Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Miner.exe makes movie lag after 12 minutes


  • This topic is locked This topic is locked
28 replies to this topic

#1 Quent187

Quent187

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 12 February 2015 - 06:35 AM

Hello,

 

I'm having this problem for several months. When I watch a movie on my laptop, it starts lagging after approximately 12 minutes. If I move the mouse or hit the spacebar, it comes back to normal until it does it again 12 minutes later. I tried to find what was causing this by looking in the background activity to spot the problem, couldn't find anything... Then I realised that when my wifi was off, the problem wouldn't occur. I then looked for something using my connection in the background (using TCPVieuw) and I think the problem is coming from something called "miner.exe" but I don't know how to solve the problem.

 

 

Thank you very much for the help you can provide!

 

Quentin.

 

Here's the content of the FRST.txt log :

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Quent187 (administrator) on QUENTIN on 12-02-2015 12:21:37
Running from C:\Users\Quent187\Dropbox\Downloads
Loaded Profiles: Quent187 (Available profiles: Quent187)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hanwang Technology Co.,Ltd. ) C:\Program Files\ASUS\ASUS FaceID\HWFaceKeyService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Console\ASUS Console Starter.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(ultracopier.first-world.info) C:\Program Files\Supercopier\supercopier.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Flux Software LLC) C:\Users\Quent187\AppData\Local\FluxSoftware\Flux\flux.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Team XBMC) C:\Program Files (x86)\XBMC\XBMC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Dropbox, Inc.) C:\Users\Quent187\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe
(Microsoft Corporation) C:\Windows\FileManager\PhotosApp.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-10] (cyberlink)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [13936 2013-12-19] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKLM-x32\...\Run: [beid] => "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-24] (CyberLink Corp.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [GoogleChromeAutoLaunch_EC4FBE61DE590B2C589EF8FDE6C2E536] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [ultracopier] => C:\Program Files\Supercopier\supercopier.exe [1319936 2014-02-19] (ultracopier.first-world.info)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [f.lux] => C:\Users\Quent187\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6185240 2013-06-19] (Piriform Ltd)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6185240 2013-06-19] (Piriform Ltd)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [Google Update] => C:\Users\Quent187\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-19] (Google Inc.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [uTorrent] => C:\Users\Quent187\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-22] (BitTorrent Inc.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [RocketDock] => "C:\Program Files (x86)\RocketDock\RocketDock.exe"
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [Facebook Update] => C:\Users\Quent187\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-07] (Facebook Inc.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\MountPoints2: {23c4d628-f4e1-11e3-825d-ac7ba15d53c1} - "D:\AutoRun.exe" 
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\MountPoints2: {23c4d6da-f4e1-11e3-825d-ac7ba15d53c1} - "D:\AutoRun.exe" 
Startup: C:\Users\Quent187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Quent187\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Quent187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Quent187\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Quent187\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Quent187\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: eID België - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.be/
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-11]
CHR Extension: (Superbe capture d'écran : capturer et annoter) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-06-11]
CHR Extension: (Google Docs) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-11]
CHR Extension: (Google Drive) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-06]
CHR Extension: (Shoptimate : comparateur de prix instantané) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibdombdcdbbnfdjkaajfgnfhlapibde [2014-11-27]
CHR Extension: (YouTube) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-11]
CHR Extension: (Google Cast) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-06-19]
CHR Extension: (Facebook) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-07-03]
CHR Extension: (Download FB Album mod) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2014-06-11]
CHR Extension: (Pushbullet) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-11-20]
CHR Extension: (Recherche Google) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-11]
CHR Extension: (Tampermonkey) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-06-11]
CHR Extension: (Google+) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-07-03]
CHR Extension: (Google Agenda) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-06-11]
CHR Extension: (AdBlock) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-11]
CHR Extension: (Hola Internet en mieux) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-06-11]
CHR Extension: (Bookmark Manager) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-25]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-06-11]
CHR Extension: (everygain Translator) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhijkfigabfjoaejaejbpmcncfbaomap [2015-01-16]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-06-11]
CHR Extension: (Dropbox) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-06-11]
CHR Extension: (Streamus) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2015-01-20]
