0a30  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:43:16.0619 0x0a30  cdrom - ok
14:43:16.0664 0x0a30  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:43:16.0722 0x0a30  CertPropSvc - ok
14:43:16.0742 0x0a30  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:43:16.0753 0x0a30  circlass - ok
14:43:16.0774 0x0a30  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
14:43:16.0788 0x0a30  CLFS - ok
14:43:16.0945 0x0a30  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:43:16.0990 0x0a30  clr_optimization_v2.0.50727_32 - ok
14:43:17.0047 0x0a30  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:43:17.0075 0x0a30  clr_optimization_v2.0.50727_64 - ok
14:43:17.0145 0x0a30  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:43:17.0167 0x0a30  clr_optimization_v4.0.30319_32 - ok
14:43:17.0185 0x0a30  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:43:17.0204 0x0a30  clr_optimization_v4.0.30319_64 - ok
14:43:17.0244 0x0a30  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:43:17.0285 0x0a30  CmBatt - ok
14:43:17.0313 0x0a30  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:43:17.0326 0x0a30  cmdide - ok
14:43:17.0390 0x0a30  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
14:43:17.0415 0x0a30  CNG - ok
14:43:17.0423 0x0a30  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:43:17.0429 0x0a30  Compbatt - ok
14:43:17.0438 0x0a30  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
14:43:17.0467 0x0a30  CompositeBus - ok
14:43:17.0489 0x0a30  COMSysApp - ok
14:43:17.0521 0x0a30  cpuz136 - ok
14:43:17.0529 0x0a30  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:43:17.0543 0x0a30  crcdisk - ok
14:43:17.0582 0x0a30  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:43:17.0616 0x0a30  CryptSvc - ok
14:43:17.0658 0x0a30  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
14:43:17.0697 0x0a30  CSC - ok
14:43:17.0730 0x0a30  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
14:43:17.0766 0x0a30  CscService - ok
14:43:17.0852 0x0a30  [ 914A7156B0C0F10BE645A02E13F576B2, C8686CE4DD9C457D56D5535307FD210AE057BFF94AC59665681DA6CF46DBE2E8 ] DAUpdaterSvc    C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
14:43:17.0858 0x0a30  DAUpdaterSvc - ok
14:43:17.0894 0x0a30  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:43:17.0923 0x0a30  DcomLaunch - ok
14:43:17.0937 0x0a30  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:43:17.0963 0x0a30  defragsvc - ok
14:43:17.0986 0x0a30  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:43:18.0008 0x0a30  DfsC - ok
14:43:18.0024 0x0a30  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:43:18.0073 0x0a30  Dhcp - ok
14:43:18.0163 0x0a30  [ 8FBB1FFC6F13F9D5EE8480B36BAFFC52, 0BC3685B0B8ADC97931B5D31348DA235CD7581A67EDF6D79913E6A5709866135 ] DIRECTIO        C:\Program Files\PerformanceTest\DirectIo64.sys
14:43:18.0176 0x0a30  DIRECTIO - ok
14:43:18.0185 0x0a30  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
14:43:18.0244 0x0a30  discache - ok
14:43:18.0266 0x0a30  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
14:43:18.0273 0x0a30  Disk - ok
14:43:18.0287 0x0a30  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
14:43:18.0335 0x0a30  dmvsc - ok
14:43:18.0368 0x0a30  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:43:18.0400 0x0a30  Dnscache - ok
14:43:18.0416 0x0a30  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:43:18.0469 0x0a30  dot3svc - ok
14:43:18.0520 0x0a30  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
14:43:18.0544 0x0a30  DPS - ok
14:43:18.0590 0x0a30  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:43:18.0643 0x0a30  drmkaud - ok
14:43:18.0680 0x0a30  [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:43:18.0701 0x0a30  dtsoftbus01 - ok
14:43:18.0789 0x0a30  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:43:18.0823 0x0a30  DXGKrnl - ok
14:43:18.0844 0x0a30  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
14:43:18.0895 0x0a30  EapHost - ok
14:43:19.0008 0x0a30  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:43:19.0119 0x0a30  ebdrv - ok
14:43:19.0172 0x0a30  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
14:43:19.0227 0x0a30  EFS - ok
14:43:19.0291 0x0a30  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:43:19.0377 0x0a30  ehRecvr - ok
14:43:19.0394 0x0a30  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
14:43:19.0434 0x0a30  ehSched - ok
14:43:19.0492 0x0a30  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:43:19.0513 0x0a30  elxstor - ok
14:43:19.0524 0x0a30  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:43:19.0550 0x0a30  ErrDev - ok
14:43:19.0584 0x0a30  [ DF2F6C1E55F6E81CFC7F688380D85816, D9085466AA9D98AA01CD8ADEBD798CB326D4FD53A07BD199C3E6E500B4619355 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
14:43:19.0601 0x0a30  EtronHub3 - ok
14:43:19.0607 0x0a30  [ E093ABFB67A4B9D94F80611A7D0A8BB9, A23D58767F58CBDFAA4AD25779BBBC4FAD51CBD8FEB9C89284635631E4F084A6 ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
14:43:19.0637 0x0a30  EtronXHCI - ok
14:43:19.0674 0x0a30  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
14:43:19.0715 0x0a30  EventSystem - ok
14:43:19.0747 0x0a30  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:43:19.0796 0x0a30  exfat - ok
14:43:19.0824 0x0a30  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:43:19.0857 0x0a30  fastfat - ok
14:43:19.0888 0x0a30  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
14:43:19.0965 0x0a30  Fax - ok
14:43:19.0977 0x0a30  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:43:19.0994 0x0a30  fdc - ok
14:43:20.0003 0x0a30  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
14:43:20.0065 0x0a30  fdPHost - ok
14:43:20.0086 0x0a30  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:43:20.0114 0x0a30  FDResPub - ok
14:43:20.0127 0x0a30  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:43:20.0135 0x0a30  FileInfo - ok
14:43:20.0143 0x0a30  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:43:20.0185 0x0a30  Filetrace - ok
14:43:20.0202 0x0a30  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:43:20.0218 0x0a30  flpydisk - ok
14:43:20.0233 0x0a30  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:43:20.0250 0x0a30  FltMgr - ok
14:43:20.0316 0x0a30  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
14:43:20.0370 0x0a30  FontCache - ok
14:43:20.0408 0x0a30  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:43:20.0500 0x0a30  FontCache3.0.0.0 - ok
14:43:20.0605 0x0a30  [ A1BEF2DE57398FCAB2C969304B2D2D93, 227E430E0D2FBC94508F9A781B0FA16FA75F00F7531F16B41C8FA4990242A9C7 ] FoxitCloudUpdateService C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
14:43:20.0630 0x0a30  FoxitCloudUpdateService - ok
14:43:20.0641 0x0a30  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:43:20.0650 0x0a30  FsDepends - ok
14:43:20.0678 0x0a30  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:43:20.0691 0x0a30  Fs_Rec - ok
14:43:20.0754 0x0a30  [ 290EBA98AD0CE0D1B880B5D71194B069, 60CF4DBCFBF5EABE127663322E0CA2B324DB8A92039E7B7C044ACD64DBD324AB ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
14:43:20.0774 0x0a30  Futuremark SystemInfo Service - ok
14:43:20.0813 0x0a30  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:43:20.0838 0x0a30  fvevol - ok
14:43:20.0859 0x0a30  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:43:20.0875 0x0a30  gagp30kx - ok
14:43:20.0913 0x0a30  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:43:20.0953 0x0a30  gpsvc - ok
14:43:21.0027 0x0a30  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:43:21.0041 0x0a30  gupdate - ok
14:43:21.0052 0x0a30  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:43:21.0065 0x0a30  gupdatem - ok
14:43:21.0124 0x0a30  [ D619BA1712B83D14149850E758B835AD, AD18807EC4DA6FA8C6846C1A0D914071FD59BD3273AFC103E5F2A7141F18C5F4 ] hardlock        C:\Windows\system32\drivers\hardlock.sys
14:43:21.0186 0x0a30  hardlock - ok
14:43:21.0189 0x0a30  hasplms - ok
14:43:21.0198 0x0a30  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:43:21.0255 0x0a30  hcw85cir - ok
14:43:21.0293 0x0a30  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:43:21.0326 0x0a30  HdAudAddService - ok
14:43:21.0353 0x0a30  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:43:21.0377 0x0a30  HDAudBus - ok
14:43:21.0385 0x0a30  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:43:21.0420 0x0a30  HidBatt - ok
14:43:21.0443 0x0a30  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:43:21.0481 0x0a30  HidBth - ok
14:43:21.0500 0x0a30  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:43:21.0540 0x0a30  HidIr - ok
14:43:21.0565 0x0a30  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
14:43:21.0607 0x0a30  hidserv - ok
14:43:21.0621 0x0a30  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:43:21.0634 0x0a30  HidUsb - ok
14:43:21.0649 0x0a30  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:43:21.0714 0x0a30  hkmsvc - ok
14:43:21.0747 0x0a30  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:43:21.0775 0x0a30  HomeGroupListener - ok
14:43:21.0804 0x0a30  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:43:21.0844 0x0a30  HomeGroupProvider - ok
14:43:21.0872 0x0a30  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:43:21.0887 0x0a30  HpSAMD - ok
14:43:21.0920 0x0a30  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:43:21.0962 0x0a30  HTTP - ok
14:43:22.0007 0x0a30  [ 012015A7DA5D7DD5DDDF3BE4C34CBE3B, 60EA4363B4BEAA40FF4DFA1F18747DA8306F19FE742AC9427B93820731C59A32 ] HWiNFO32        C:\Windows\system32\drivers\HWiNFO64A.SYS
14:43:22.0019 0x0a30  HWiNFO32 - ok
14:43:22.0028 0x0a30  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:43:22.0040 0x0a30  hwpolicy - ok
14:43:22.0055 0x0a30  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:43:22.0074 0x0a30  i8042prt - ok
14:43:22.0092 0x0a30  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:43:22.0108 0x0a30  iaStorV - ok
14:43:22.0190 0x0a30  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:43:22.0234 0x0a30  idsvc - ok
14:43:22.0248 0x0a30  IEEtwCollectorService - ok
14:43:22.0253 0x0a30  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:43:22.0260 0x0a30  iirsp - ok
14:43:22.0344 0x0a30  [ CE1EE31FFF730CA975A5535D8A71AF61, A1808EB92EC2444F9309C93F5724A7A374F4B983862829BF9B076C8D3B2427DE ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
14:43:22.0359 0x0a30  IJPLMSVC - ok
14:43:22.0455 0x0a30  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
14:43:22.0516 0x0a30  IKEEXT - ok
14:43:22.0625 0x0a30  [ E8017F1662D9142F45CEAB694D013C00, 75EE9DF292C4D980B9461ABEB8810D22DD57EBBAD5A37FE7B046CBAD419EE9E0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:43:22.0667 0x0a30  IntcAzAudAddService - ok
14:43:22.0717 0x0a30  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:43:22.0745 0x0a30  intelide - ok
14:43:22.0771 0x0a30  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:43:22.0795 0x0a30  intelppm - ok
14:43:22.0822 0x0a30  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:43:22.0867 0x0a30  IPBusEnum - ok
14:43:22.0890 0x0a30  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:43:22.0936 0x0a30  IpFilterDriver - ok
14:43:22.0977 0x0a30  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:43:23.0033 0x0a30  iphlpsvc - ok
14:43:23.0049 0x0a30  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:43:23.0086 0x0a30  IPMIDRV - ok
14:43:23.0108 0x0a30  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:43:23.0171 0x0a30  IPNAT - ok
14:43:23.0189 0x0a30  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:43:23.0230 0x0a30  IRENUM - ok
14:43:23.0254 0x0a30  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:43:23.0268 0x0a30  isapnp - ok
14:43:23.0295 0x0a30  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:43:23.0318 0x0a30  iScsiPrt - ok
14:43:23.0333 0x0a30  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
14:43:23.0345 0x0a30  kbdclass - ok
14:43:23.0355 0x0a30  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:43:23.0387 0x0a30  kbdhid - ok
14:43:23.0423 0x0a30  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
14:43:23.0438 0x0a30  KeyIso - ok
14:43:23.0468 0x0a30  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:43:23.0484 0x0a30  KSecDD - ok
14:43:23.0517 0x0a30  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:43:23.0528 0x0a30  KSecPkg - ok
14:43:23.0536 0x0a30  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:43:23.0560 0x0a30  ksthunk - ok
14:43:23.0580 0x0a30  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:43:23.0608 0x0a30  KtmRm - ok
14:43:23.0637 0x0a30  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:43:23.0679 0x0a30  LanmanServer - ok
14:43:23.0702 0x0a30  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:43:23.0728 0x0a30  LanmanWorkstation - ok
14:43:23.0745 0x0a30  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:43:23.0769 0x0a30  lltdio - ok
14:43:23.0795 0x0a30  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:43:23.0825 0x0a30  lltdsvc - ok
14:43:23.0835 0x0a30  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:43:23.0860 0x0a30  lmhosts - ok
14:43:23.0879 0x0a30  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:43:23.0887 0x0a30  LSI_FC - ok
14:43:23.0904 0x0a30  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:43:23.0913 0x0a30  LSI_SAS - ok
14:43:23.0923 0x0a30  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:43:23.0938 0x0a30  LSI_SAS2 - ok
14:43:23.0951 0x0a30  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:43:23.0962 0x0a30  LSI_SCSI - ok
14:43:23.0971 0x0a30  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:43:23.0998 0x0a30  luafv - ok
14:43:24.0030 0x0a30  [ 5C3FF68267A5D242EE79EE01B993D6CE, 853637AC30A16698F2F583693E98B67104ECE5B8F80C6FB88266665162623B92 ] LVUSBS64        C:\Windows\system32\drivers\LVUSBS64.sys
14:43:24.0040 0x0a30  LVUSBS64 - ok
14:43:24.0059 0x0a30  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:43:24.0079 0x0a30  Mcx2Svc - ok
14:43:24.0092 0x0a30  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:43:24.0106 0x0a30  megasas - ok
14:43:24.0141 0x0a30  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:43:24.0165 0x0a30  MegaSR - ok
14:43:24.0198 0x0a30  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
14:43:24.0209 0x0a30  MEIx64 - ok
14:43:24.0247 0x0a30  Microsoft SharePoint Workspace Audit Service - ok
14:43:24.0265 0x0a30  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
14:43:24.0333 0x0a30  MMCSS - ok
14:43:24.0342 0x0a30  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
14:43:24.0404 0x0a30  Modem - ok
14:43:24.0425 0x0a30  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:43:24.0444 0x0a30  monitor - ok
14:43:24.0483 0x0a30  [ C030F9E822A057C1A7A9BB4EA3E8877E, 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
14:43:24.0536 0x0a30  MotioninJoyXFilter - detected UnsignedFile.Multi.Generic ( 1 )
14:43:26.0869 0x0a30  Detect skipped due to KSN trusted
14:43:26.0869 0x0a30  MotioninJoyXFilter - ok
14:43:26.0898 0x0a30  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:43:26.0912 0x0a30  mouclass - ok
14:43:26.0930 0x0a30  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:43:26.0946 0x0a30  mouhid - ok