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2014-06-11]
CHR Extension: (Hype Machine) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgamnplmeomlmobikbfjlbfiebabcfpp [2014-07-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-17]
CHR Extension: (Google Maps) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-11]
CHR Extension: (Google Wallet) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-11]
CHR Extension: (Hover Zoom) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-06-11]
CHR Extension: (Click&Clean App) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-06-11]
CHR Extension: (Outlook.com) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-07-03]
CHR Extension: (Evernote Web Clipper) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-06-11]
CHR Extension: (Gmail) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-11]
CHR HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-18] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASUS FaceID Service; C:\Program Files\ASUS\ASUS FaceID\HWFaceKeyService.exe [261648 2013-10-24] (Hanwang Technology Co.,Ltd. )
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-10] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACSSCR; C:\Windows\system32\DRIVERS\a38usb.sys [62592 2014-05-14] (Advanced Card Systems Ltd.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-11-08] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-11] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3609568 2013-12-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows ® Win 7 DDK provider)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 tpfiltdev; C:\Windows\System32\drivers\tpfiltdev.sys [7424 2012-02-08] ()
S3 tpusbnet; C:\Windows\system32\DRIVERS\tpusbnet.sys [154112 2011-12-08] (QUALCOMM Incorporated)
S3 tpusbser; C:\Windows\system32\DRIVERS\tpusbser.sys [123648 2011-12-08] (QUALCOMM Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-10] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-12 12:20 - 2015-02-12 12:21 - 00000000 ____D () C:\FRST
2015-02-12 11:02 - 2015-02-12 11:02 - 00000000 ____D () C:\Windows\LastGood
2015-02-12 11:01 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-12 11:01 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-11 16:48 - 2015-02-12 10:53 - 00001508 _____ () C:\Windows\setupact.log
2015-02-11 16:48 - 2015-02-11 16:48 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-11 10:58 - 2015-02-11 11:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 10:58 - 2015-02-11 10:58 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-11 10:58 - 2015-02-11 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-11 10:58 - 2015-02-11 10:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-11 10:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-11 10:58 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-11 10:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-11 10:57 - 2015-02-11 11:43 - 00000000 ____D () C:\AdwCleaner
2015-02-10 18:20 - 2015-02-10 18:20 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-10 18:20 - 2015-02-10 18:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-06 18:12 - 2015-02-06 18:12 - 00003688 _____ () C:\Windows\System32\Tasks\klcp_update
2015-02-06 18:11 - 2015-02-06 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-02-06 18:11 - 2015-02-06 18:11 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2015-02-06 18:11 - 2015-01-13 19:00 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2015-02-06 18:11 - 2014-12-21 14:58 - 03570688 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2015-02-06 18:11 - 2014-12-21 14:57 - 03588608 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2015-02-06 18:11 - 2014-12-04 23:56 - 00729088 _____ () C:\Windows\system32\xvidcore.dll
2015-02-06 18:11 - 2014-12-04 23:55 - 00655872 _____ () C:\Windows\SysWOW64\xvidcore.dll
2015-02-06 18:11 - 2014-12-02 15:10 - 00260184 _____ () C:\Windows\system32\unrar64.dll
2015-02-06 18:11 - 2014-12-02 15:10 - 00218712 _____ () C:\Windows\SysWOW64\unrar.dll
2015-02-06 18:11 - 2014-11-14 15:12 - 00254976 _____ () C:\Windows\system32\xvidvfw.dll
2015-02-06 18:11 - 2014-11-14 15:11 - 00240128 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2015-02-06 18:11 - 2012-07-21 12:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2015-02-06 18:11 - 2012-07-21 12:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2015-02-06 18:11 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2015-02-06 18:11 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2015-02-02 18:16 - 2015-02-02 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-02 18:15 - 2015-02-02 18:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-02 18:15 - 2015-02-02 18:15 - 00000000 ____D () C:\Program Files\iTunes
2015-02-02 18:15 - 2015-02-02 18:15 - 00000000 ____D () C:\Program Files\iPod
2015-02-02 18:15 - 2015-02-02 18:15 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-26 18:33 - 2015-01-26 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Joiner
2015-01-26 18:33 - 2015-01-26 18:33 - 00000000 ____D () C:\Program Files (x86)\Free Video Joiner
2015-01-23 17:30 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 17:30 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-20 18:03 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-20 18:03 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-20 18:03 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-20 18:03 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-20 18:03 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-20 18:03 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-20 18:03 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-20 18:03 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-20 18:03 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-20 18:03 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-20 18:03 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-20 18:03 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-20 18:03 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-20 18:03 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-20 18:03 