14:43:26.0970 0x0a30  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:43:26.0986 0x0a30  mountmgr - ok
14:43:27.0053 0x0a30  [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
14:43:27.0078 0x0a30  MpFilter - ok
14:43:27.0096 0x0a30  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:43:27.0108 0x0a30  mpio - ok
14:43:27.0124 0x0a30  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:43:27.0172 0x0a30  mpsdrv - ok
14:43:27.0326 0x0a30  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:43:27.0398 0x0a30  MpsSvc - ok
14:43:27.0471 0x0a30  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:43:27.0531 0x0a30  MRxDAV - ok
14:43:27.0561 0x0a30  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:43:27.0618 0x0a30  mrxsmb - ok
14:43:27.0635 0x0a30  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:43:27.0679 0x0a30  mrxsmb10 - ok
14:43:27.0706 0x0a30  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:43:27.0745 0x0a30  mrxsmb20 - ok
14:43:27.0782 0x0a30  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:43:27.0797 0x0a30  msahci - ok
14:43:27.0815 0x0a30  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:43:27.0834 0x0a30  msdsm - ok
14:43:27.0849 0x0a30  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
14:43:27.0875 0x0a30  MSDTC - ok
14:43:27.0901 0x0a30  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:43:27.0940 0x0a30  Msfs - ok
14:43:27.0966 0x0a30  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:43:28.0029 0x0a30  mshidkmdf - ok
14:43:28.0064 0x0a30  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:43:28.0077 0x0a30  msisadrv - ok
14:43:28.0145 0x0a30  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:43:28.0197 0x0a30  MSiSCSI - ok
14:43:28.0201 0x0a30  msiserver - ok
14:43:28.0220 0x0a30  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:43:28.0241 0x0a30  MSKSSRV - ok
14:43:28.0315 0x0a30  [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:43:28.0330 0x0a30  MsMpSvc - ok
14:43:28.0343 0x0a30  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:43:28.0404 0x0a30  MSPCLOCK - ok
14:43:28.0425 0x0a30  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:43:28.0470 0x0a30  MSPQM - ok
14:43:28.0490 0x0a30  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:43:28.0516 0x0a30  MsRPC - ok
14:43:28.0529 0x0a30  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:43:28.0538 0x0a30  mssmbios - ok
14:43:28.0541 0x0a30  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:43:28.0565 0x0a30  MSTEE - ok
14:43:28.0575 0x0a30  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:43:28.0584 0x0a30  MTConfig - ok
14:43:28.0591 0x0a30  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
14:43:28.0597 0x0a30  Mup - ok
14:43:28.0617 0x0a30  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
14:43:28.0645 0x0a30  napagent - ok
14:43:28.0682 0x0a30  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:43:28.0714 0x0a30  NativeWifiP - ok
14:43:28.0763 0x0a30  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:43:28.0799 0x0a30  NDIS - ok
14:43:28.0816 0x0a30  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:43:28.0837 0x0a30  NdisCap - ok
14:43:28.0846 0x0a30  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:43:28.0901 0x0a30  NdisTapi - ok
14:43:28.0930 0x0a30  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:43:28.0956 0x0a30  Ndisuio - ok
14:43:28.0964 0x0a30  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:43:29.0010 0x0a30  NdisWan - ok
14:43:29.0027 0x0a30  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:43:29.0082 0x0a30  NDProxy - ok
14:43:29.0101 0x0a30  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:43:29.0148 0x0a30  NetBIOS - ok
14:43:29.0188 0x0a30  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:43:29.0214 0x0a30  NetBT - ok
14:43:29.0239 0x0a30  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
14:43:29.0247 0x0a30  Netlogon - ok
14:43:29.0272 0x0a30  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
14:43:29.0351 0x0a30  Netman - ok
14:43:29.0382 0x0a30  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:43:29.0393 0x0a30  NetMsmqActivator - ok
14:43:29.0408 0x0a30  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:43:29.0419 0x0a30  NetPipeActivator - ok
14:43:29.0453 0x0a30  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
14:43:29.0508 0x0a30  netprofm - ok
14:43:29.0580 0x0a30  [ C9E9017AC2291E96ED3376B72BC7CF8D, F75BE67D382320702A9A5D91930B4D587856061035B04BDE3AA6A282C7E2B6A1 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
14:43:29.0638 0x0a30  netr28ux - ok
14:43:29.0645 0x0a30  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:43:29.0653 0x0a30  NetTcpActivator - ok
14:43:29.0657 0x0a30  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:43:29.0666 0x0a30  NetTcpPortSharing - ok
14:43:29.0701 0x0a30  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:43:29.0717 0x0a30  nfrd960 - ok
14:43:29.0774 0x0a30  [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:43:29.0793 0x0a30  NisDrv - ok
14:43:29.0835 0x0a30  [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
14:43:29.0858 0x0a30  NisSrv - ok
14:43:29.0899 0x0a30  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:43:29.0912 0x0a30  NlaSvc - ok
14:43:29.0968 0x0a30  [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] NPF             C:\Windows\system32\drivers\npf.sys
14:43:29.0974 0x0a30  NPF - ok
14:43:29.0981 0x0a30  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:43:30.0016 0x0a30  Npfs - ok
14:43:30.0036 0x0a30  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
14:43:30.0095 0x0a30  nsi - ok
14:43:30.0098 0x0a30  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:43:30.0119 0x0a30  nsiproxy - ok
14:43:30.0216 0x0a30  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:43:30.0274 0x0a30  Ntfs - ok
14:43:30.0303 0x0a30  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
14:43:30.0358 0x0a30  Null - ok
14:43:30.0388 0x0a30  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:43:30.0396 0x0a30  nvraid - ok
14:43:30.0416 0x0a30  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:43:30.0429 0x0a30  nvstor - ok
14:43:30.0447 0x0a30  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:43:30.0465 0x0a30  nv_agp - ok
14:43:30.0471 0x0a30  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:43:30.0489 0x0a30  ohci1394 - ok
14:43:30.0723 0x0a30  [ EF8DA126239D08B7B4734256417AE702, 4BBA0577C20E851F5B30D0D0F19382AB32AF57EFF7AA5B394E0FF6358A7AB287 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
14:43:30.0796 0x0a30  Origin Client Service - ok
14:43:30.0861 0x0a30  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:43:30.0879 0x0a30  ose64 - ok
14:43:31.0335 0x0a30  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:43:31.0479 0x0a30  osppsvc - ok
14:43:31.0527 0x0a30  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:43:31.0569 0x0a30  p2pimsvc - ok
14:43:31.0641 0x0a30  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
14:43:31.0674 0x0a30  p2psvc - ok
14:43:31.0685 0x0a30  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
14:43:31.0722 0x0a30  Parport - ok
14:43:31.0756 0x0a30  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:43:31.0772 0x0a30  partmgr - ok
14:43:31.0812 0x0a30  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:43:31.0866 0x0a30  PcaSvc - ok
14:43:31.0884 0x0a30  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
14:43:31.0903 0x0a30  pci - ok
14:43:31.0916 0x0a30  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:43:31.0929 0x0a30  pciide - ok