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-20 18:03 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-20 18:03 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-20 18:03 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-20 18:03 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-20 18:03 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-20 18:03 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-20 18:03 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-20 18:03 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-20 18:03 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-20 17:58 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-20 17:58 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-20 17:55 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-20 17:55 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-20 08:42 - 2015-01-20 08:42 - 00000558 _____ () C:\Windows\Tasks\Adobe Acrobat Update Task.job
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-12 12:14 - 2014-06-19 17:53 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002UA.job
2015-02-12 12:05 - 2014-07-04 17:55 - 01699348 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-12 11:52 - 2014-07-03 21:37 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-12 11:51 - 2014-06-11 12:22 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 11:47 - 2014-09-24 16:50 - 00003754 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-02-12 11:06 - 2014-06-11 11:12 - 00000000 ____D () C:\Users\Quent187\AppData\Local\Packages
2015-02-12 11:03 - 2014-03-08 22:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-12 10:07 - 2014-10-07 21:02 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002UA.job
2015-02-12 09:59 - 2014-06-11 11:18 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4237854855-1735647191-1485768694-1002
2015-02-12 09:54 - 2014-06-11 15:22 - 00000000 ___RD () C:\Users\Quent187\Dropbox
2015-02-12 09:54 - 2014-06-11 14:56 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\Dropbox
2015-02-12 09:53 - 2014-06-11 15:15 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 09:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-12 09:40 - 2014-06-11 11:24 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7DC015E0-9944-4570-8C59-81106872CFC3}
2015-02-11 22:07 - 2014-10-07 21:02 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002Core.job
2015-02-11 18:14 - 2014-06-19 17:53 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002Core.job
2015-02-11 17:50 - 2014-06-11 12:22 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-11 17:10 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-11 11:50 - 2014-06-11 16:53 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\uTorrent
2015-02-11 11:50 - 2014-06-11 11:13 - 00000062 _____ () C:\Users\Quent187\AppData\Roaming\sp_data.sys
2015-02-11 11:48 - 2014-06-12 17:12 - 00000000 ___DO () C:\Users\Quent187\SkyDrive
2015-02-11 11:46 - 2014-06-12 13:28 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\XBMC
2015-02-11 11:46 - 2014-06-11 20:13 - 00000000 ___RD () C:\Users\Quent187\Google Drive
2015-02-11 11:44 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 11:44 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-09 21:25 - 2014-07-07 21:39 - 00000000 ____D () C:\Users\Quent187\Documents\µTorrent
2015-02-08 21:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-06 21:29 - 2013-12-13 05:09 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-06 21:28 - 2014-06-11 16:30 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\Winamp
2015-02-05 22:01 - 2014-03-08 22:45 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 22:01 - 2014-03-08 22:45 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 20:07 - 2014-03-08 22:46 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 20:07 - 2014-03-08 22:46 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-03-08 22:46 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-03-08 22:46 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-03-08 22:46 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 20:06 - 2014-03-08 22:46 - 01098384 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-02-05 20:06 - 2014-03-08 22:46 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 20:06 - 2014-03-08 22:46 - 00074896 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-02-05 18:09 - 2014-06-19 17:53 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002UA
2015-02-05 18:09 - 2014-06-19 17:53 - 00003508 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002Core
2015-02-05 17:46 - 2014-06-11 12:22 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 17:45 - 2014-06-11 12:22 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 13:50 - 2014-03-08 22:46 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-04 19:26 - 2014-06-12 09:37 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\vlc
2015-02-03 20:31 - 2014-06-13 10:16 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-06-13 10:16 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 18:15 - 2014-06-12 08:53 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-02 00:43 - 2014-06-11 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-02 00:43 - 2014-06-11 15:34 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-02 00:43 - 2014-03-08 22:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-01 20:32 - 2014-06-11 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-01-29 23:47 - 2014-06-11 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-28 18:02 - 2014-06-12 15:23 - 00000000 ____D () C:\Users\Quent187\Documents\Outlook Files
2015-01-28 17:56 - 2014-06-11 11:12 - 00000000 ____D () C:\Users\Quent187
2015-01-22 23:44 - 2014-06-12 21:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-22 23:40 - 2014-06-12 21:04 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-16 07:41 - 2014-06-12 13:08 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-01-16 07:41 - 2014-06-12 13:08 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-01-16 07:41 - 2014-03-08 22:47 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-01-16 07:41 - 2014-03-08 22:47 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
 