14:43:31.0953 0x0a30  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:43:31.0983 0x0a30  pcmcia - ok
14:43:31.0993 0x0a30  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:43:32.0008 0x0a30  pcw - ok
14:43:32.0037 0x0a30  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:43:32.0075 0x0a30  PEAUTH - ok
14:43:32.0133 0x0a30  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
14:43:32.0220 0x0a30  PeerDistSvc - ok
14:43:32.0293 0x0a30  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:43:32.0341 0x0a30  PerfHost - ok
14:43:32.0447 0x0a30  [ 087A343DFC337F37723DD7912DE6B6CD, AE11C28A01D4FC2CCB36C5956D9414AEBA8AFC4A868047CC691F32CF31E44AAC ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V64.SYS
14:43:32.0519 0x0a30  PID_PEPI - ok
14:43:32.0677 0x0a30  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
14:43:32.0760 0x0a30  pla - ok
14:43:32.0829 0x0a30  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:43:32.0895 0x0a30  PlugPlay - ok
14:43:32.0920 0x0a30  PnkBstrA - ok
14:43:32.0929 0x0a30  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:43:32.0946 0x0a30  PNRPAutoReg - ok
14:43:32.0968 0x0a30  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:43:32.0986 0x0a30  PNRPsvc - ok
14:43:33.0087 0x0a30  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:43:33.0156 0x0a30  PolicyAgent - ok
14:43:33.0217 0x0a30  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
14:43:33.0272 0x0a30  Power - ok
14:43:33.0324 0x0a30  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:43:33.0387 0x0a30  PptpMiniport - ok
14:43:33.0433 0x0a30  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
14:43:33.0458 0x0a30  Processor - ok
14:43:33.0494 0x0a30  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:43:33.0553 0x0a30  ProfSvc - ok
14:43:33.0565 0x0a30  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:43:33.0581 0x0a30  ProtectedStorage - ok
14:43:33.0604 0x0a30  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:43:33.0665 0x0a30  Psched - ok
14:43:33.0729 0x0a30  [ BC08F7F3C53CBEE68670ED1314E290FD, EC683DDE60AFED297D28BC7570BB6DA27A94F52417AD6DE1FBE265255F4051DD ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
14:43:33.0742 0x0a30  PxHlpa64 - ok
14:43:33.0804 0x0a30  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:43:33.0855 0x0a30  ql2300 - ok
14:43:33.0872 0x0a30  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:43:33.0881 0x0a30  ql40xx - ok
14:43:33.0902 0x0a30  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
14:43:33.0933 0x0a30  QWAVE - ok
14:43:33.0947 0x0a30  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:43:33.0958 0x0a30  QWAVEdrv - ok
14:43:34.0028 0x0a30  [ E5F568414F32873E6EC9FD97F9EE980C, 7B360B2FB8CE6BB8FEED996FD45F209C00828C507908884369ED1100CF0E2B7A ] RalinkRegistryWriter C:\Program Files (x86)\LevelOne\Common\RaRegistry.exe
14:43:34.0044 0x0a30  RalinkRegistryWriter - ok
14:43:34.0058 0x0a30  [ FFB6C1E16FF8772F62693A3DCA731F8F, 558F13D44E3F6DD0028D129F0AC1B9B529052951671317F839CBAE9A33877377 ] RalinkRegistryWriter64 C:\Program Files (x86)\LevelOne\Common\RaRegistry64.exe
14:43:34.0067 0x0a30  RalinkRegistryWriter64 - ok
14:43:34.0078 0x0a30  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:43:34.0137 0x0a30  RasAcd - ok
14:43:34.0171 0x0a30  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:43:34.0235 0x0a30  RasAgileVpn - ok
14:43:34.0259 0x0a30  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
14:43:34.0303 0x0a30  RasAuto - ok
14:43:34.0323 0x0a30  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:43:34.0351 0x0a30  Rasl2tp - ok
14:43:34.0372 0x0a30  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
14:43:34.0414 0x0a30  RasMan - ok
14:43:34.0439 0x0a30  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:43:34.0488 0x0a30  RasPppoe - ok
14:43:34.0494 0x0a30  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:43:34.0538 0x0a30  RasSstp - ok
14:43:34.0611 0x0a30  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:43:34.0685 0x0a30  rdbss - ok
14:43:34.0695 0x0a30  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:43:34.0720 0x0a30  rdpbus - ok
14:43:34.0739 0x0a30  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:43:34.0784 0x0a30  RDPCDD - ok
14:43:34.0811 0x0a30  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
14:43:34.0840 0x0a30  RDPDR - ok
14:43:34.0852 0x0a30  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:43:34.0894 0x0a30  RDPENCDD - ok
14:43:34.0912 0x0a30  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:43:34.0945 0x0a30  RDPREFMP - ok
14:43:35.0002 0x0a30  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:43:35.0086 0x0a30  RdpVideoMiniport - ok
14:43:35.0131 0x0a30  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:43:35.0167 0x0a30  RDPWD - ok
14:43:35.0182 0x0a30  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:43:35.0202 0x0a30  rdyboost - ok
14:43:35.0222 0x0a30  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:43:35.0284 0x0a30  RemoteAccess - ok
14:43:35.0304 0x0a30  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:43:35.0346 0x0a30  RemoteRegistry - ok
14:43:35.0383 0x0a30  [ B60F58F175DE20A6739194E85B035178, 6E66D6041AF0B69896E4556F9FF3A3AA70CF4B09FFBE68E14E60313C5E3FFDDB ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
14:43:35.0398 0x0a30  rpcapd - ok
14:43:35.0412 0x0a30  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:43:35.0443 0x0a30  RpcEptMapper - ok
14:43:35.0477 0x0a30  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
14:43:35.0495 0x0a30  RpcLocator - ok
14:43:35.0519 0x0a30  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
14:43:35.0554 0x0a30  RpcSs - ok
14:43:35.0567 0x0a30  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:43:35.0594 0x0a30  rspndr - ok
14:43:35.0626 0x0a30  [ 55D5947298501C38095733F16EEB36C5, BF78998666C890B9D218D94F23D67EABAFBA560FF4DA5F5D68A4CDE7917DBCD1 ] RTLE8023x64     C:\Windows\system32\DRIVERS\Rtenic64.sys
14:43:35.0640 0x0a30  RTLE8023x64 - ok
14:43:35.0657 0x0a30  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
14:43:35.0684 0x0a30  s3cap - ok
14:43:35.0707 0x0a30  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
14:43:35.0723 0x0a30  SamSs - ok
14:43:35.0734 0x0a30  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:43:35.0750 0x0a30  sbp2port - ok
14:43:35.0769 0x0a30  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:43:35.0800 0x0a30  SCardSvr - ok
14:43:35.0827 0x0a30  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:43:35.0884 0x0a30  scfilter - ok
14:43:35.0995 0x0a30  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
14:43:36.0055 0x0a30  Schedule - ok
14:43:36.0081 0x0a30  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:43:36.0105 0x0a30  SCPolicySvc - ok
14:43:36.0134 0x0a30  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:43:36.0178 0x0a30  SDRSVC - ok
14:43:36.0192 0x0a30  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:43:36.0252 0x0a30  secdrv - ok
14:43:36.0274 0x0a30  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
14:43:36.0335 0x0a30  seclogon - ok
14:43:36.0354 0x0a30  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
14:43:36.0417 0x0a30  SENS - ok
14:43:36.0438 0x0a30  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:43:36.0494 0x0a30  SensrSvc - ok
14:43:36.0511 0x0a30  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:43:36.0527 0x0a30  Serenum - ok
14:43:36.0548 0x0a30  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:43:36.0581 0x0a30  Serial - ok
14:43:36.0614 0x0a30  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:43:36.0631 0x0a30  sermouse - ok
14:43:36.0646 0x0a30  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
14:43:36.0694 0x0a30  SessionEnv - ok
14:43:36.0697 0x0a30  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:43:36.0709 0x0a30  sffdisk - ok
14:43:36.0726 0x0a30  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:43:36.0761 0x0a30  sffp_mmc - ok
14:43:36.0765 0x0a30  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:43:36.0784 0x0a30  sffp_sd - ok
14:43:36.0807 0x0a30  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:43:36.0824 0x0a30  sfloppy - ok
14:43:36.0849 0x0a30  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:43:36.0906 0x0a30  SharedAccess - ok
14:43:36.0930 0x0a30  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:43:36.0988 0x0a30  ShellHWDetection - ok
14:43:37.0011 0x0a30  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:43:37.0025 0x0a30  SiSRaid2 - ok
14:43:37.0043 0x0a30  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:43:37.0059 0x0a30  SiSRaid4 - ok
14:43:37.0163 0x0a30  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
14:43:37.0192 0x0a30  SkypeUpdate - ok
14:43:37.0210 0x0a30  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:43:37.0275 0x0a30  Smb - ok
14:43:37.0286 0x0a30  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:43:37.0316 0x0a30  SNMPTRAP - ok
14:43:37.0348 0x0a30  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\Windows\syswow64\speedfan.sys
14:43:37.0363 0x0a30  speedfan - ok
14:43:37.0367 0x0a30  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:43:37.0380 0x0a30  spldr - ok
14:43:37.0482 0x0a30  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
14:43:37.0554 0x0a30  Spooler - ok
14:43:37.0647 0x0a30  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:43:37.0772 0x0a30  sppsvc - ok
14:43:37.0808 0x0a30  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:43:37.0870 0x0a30  sppuinotify - ok
14:43:37.0912 0x0a30  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:43:37.0948 0x0a30  srv - ok
14:43:37.0976 0x0a30  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:43:38.0021 0x0a30  srv2 - ok
14:43:38.0048 0x0a30  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:43:38.0069 0x0a30  srvnet - ok
14:43:38.0086 0x0a30  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:43:38.0112 0x0a30  SSDPSRV - ok
14:43:38.0120 0x0a30  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:43:38.0143 0x0a30  SstpSvc - ok
14:43:38.0239 0x0a30  [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
14:43:38.0265 0x0a30  Steam Client Service - ok
14:43:38.0297 0x0a30  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:43:38.0316 0x0a30  stexstor - ok
14:43:38.0358 0x0a30  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
14:43:38.0422 0x0a30  stisvc - ok
14:43:38.0447 0x0a30  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
14:43:38.0461 0x0a30  storflt - ok
14:43:38.0488 0x0a30  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
14:43:38.0502 0x0a30  storvsc - ok
14:43:38.0506 0x0a30  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:43:38.0519 0x0a30  swenum - ok
14:43:38.0591 0x0a30  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:43:38.0617 0x0a30  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
14:43:41.0039 0x0a30  Detect skipped due to KSN trusted
14:43:41.0039 0x0a30  SwitchBoard - ok
14:43:41.0096 0x0a30  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
14:43:41.0189 0x0a30  swprv - ok
14:43:41.0213 0x0a30  [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
14:43:41.0229 0x0a30  Synth3dVsc - ok
14:43:41.0317 0x0a30  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
14:43:41.0411 0x0a30  SysMain - ok
14:43:41.0451 0x0a30  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:43:41.0500 0x0a30  TabletInputService - ok
14:43:41.0539 0x0a30  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:43:41.0613 0x0a30  TapiSrv - ok
14:43:41.0643 0x0a30  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
14:43:41.0712 0x0a30  TBS - ok
14:43:41.0819 0x0a30  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:43:41.0898 0x0a30  Tcpip - ok
14:43:41.0948 0x0a30  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:43:41.0982 0x0a30  TCPIP6 - ok
14:43:42.0019 0x0a30  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:43:42.0035 0x0a30  tcpipreg - ok
14:43:42.0052 0x0a30  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:43:42.0102 0x0a30  TDPIPE - ok
14:43:42.0131 0x0a30  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:43:42.0167 0x0a30  TDTCP - ok
14:43:42.0208 0x0a30  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:43:42.0259 0x0a30  tdx - ok
14:43:42.0549 0x0a30  [ 5CEF407E235885DB5421DF79C843F2DF, B85D7C8A137B15BDF14DB9588CEDB09C67B0C7965F8E79121E2BA7796B16777C ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
14:43:42.0632 0x0a30  TeamViewer9 - ok
14:43:42.0668 0x0a30  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:43:42.0683 0x0a30  TermDD - ok
14:43:42.0710 0x0a30  [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
14:43:42.0750 0x0a30  terminpt - ok
14:43:42.0819 0x0a30  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
14:43:42.0869 0x0a30  TermService - ok
14:43:42.0882 0x0a30  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
14:43:42.0893 0x0a30  Themes - ok
14:43:42.0907 0x0a30  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:43:42.0928 0x0a30  THREADORDER - ok
14:43:42.0958 0x0a30  TOSHIBA Bluetooth Service - ok
14:43:42.0975 0x0a30  Tosrfcom - ok
14:43:42.0994 0x0a30  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
14:43:43.0061 0x0a30  TrkWks - ok
14:43:43.0114 0x0a30  [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
14:43:43.0128 0x0a30  TrueSight - ok
14:43:43.0162 0x0a30  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:43:43.0212 0x0a30  TrustedInstaller - ok
14:43:43.0247 0x0a30  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:43:43.0290 0x0a30  tssecsrv - ok
14:43:43.0327 0x0a30  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:43:43.0385 0x0a30  TsUsbFlt - ok
14:43:43.0423 0x0a30  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:43:43.0446 0x0a30  TsUsbGD - ok
14:43:43.0478 0x0a30  [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
14:43:43.0504 0x0a30  tsusbhub - ok
14:43:43.0532 0x0a30  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:43:43.0594 0x0a30  tunnel - ok
14:43:43.0619 0x0a30  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:43:43.0644 0x0a30  uagp35 - ok
14:43:43.0672 0x0a30  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:43:43.0720 0x0a30  udfs - ok
14:43:43.0740 0x0a30  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:43:43.0750 0x0a30  UI0Detect - ok
14:43:43.0762 0x0a30  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:43:43.0775 0x0a30  uliagpkx - ok
14:43:43.0796 0x0a30  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:43:43.0829 0x0a30  umbus - ok
14:43:43.0850 0x0a30  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
14:43:43.0866 0x0a30  UmPass - ok
14:43:43.0891 0x0a30  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
14:43:43.0923 0x0a30  UmRdpService - ok
14:43:43.0962 0x0a30  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
14:43:44.0038 0x0a30  upnphost - ok
14:43:44.0080 0x0a30  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
14:43:44.0130 0x0a30  USBAAPL64 - ok
14:43:44.0173 0x0a30  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
14:43:44.0218 0x0a30  usbaudio - ok
14:43:44.0249 0x0a30  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:43:44.0274 0x0a30  usbccgp - ok