==================== Files in the root of some directories =======
 
2014-06-13 10:54 - 2014-06-13 10:54 - 0000021 _____ () C:\Users\Quent187\AppData\Roaming\my_intel.sys
2014-06-11 11:13 - 2015-02-11 11:50 - 0000062 _____ () C:\Users\Quent187\AppData\Roaming\sp_data.sys
2014-03-08 22:36 - 2014-03-08 22:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-13 05:09 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-12-13 05:09 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-12-13 05:09 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2014-06-11 11:35 - 2014-06-11 11:36 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-06-11 11:35 - 2014-06-11 11:35 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
Some content of TEMP:
====================
C:\Users\Quent187\AppData\Local\Temp\avgnt.exe
C:\Users\Quent187\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Quent187\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptpkptv.dll
C:\Users\Quent187\AppData\Local\Temp\Quarantine.exe
C:\Users\Quent187\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-09 17:15
 
==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 AM

Posted 15 February 2015 - 02:34 PM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Quent187

Quent187
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 16 February 2015 - 04:36 AM

Hello,

 

Thank you for your help! Fyi I run windows 8.1.

 

Here are the 4 logs :

 

 

AdwCleaner :

 

# AdwCleaner v4.110 - Logfile created 16/02/2015 at 09:27:59
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Quent187 - QUENTIN
# Running from : C:\Users\Quent187\Dropbox\Downloads\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v0.0.0.0
 
 
-\\ Google Chrome v40.0.2214.111
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [4115 bytes] - [11/02/2015 11:36:50]
AdwCleaner[R1].txt - [873 bytes] - [16/02/2015 09:17:09]
AdwCleaner[S0].txt - [5634 bytes] - [11/02/2015 11:43:09]
AdwCleaner[S1].txt - [801 bytes] - [16/02/2015 09:27:59]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [859  bytes] ##########
 