14:43:44.0309 0x0a30  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:43:44.0331 0x0a30  usbcir - ok
14:43:44.0367 0x0a30  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:43:44.0384 0x0a30  usbehci - ok
14:43:44.0422 0x0a30  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:43:44.0450 0x0a30  usbhub - ok
14:43:44.0487 0x0a30  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:43:44.0503 0x0a30  usbohci - ok
14:43:44.0523 0x0a30  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:43:44.0543 0x0a30  usbprint - ok
14:43:44.0571 0x0a30  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:43:44.0599 0x0a30  USBSTOR - ok
14:43:44.0629 0x0a30  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:43:44.0645 0x0a30  usbuhci - ok
14:43:44.0663 0x0a30  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
14:43:44.0710 0x0a30  UxSms - ok
14:43:44.0724 0x0a30  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
14:43:44.0739 0x0a30  VaultSvc - ok
14:43:44.0746 0x0a30  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:43:44.0759 0x0a30  vdrvroot - ok
14:43:44.0794 0x0a30  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
14:43:44.0863 0x0a30  vds - ok
14:43:44.0880 0x0a30  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:43:44.0900 0x0a30  vga - ok
14:43:44.0908 0x0a30  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:43:44.0967 0x0a30  VgaSave - ok
14:43:44.0970 0x0a30  VGPU - ok
14:43:44.0995 0x0a30  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:43:45.0015 0x0a30  vhdmp - ok
14:43:45.0064 0x0a30  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:43:45.0089 0x0a30  viaide - ok
14:43:45.0114 0x0a30  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
14:43:45.0134 0x0a30  vmbus - ok
14:43:45.0148 0x0a30  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
14:43:45.0190 0x0a30  VMBusHID - ok
14:43:45.0212 0x0a30  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:43:45.0234 0x0a30  volmgr - ok
14:43:45.0255 0x0a30  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:43:45.0281 0x0a30  volmgrx - ok
14:43:45.0302 0x0a30  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:43:45.0326 0x0a30  volsnap - ok
14:43:45.0346 0x0a30  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:43:45.0365 0x0a30  vsmraid - ok
14:43:45.0467 0x0a30  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
14:43:45.0569 0x0a30  VSS - ok
14:43:45.0592 0x0a30  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:43:45.0640 0x0a30  vwifibus - ok
14:43:45.0666 0x0a30  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:43:45.0716 0x0a30  vwififlt - ok
14:43:45.0762 0x0a30  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
14:43:45.0800 0x0a30  W32Time - ok
14:43:45.0813 0x0a30  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:43:45.0835 0x0a30  WacomPen - ok
14:43:45.0857 0x0a30  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:43:45.0881 0x0a30  WANARP - ok
14:43:45.0885 0x0a30  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:43:45.0909 0x0a30  Wanarpv6 - ok
14:43:46.0109 0x0a30  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
14:43:46.0173 0x0a30  wbengine - ok
14:43:46.0194 0x0a30  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:43:46.0217 0x0a30  WbioSrvc - ok
14:43:46.0236 0x0a30  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:43:46.0261 0x0a30  wcncsvc - ok
14:43:46.0286 0x0a30  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:43:46.0327 0x0a30  WcsPlugInService - ok
14:43:46.0341 0x0a30  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
14:43:46.0355 0x0a30  Wd - ok
14:43:46.0404 0x0a30  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:43:46.0446 0x0a30  Wdf01000 - ok
14:43:46.0450 0x0a30  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:43:46.0487 0x0a30  WdiServiceHost - ok
14:43:46.0490 0x0a30  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:43:46.0501 0x0a30  WdiSystemHost - ok
14:43:46.0550 0x0a30  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
14:43:46.0575 0x0a30  WebClient - ok
14:43:46.0613 0x0a30  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:43:46.0659 0x0a30  Wecsvc - ok
14:43:46.0680 0x0a30  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:43:46.0744 0x0a30  wercplsupport - ok
14:43:46.0781 0x0a30  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:43:46.0821 0x0a30  WerSvc - ok
14:43:46.0829 0x0a30  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:43:46.0858 0x0a30  WfpLwf - ok
14:43:46.0874 0x0a30  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:43:46.0881 0x0a30  WIMMount - ok
14:43:46.0896 0x0a30  WinDefend - ok
14:43:46.0902 0x0a30  WinHttpAutoProxySvc - ok
14:43:46.0939 0x0a30  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:43:46.0992 0x0a30  Winmgmt - ok
14:43:47.0202 0x0a30  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
14:43:47.0303 0x0a30  WinRM - ok
14:43:47.0346 0x0a30  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:43:47.0367 0x0a30  WinUsb - ok
14:43:47.0434 0x0a30  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:43:47.0510 0x0a30  Wlansvc - ok
14:43:47.0819 0x0a30  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:43:47.0904 0x0a30  wlidsvc - ok
14:43:47.0917 0x0a30  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:43:47.0944 0x0a30  WmiAcpi - ok
14:43:47.0979 0x0a30  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:43:48.0005 0x0a30  wmiApSrv - ok
14:43:48.0013 0x0a30  WMPNetworkSvc - ok
14:43:48.0030 0x0a30  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:43:48.0048 0x0a30  WPCSvc - ok
14:43:48.0054 0x0a30  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:43:48.0066 0x0a30  WPDBusEnum - ok
14:43:48.0076 0x0a30  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:43:48.0099 0x0a30  ws2ifsl - ok
14:43:48.0126 0x0a30  [ AD12F5C7251BB8D575D560894E73CBBA, FAAA1440CBBDC889C0B8917065B932A9CC86E5C0FD5845D8830482915AF83F40 ] WsAudio_DeviceS(1) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
14:43:48.0138 0x0a30  WsAudio_DeviceS(1) - ok
14:43:48.0161 0x0a30  [ AD12F5C7251BB8D575D560894E73CBBA, FAAA1440CBBDC889C0B8917065B932A9CC86E5C0FD5845D8830482915AF83F40 ] WsAudio_DeviceS(2) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
14:43:48.0173 0x0a30  WsAudio_DeviceS(2) - ok
14:43:48.0197 0x0a30  [ AD12F5C7251BB8D575D560894E73CBBA, FAAA1440CBBDC889C0B8917065B932A9CC86E5C0FD5845D8830482915AF83F40 ] WsAudio_DeviceS(3) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
14:43:48.0208 0x0a30  WsAudio_DeviceS(3) - ok
14:43:48.0258 0x0a30  [ AD12F5C7251BB8D575D560894E73CBBA, FAAA1440CBBDC889C0B8917065B932A9CC86E5C0FD5845D8830482915AF83F40 ] WsAudio_DeviceS(4) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
14:43:48.0278 0x0a30  WsAudio_DeviceS(4) - ok
14:43:48.0301 0x0a30  [ AD12F5C7251BB8D575D560894E73CBBA, FAAA1440CBBDC889C0B8917065B932A9CC86E5C0FD5845D8830482915AF83F40 ] WsAudio_DeviceS(5) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
14:43:48.0312 0x0a30  WsAudio_DeviceS(5) - ok
14:43:48.0334 0x0a30  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
14:43:48.0374 0x0a30  wscsvc - ok
14:43:48.0377 0x0a30  WSearch - ok
14:43:48.0585 0x0a30  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:43:48.0659 0x0a30  wuauserv - ok
14:43:48.0689 0x0a30  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:43:48.0713 0x0a30  WudfPf - ok
14:43:48.0743 0x0a30  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:43:48.0765 0x0a30  WUDFRd - ok
14:43:48.0801 0x0a30  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:43:48.0836 0x0a30  wudfsvc - ok