 
Malwarebytes :
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 16/02/2015
Scan Time: 09:36:47
Logfile: Malwarebytes.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.16.03
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Quent187
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342969
Time Elapsed: 14 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
JRT :
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 8.1 x64
Ran by Quent187 on 16/02/2015 at  9:55:58.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Quent187\appdata\local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/02/2015 at  9:57:33.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
FRST :
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Quent187 (administrator) on QUENTIN on 16-02-2015 10:11:22
Running from C:\Users\Quent187\Dropbox\Downloads
Loaded Profiles: Quent187 (Available profiles: Quent187)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hanwang Technology Co.,Ltd. ) C:\Program Files\ASUS\ASUS FaceID\HWFaceKeyService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Console\ASUS Console Starter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
() C:\Windows\AutoKMS\AutoKMS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ultracopier.first-world.info) C:\Program Files\Supercopier\supercopier.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flux Software LLC) C:\Users\Quent187\AppData\Local\FluxSoftware\Flux\flux.exe
(Dropbox, Inc.) C:\Users\Quent187\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-10] (cyberlink)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [13936 2013-12-19] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKLM-x32\...\Run: [beid] => "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-24] (CyberLink Corp.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [GoogleChromeAutoLaunch_EC4FBE61DE590B2C589EF8FDE6C2E536] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [ultracopier] => C:\Program Files\Supercopier\supercopier.exe [1319936 2014-02-19] (ultracopier.first-world.info)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [f.lux] => C:\Users\Quent187\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6185240 2013-06-19] (Piriform Ltd)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6185240 2013-06-19] (Piriform Ltd)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [Google Update] => C:\Users\Quent187\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-19] (Google Inc.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [uTorrent] => C:\Users\Quent187\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-22] (BitTorrent Inc.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [RocketDock] => "C:\Program Files (x86)\RocketDock\RocketDock.exe"
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [Facebook Update] => C:\Users\Quent187\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-07] (Facebook Inc.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\MountPoints2: {23c4d628-f4e1-11e3-825d-ac7ba15d53c1} - "D:\AutoRun.exe" 
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\MountPoints2: {23c4d6da-f4e1-11e3-825d-ac7ba15d53c1} - "D:\AutoRun.exe" 
Startup: C:\Users\Quent187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Quent187\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Quent187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Quent187\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Quent187\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Quent187\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: eID België - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.be/
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-11]
CHR Extension: (Superbe capture d'écran : capturer et annoter) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-06-11]
CHR Extension: (Google Docs) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-11]
CHR Extension: (Google Drive) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-06]
CHR Extension: (Shoptimate : comparateur de prix instantané) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibdombdcdbbnfdjkaajfgnfhlapibde [2014-11-27]
CHR Extension: (YouTube) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-11]
CHR Extension: (Google Cast) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-06-19]
CHR Extension: (Facebook) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-07-03]
CHR Extension: (Download FB Album mod) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2014-06-11]
CHR Extension: (Pushbullet) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-11-20]
CHR Extension: (Recherche Google) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-11]
CHR Extension: (Tampermonkey) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-06-11]
CHR Extension: (Google+) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-07-03]
CHR Extension: (Google Agenda) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-06-11]
CHR Extension: (AdBlock) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-11]
CHR Extension: (Hola Internet en mieux) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-02-16]
CHR Extension: (Bookmark Manager) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-25]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-06-11]
CHR Extension: (everygain Translator) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhijkfigabfjoaejaejbpmcncfbaomap [2015-01-16]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-06-11]
CHR Extension: (Dropbox) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-06-11]
CHR Extension: (Streamus) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2015-01-20]
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2014-06-11]
CHR Extension: (Hype Machine) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgamnplmeomlmobikbfjlbfiebabcfpp [2014-07-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-17]
CHR Extension: (Google Maps) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-11]
CHR Extension: (Google Wallet) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-11]
CHR Extension: (Hover Zoom) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-06-11]
CHR Extension: (Click&Clean App) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-06-11]
CHR Extension: (Outlook.com) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-07-03]
CHR Extension: (Evernote Web Clipper) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-06-11]
CHR Extension: (Gmail) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-11]
CHR HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-18] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASUS FaceID Service; C:\Program Files\ASUS\ASUS FaceID\HWFaceKeyService.exe [261648 2013-10-24] (Hanwang Technology Co.,Ltd. )
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-10] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACSSCR; C:\Windows\system32\DRIVERS\a38usb.sys [62592 2014-05-14] (Advanced Card Systems Ltd.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-11-08] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3609568 2013-12-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows ® Win 7 DDK provider)
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 tpfiltdev; C:\Windows\System32\drivers\tpfiltdev.sys [7424 2012-02-08] ()
S3 tpusbnet; C:\Windows\system32\DRIVERS\tpusbnet.sys [154112 2011-12-08] (QUALCOMM Incorporated)
S3 tpusbser; C:\Windows\system32\DRIVERS\tpusbser.sys [123648 2011-12-08] (QUALCOMM Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-10] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 09:57 - 2015-02-16 09:57 - 00000911 _____ () C:\Users\Quent187\Desktop\JRT.txt