14:43:48.0898 0x0a30  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:43:48.0975 0x0a30  WwanSvc - ok
14:43:49.0014 0x0a30  [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
14:43:49.0041 0x0a30  xusb21 - ok
14:43:49.0062 0x0a30  ================ Scan global ===============================
14:43:49.0086 0x0a30  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:43:49.0123 0x0a30  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:43:49.0141 0x0a30  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:43:49.0179 0x0a30  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:43:49.0198 0x0a30  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
14:43:49.0210 0x0a30  [ Global ] - ok
14:43:49.0210 0x0a30  ================ Scan MBR ==================================
14:43:49.0216 0x0a30  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:43:51.0779 0x0a30  \Device\Harddisk0\DR0 - ok
14:43:51.0780 0x0a30  ================ Scan VBR ==================================
14:43:51.0783 0x0a30  [ 16EE3A700D774B01372F1415E00037DC ] \Device\Harddisk0\DR0\Partition1
14:43:51.0902 0x0a30  \Device\Harddisk0\DR0\Partition1 - ok
14:43:51.0903 0x0a30  ================ Scan generic autorun ======================
14:43:52.0445 0x0a30  [ 798DF4955D7DE4552706B3ECB65B3C80, C0DD4999D8E5505EBC5ADB2B458339BA1444FE897C8568E872C9F8CCF7C5360B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
14:43:52.0724 0x0a30  RtHDVCpl - ok
14:43:52.0888 0x0a30  [ 39CF316EB5842AE27CC0D3CC4E2840DE, BC4D4ED926F988B7B70CC87B7EC92D148DA6BC39C5C514751F1B0CA69D0F9081 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
14:43:52.0918 0x0a30  BCSSync - ok
14:43:53.0100 0x0a30  [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] c:\Program Files\Microsoft Security Client\msseces.exe
14:43:53.0167 0x0a30  MSC - ok
14:43:53.0268 0x0a30  [ 5858DE874168C5F0AEA7A353DD520D48, DB77AF431227AEBD92C6E40AC723435E83DCF4620B7366D4FA6D9ACB500AA6EA ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
14:43:53.0374 0x0a30  CanonMyPrinter - ok
14:43:53.0513 0x0a30  [ DB282FA0CBA880D36BA5FBE748BD6F4F, C3A6AB6A2D084048F8C622B9B4CF138CE577B7B4CBC0BF00E5CB2A18918070DC ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
14:43:53.0541 0x0a30  AdobeAAMUpdater-1.0 - ok
14:43:53.0619 0x0a30  [ 545676F48851A5C65A38CAE5B5518C95, F7CD893B8198AA22347CB96A61C258217FA0A1B1CC1733784B5FD84A7B208264 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
14:43:53.0643 0x0a30  APSDaemon - ok
14:43:53.0688 0x0a30  [ EBC0E8C0A4DDA2C32A7D5863462A321A, 2F410138DB66D0219254339F1F098E401CEDAA032596F1F67BC54F394256FC68 ] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
14:43:53.0705 0x0a30  amd_dc_opt - detected UnsignedFile.Multi.Generic ( 1 )
14:43:56.0132 0x0a30  Detect skipped due to KSN trusted
14:43:56.0132 0x0a30  amd_dc_opt - ok
14:43:56.0493 0x0a30  [ 00AB2B491C7037BB219BEB26FAD34C72, 95EDBBE07EB85EEE1376252AA975BAA61235C80FC03036357BD4786E5D6B9703 ] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
14:43:56.0585 0x0a30  CanonSolutionMenuEx - ok
14:43:56.0694 0x0a30  [ 5F7EE76129F9A591F22F99F95D97AC95, D3446BD4CAB8017B44BAD94EBB88468D080AC65E14444C12B09B6BF3E70B2AED ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
14:43:56.0730 0x0a30  IJNetworkScannerSelectorEX - ok
14:43:56.0800 0x0a30  [ BBCCA29684E7C80B7AE4F5680EDF6FA8, 1101DCCB6CD0C45308F4A23DC4EEF6C6A7EE89C3A0A9FA74F5D2AFBACE6DCC98 ] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
14:43:56.0827 0x0a30  DivXMediaServer - ok
14:43:56.0850 0x0a30  Wondershare Helper Compact.exe - ok
14:43:56.0945 0x0a30  [ 16AFB34618E1286FF856DC600AC49C79, 431EC110507685A0F4472EAE35383B4C1E3DC0B56E01CDECFB18F753181DC995 ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
14:43:56.0995 0x0a30  DivXUpdate - ok
14:43:57.0073 0x0a30  [ 635F9280C61F3A67D920061E382A7717, D29A0616C821525977B0B3A80B81EC2403E36D238D89F5E742F9B9BE69F03543 ] C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
14:43:57.0105 0x0a30  AdobeCEPServiceManager - ok
14:43:57.0125 0x0a30  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:43:57.0138 0x0a30  SwitchBoard - detected UnsignedFile.Multi.Generic ( 1 )
14:43:57.0138 0x0a30  Detect skipped due to KSN trusted
14:43:57.0138 0x0a30  SwitchBoard - ok
14:43:57.0215 0x0a30  [ 8FE651ACBA3344E645CFEB6286FFF6B8, ECE4DFFEB7EB0B19B6790FD0F619A5C4B23CA0BA9CC3F25924925F8EA07264B6 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
14:43:57.0243 0x0a30  AdobeCS6ServiceManager - ok
14:43:57.0276 0x0a30  [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
14:43:57.0286 0x0a30  SunJavaUpdateSched - ok
14:43:57.0344 0x0a30  [ 271B0D188430670509CB9943D5229205, 74CB5A9D8B5988AE08C0F65C601FC54F8745BAB6825B6FEEFBA8F068D656D8D7 ] C:\Program Files (x86)\QuickTime\QTTask.exe
14:43:57.0376 0x0a30  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
14:43:59.0802 0x0a30  Detect skipped due to KSN trusted
14:43:59.0802 0x0a30  QuickTime Task - ok
14:43:59.0898 0x0a30  [ 1E74755254CCD44A4CC61E73E14BBA4E, 0A5B5A289E3AD75A8C2DF763026C2590DF5A2D966CC1346AB17AE960142119EA ] C:\Program Files (x86)\Raptr\raptrstub.exe
14:43:59.0923 0x0a30  Raptr - ok
14:44:00.0033 0x0a30  [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
14:44:00.0089 0x0a30  StartCCC - ok
14:44:00.0167 0x0a30  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:44:00.0317 0x0a30  Sidebar - ok
14:44:00.0353 0x0a30  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:44:00.0378 0x0a30  mctadmin - ok
14:44:00.0423 0x0a30  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
14:44:00.0449 0x0a30  Sidebar - ok
14:44:00.0452 0x0a30  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
14:44:00.0464 0x0a30  mctadmin - ok
14:44:00.0780 0x0a30  [ EAF6FC1199F0B3390DD6451C3F4F3AC5, 020F5EC7C6A0446A5211C55B842507EE412B8324EF88F95E8B47BA780F29F1CD ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
14:44:00.0908 0x0a30  DAEMON Tools Lite - ok
14:44:01.0009 0x0a30  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\sidebar.exe
14:44:01.0041 0x0a30  Sidebar - ok
14:44:01.0043 0x0a30  RGSC - ok
14:44:01.0282 0x0a30  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Users\Miha\AppData\Local\Google\Update\GoogleUpdate.exe
14:44:01.0308 0x0a30  Google Update - ok
14:44:01.0388 0x0a30  [ 05DD0C6B983F7C2E9B4BF1B91AFC3545, C130179DAA1F06915556E802DBB6576694C36A459EADE70D52A85ED00D3CF2D4 ] C:\Program Files (x86)\Steam\Steam.exe
14:44:01.0421 0x0a30  Steam - ok
14:44:01.0457 0x0a30  [ 2A3FB4C98F139038E23330D2439DB8A4, DE9253AD362B03FA5D3D4912662398E5C4AC76F7274B83E51C251A6921A5B838 ] C:\Users\Miha\AppData\Local\Facebook\Update\FacebookUpdate.exe
14:44:01.0483 0x0a30  Facebook Update - ok
14:44:01.0862 0x0a30  [ B2BAE2D76FBE9FDC3F6E0D1F886DF367, 964EBF736891BE252C68FCE1F9EAD5E60E6E0C2119D21C6DF49FBD30FBB678EF ] C:\Program Files\CCleaner\CCleaner64.exe
14:44:02.0074 0x0a30  CCleaner Monitoring - ok
14:44:02.0079 0x0a30  Waiting for KSN requests completion. In queue: 18
14:44:03.0079 0x0a30  Waiting for KSN requests completion. In queue: 11
14:44:04.0079 0x0a30  Waiting for KSN requests completion. In queue: 11
14:44:05.0096 0x0a30  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x60000 ( disabled : updated )
14:44:05.0100 0x0a30  Win FW state via NFP2: enabled
14:44:07.0452 0x0a30  ============================================================
14:44:07.0452 0x0a30  Scan finished
14:44:07.0452 0x0a30  ============================================================
14:44:07.0460 0x08e4  Detected object count: 0
14:44:07.0460 0x08e4  Actual detected object count: 0
 