2015-02-16 09:54 - 2015-02-16 09:54 - 00001053 _____ () C:\Users\Quent187\Desktop\Malwarebytes.txt
2015-02-16 09:37 - 2015-02-16 09:37 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-02-16 09:37 - 2015-02-16 09:37 - 00000938 _____ () C:\Users\Quent187\Desktop\AdwCleaner[S1].txt
2015-02-14 01:14 - 2015-02-16 10:03 - 00352096 ____N () C:\Windows\WindowsUpdate.log
2015-02-12 18:08 - 2015-02-14 00:37 - 00000000 ____D () C:\Users\Quent187\AppData\Local\CrashDumps
2015-02-12 12:20 - 2015-02-16 10:11 - 00000000 ____D () C:\FRST
2015-02-12 11:01 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-12 11:01 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-11 17:12 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 17:12 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 17:12 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 17:12 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 17:12 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 17:12 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 17:12 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 17:12 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 17:12 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 17:11 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 17:11 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 17:11 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 17:11 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 17:11 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 17:11 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 17:11 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 17:11 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 17:11 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 17:11 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 17:11 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 17:11 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 17:11 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 17:11 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 17:11 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 17:11 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 17:11 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 17:11 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 17:11 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 17:11 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 17:11 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 17:11 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 17:11 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 17:11 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 17:11 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 17:11 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 17:11 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 17:11 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 17:11 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 17:11 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 17:11 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 17:11 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 17:11 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 17:11 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 17:11 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 17:11 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 17:11 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 17:11 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 17:11 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 17:11 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 17:11 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 17:11 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 17:11 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 17:11 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 17:11 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 17:11 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 17:11 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 17:11 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 17:11 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 17:11 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 17:11 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 17:11 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 17:11 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 17:11 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 17:11 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 17:11 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 17:11 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 17:10 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 17:10 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 17:10 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 17:10 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 17:10 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 17:10 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 17:10 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 10:58 - 2015-02-16 09:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 10:58 - 2015-02-11 10:58 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-11 10:58 - 2015-02-11 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-11 10:58 - 2015-02-11 10:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-11 10:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-11 10:58 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-11 10:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-11 10:57 - 2015-02-16 09:28 - 00000000 ____D () C:\AdwCleaner
2015-02-10 18:20 - 2015-02-10 18:20 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-10 18:20 - 2015-02-10 18:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-06 18:12 - 2015-02-06 18:12 - 00003688 _____ () C:\Windows\System32\Tasks\klcp_update
2015-02-06 18:11 - 2015-02-06 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-02-06 18:11 - 2015-02-06 18:11 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2015-02-06 18:11 - 2015-01-13 19:00 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2015-02-06 18:11 - 2014-12-21 14:58 - 03570688 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2015-02-06 18:11 - 2014-12-21 14:57 - 03588608 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2015-02-06 18:11 - 2014-12-04 23:56 - 00729088 _____ () C:\Windows\system32\xvidcore.dll
2015-02-06 18:11 - 2014-12-04 23:55 - 00655872 _____ () C:\Windows\SysWOW64\xvidcore.dll
2015-02-06 18:11 - 2014-12-02 15:10 - 00260184 _____ () C:\Windows\system32\unrar64.dll
2015-02-06 18:11 - 2014-12-02 15:10 - 00218712 _____ () C:\Windows\SysWOW64\unrar.dll
2015-02-06 18:11 - 2014-11-14 15:12 - 00254976 _____ () C:\Windows\system32\xvidvfw.dll
2015-02-06 18:11 - 2014-11-14 15:11 - 00240128 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2015-02-06 18:11 - 2012-07-21 12:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2015-02-06 18:11 - 2012-07-21 12:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2015-02-06 18:11 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2015-02-06 18:11 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2015-02-02 18:16 - 2015-02-02 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-02 18:15 - 2015-02-02 18:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-02 18:15 - 2015-02-02 18:15 - 00000000 ____D () C:\Program Files\iTunes