There you go! That was a doozy haha :D

Thanks again! 

Edited by SlovBoy, 08 January 2015 - 09:00 AM.


#11 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 PM

Posted 08 January 2015 - 06:37 PM

Well, the machine is running as it always has (which is good :D), but the good news is, after running JRT, the Unisales extension is gone and it didn't reappear after I closed the browser


:thumbsup: Let's search for remnants, orphans and out of date programs.



Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#12 SlovBoy

SlovBoy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 09 January 2015 - 12:50 PM

Here we go! 

MBAM Log:

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 9.1.2015
Scan Time: 15:34:36
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.09.09
Rootkit Database: v2015.01.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Miha
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361554
Time Elapsed: 10 min, 55 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 

ESET Scan Log: 

Something went wrong here as I don't think this is the thing you want to see - I did what you said to do and this is what I got in the log.txt: 
 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

And the thing is, it found 16 threats, one of them was a Trojan I'm thinking. Do I do it again? 
 

SecurityCheck Log: 

 

 Results of screen317's Security Check version 0.99.93  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 JavaFX 2.1.1    
 Java 7 Update 71  
  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  
 Google Chrome (39.0.2171.71) 
 Google Chrome (39.0.2171.95) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 3% 
````````````````````End of Log`````````````````````` 


#13 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 PM

Posted 09 January 2015 - 01:39 PM

Yes, please re-run the ESET online scan.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#14 SlovBoy

SlovBoy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 09 January 2015 - 07:15 PM

Okay, it worked this time :) 
 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5b20e09cf2e12e43ade3e0cdec9f1bfb
# engine=21893
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-10 12:04:48
# local_time=2015-01-10 01:04:48 (+0100, Central Europe Standard Time)
# country="Slovenia"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 10489405 115025898 0 0
# scanned=329706
# found=16
# cleaned=0
# scan_time=9357
sh=5954DF5EE9AA4216E5BC4B0C36421791FFA2F73A ft=1 fh=c0826da800f65e5e vn="Win32/AdWare.Snoozer.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Miha\AppData\Roaming\Snz\Snz.exe.vir"
sh=FF09405D54F942225103E272172A1B4B219B5D68 ft=1 fh=2d15bb0f95d98e8c vn="a variant of Win64/Adware.MultiPlug.E application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\unissallees\hYSjKpipu3biDa.x64.dll"
sh=FB7597CA19EFEC7D8F106D2AA9204B0FF2740678 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\jlbcnjhjknoclhgdjgeijpmjjpdmllno\WkzXBLn.js"
sh=88832E8EEA122BDA058FBEAE5DD6AABBF68C7217 ft=1 fh=ebfe9b6a20f8d7e0 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application" ac=I fn="C:\Program Files (x86)\Batman Arkham Origins Blackgate Deluxe Edition\Bin\steam_api.dll"
sh=120DC13B4F5E666393F1DA9A07581F2BB3C8C8ED ft=1 fh=4a303e5d20f8d7e0 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application" ac=I fn="C:\Program Files (x86)\Southpark Stick of Truth\steam_api.dll"
sh=05FF92BFB54B2B3CEE8031952C2151D6CAD5E4A9 ft=1 fh=4592cd5e2b2b049b vn="a variant of Win32/HackTool.Crack.CC potentially unsafe application" ac=I fn="C:\Program Files (x86)\Worms Revolution\steam_api.dll"
sh=DAEB859181B43D146BB2D20274CED8E2BB7EA3A0 ft=1 fh=ef505bc87f347032 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application" ac=I fn="C:\Program Files (x86)\Young Justice Legacy\steam_api.dll"
sh=C75895A66877531197C0AF338EDA0FD7D56E9A05 ft=0 fh=0000000000000000 vn="Win32/Keygen.FC potentially unsafe application" ac=I fn="C:\Users\Miha\Documents\Miha\TS2_ISOS\Exp6.GlamourLifeStuff.disk1.iso"
sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Miha\Downloads\ccsetup414.exe"
sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Miha\Downloads\ccsetup501.exe"
sh=D9A4CC73250E96D86AA91CC34586517DF75339C7 ft=1 fh=0d3846bed0cccad8 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Miha\Downloads\cdbxp_setup_4.5.2.4255.exe"
sh=399415CE967A53CB5D6AABCE8FE2540F61A58D65 ft=1 fh=8f1082262225e6ca vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Miha\Downloads\FreeYouTubeToiPodConverter (1).exe"
sh=F160EF131CA4A8D68B63B0CD60C43EEC1FE26A9B ft=1 fh=c364e810e38af3dc vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Miha\Downloads\FreeYouTubeToiPodConverter (2).exe"
sh=0D667F7B6582674ABEAE6760D7FC8CE63B8A9931 ft=1 fh=2640ac28e792c9c3 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Miha\Downloads\FreeYouTubeToiPodConverter.exe"
sh=CBC367FDA9FAEA994C924FB8E55207A018184FC4 ft=1 fh=a2af9b8183195b0f vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Miha\Downloads\FreeYouTubeToMP3Converter.exe"
sh=6A5BD0BFE8C0B6CD4DCBD9622B8B872B2D22B740 ft=1 fh=e29e8c19ecea73f1 vn="a variant of Win32/OpenInstall potentially unwanted application" ac=I fn="C:\Users\Miha\Downloads\SubtitleWorkshopv60b.exe"
 
I still have Chrome installed... Do I delete it?


#15 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:26 PM

Posted 09 January 2015 - 08:00 PM

Hello :)

I do want to let you know that having cracks and keygens on your machine is not condoned here. This is a violation of the Terms of Use that you agreed to when signed up for your account here, as shown here:
 

No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences.


I still have Chrome installed... Do I delete it?


Not yet, we'll take care of that when I do my cleanup procedures.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
C:\Program Files (x86)\Batman Arkham Origins Blackgate Deluxe Edition\Bin\steam_api.dll
C:\Program Files (x86)\Southpark Stick of Truth\steam_api.dll
C:\Program Files (x86)\Worms Revolution\steam_api.dll
C:\Program Files (x86)\Young Justice Legacy\steam_api.dll
C:\Users\Miha\Documents\Miha\TS2_ISOS\Exp6.GlamourLifeStuff.disk1.iso
C:\Users\Miha\Downloads\ccsetup414.exeC:\Users\Miha\Downloads\ccsetup501.exe
C:\Users\Miha\Downloads\cdbxp_setup_4.5.2.4255.exe
C:\Users\Miha\Downloads\FreeYouTubeToiPodConverter (1).exe
C:\Users\Miha\Downloads\FreeYouTubeToiPodConverter (2).exe
C:\Users\Miha\Downloads\FreeYouTubeToiPodConverter.exe
C:\Users\Miha\Downloads\FreeYouTubeToMP3Converter.exe
C:\Users\Miha\Downloads\SubtitleWorkshopv60b.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Things I need to see in your next post:

Fixlog.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users