2015-02-02 18:15 - 2015-02-02 18:15 - 00000000 ____D () C:\Program Files\iPod
2015-02-02 18:15 - 2015-02-02 18:15 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-26 18:33 - 2015-01-26 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Joiner
2015-01-26 18:33 - 2015-01-26 18:33 - 00000000 ____D () C:\Program Files (x86)\Free Video Joiner
2015-01-23 17:30 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 17:30 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-20 18:03 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-20 18:03 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-20 18:03 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-20 18:03 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-20 18:03 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-20 18:03 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-20 18:03 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-20 18:03 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-20 18:03 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-20 18:03 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-20 18:03 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-20 18:03 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-20 18:03 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-20 18:03 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-20 18:03 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-20 18:03 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-20 18:03 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-20 18:03 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-20 18:03 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-20 18:03 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-20 18:03 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-20 18:03 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-20 18:03 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-20 18:03 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-20 17:58 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-20 17:58 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-20 17:55 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-20 17:55 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-20 08:42 - 2015-01-20 08:42 - 00000558 _____ () C:\Windows\Tasks\Adobe Acrobat Update Task.job
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 10:11 - 2014-06-12 17:12 - 00000000 __RDO () C:\Users\Quent187\SkyDrive
2015-02-16 10:10 - 2014-06-11 11:13 - 00000062 _____ () C:\Users\Quent187\AppData\Roaming\sp_data.sys
2015-02-16 10:09 - 2014-06-11 15:22 - 00000000 ___RD () C:\Users\Quent187\Dropbox
2015-02-16 10:09 - 2014-06-11 14:56 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\Dropbox
2015-02-16 10:08 - 2014-06-11 20:13 - 00000000 ___RD () C:\Users\Quent187\Google Drive
2015-02-16 10:08 - 2014-06-11 12:22 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 10:07 - 2014-10-07 21:02 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002UA.job
2015-02-16 10:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-16 10:01 - 2014-06-11 11:18 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4237854855-1735647191-1485768694-1002
2015-02-16 09:53 - 2014-06-11 16:53 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\uTorrent
2015-02-16 09:51 - 2014-06-11 12:22 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 09:39 - 2013-12-13 05:09 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 09:31 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 09:31 - 2013-08-22 15:44 - 05107592 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-16 09:30 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-16 09:14 - 2014-06-19 17:53 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002UA.job
2015-02-16 08:43 - 2014-06-11 11:24 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7DC015E0-9944-4570-8C59-81106872CFC3}
2015-02-15 18:14 - 2014-06-19 17:53 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002Core.job
2015-02-14 12:29 - 2014-07-07 21:39 - 00000000 ____D () C:\Users\Quent187\Documents\µTorrent
2015-02-14 12:04 - 2014-06-11 11:12 - 00000000 ____D () C:\Users\Quent187\AppData\Local\Packages
2015-02-14 11:22 - 2014-07-03 17:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-14 11:21 - 2014-07-03 17:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-14 00:37 - 2014-06-11 16:30 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\Winamp
2015-02-13 22:07 - 2014-10-07 21:02 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002Core.job
2015-02-13 18:01 - 2014-06-12 09:37 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\vlc
2015-02-12 23:28 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-12 23:20 - 2014-03-08 22:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 23:11 - 2014-06-12 21:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 22:53 - 2014-06-12 21:04 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 22:52 - 2013-08-22 14:25 - 00000199 _____ () C:\Windows\win.ini
2015-02-12 22:48 - 2014-12-15 10:32 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 22:48 - 2014-07-10 17:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 18:08 - 2014-06-12 13:28 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\XBMC
2015-02-12 11:52 - 2014-07-03 21:37 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-12 11:03 - 2014-03-08 22:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-12 09:53 - 2014-06-11 15:15 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 09:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-08 21:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-05 22:01 - 2014-03-08 22:45 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 22:01 - 2014-03-08 22:45 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 20:07 - 2014-03-08 22:46 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 20:07 - 2014-03-08 22:46 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-03-08 22:46 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-03-08 22:46 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-03-08 22:46 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 20:06 - 2014-03-08 22:46 - 01098384 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-02-05 20:06 - 2014-03-08 22:46 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 20:06 - 2014-03-08 22:46 - 00074896 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-02-05 18:09 - 2014-06-19 17:53 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002UA
2015-02-05 18:09 - 2014-06-19 17:53 - 00003508 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002Core
2015-02-05 17:46 - 2014-06-11 12:22 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 17:45 - 2014-06-11 12:22 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 13:50 - 2014-03-08 22:46 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-03 20:31 - 2014-06-13 10:16 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-06-13 10:16 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 18:15 - 2014-06-12 08:53 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-02 00:43 - 2014-06-11 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-02 00:43 - 2014-06-11 15:34 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-01 20:32 - 2014-06-11 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-01-29 23:47 - 2014-06-11 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-28 18:02 - 2014-06-12 15:23 - 00000000 ____D () C:\Users\Quent187\Documents\Outlook Files
2015-01-28 17:56 - 2014-06-11 11:12 - 00000000 ____D () C:\Users\Quent187
 
==================== Files in the root of some directories =======
 
2014-06-13 10:54 - 2014-06-13 10:54 - 0000021 _____ () C:\Users\Quent187\AppData\Roaming\my_intel.sys
2014-06-11 11:13 - 2015-02-16 10:10 - 0000062 _____ () C:\Users\Quent187\AppData\Roaming\sp_data.sys
2014-03-08 22:36 - 2014-03-08 22:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-13 05:09 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-12-13 05:09 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-12-13 05:09 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2014-06-11 11:35 - 2014-06-11 11:36 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-06-11 11:35 - 2014-06-11 11:35 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
 
 
Some content of TEMP:
====================
C:\Users\Quent187\AppData\Local\Temp\avgnt.exe
C:\Users\Quent187\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsqv4uv.dll
C:\Users\Quent187\AppData\Local\Temp\Quarantine.exe
C:\Users\Quent187\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-09 17:15
 
==================== End Of Log ============================
 
 
I also made a screenshot of what happens on TCPvieuw after 12 minutes when the movie starts lagging:
 
 

See the miner.exe at the bottom...

 

Thank you for your help!!!

 

Quentin.



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 AM

Posted 16 February 2015 - 04:50 AM

I can not watch your image because of permissions. :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [RocketDock] => "C:\Program Files (x86)\RocketDock\RocketDock.exe"
    HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\MountPoints2: {23c4d628-f4e1-11e3-825d-ac7ba15d53c1} - "D:\AutoRun.exe" 
    HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\MountPoints2: {23c4d6da-f4e1-11e3-825d-ac7ba15d53c1} - "D:\AutoRun.exe" 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    CHR HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
    C:\ProgramData\SetStretch.exe
    C:\ProgramData\SetStretch.VBS
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Quent187

Quent187
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 16 February 2015 - 08:00 AM

Hey,

 

Sorry for the image permission, do you see it there :

 

https://docs.google.com/file/d/0B0GYYOp9gzm_a2FVRWkzTHVUV2s/edit?usp=drivesdk

 

Log 1 :

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Quent187 at 2015-02-16 11:04:24 Run:1
Running from C:\Users\Quent187\Desktop
Loaded Profiles: Quent187 (Available profiles: Quent187)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [RocketDock] => "C:\Program Files (x86)\RocketDock\RocketDock.exe"
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\MountPoints2: {23c4d628-f4e1-11e3-825d-ac7ba15d53c1} - "D:\AutoRun.exe" 
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\MountPoints2: {23c4d6da-f4e1-11e3-825d-ac7ba15d53c1} - "D:\AutoRun.exe" 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS
EmptyTemp:
*****************
 
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\Software\Microsoft\Windows\CurrentVersion\Run\\RocketDock => value deleted successfully.
"HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23c4d628-f4e1-11e3-825d-ac7ba15d53c1}" => Key deleted successfully.
HKCR\CLSID\{23c4d628-f4e1-11e3-825d-ac7ba15d53c1} => Key not found. 
"HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23c4d6da-f4e1-11e3-825d-ac7ba15d53c1}" => Key deleted successfully.
HKCR\CLSID\{23c4d6da-f4e1-11e3-825d-ac7ba15d53c1} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
C:\ProgramData\SetStretch.exe => Moved successfully.
C:\ProgramData\SetStretch.VBS => Moved successfully.
EmptyTemp: => Removed 73.1 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 11:04:33 ====
 
Log 2 :
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Quent187 (administrator) on QUENTIN on 16-02-2015 11:09:22
Running from C:\Users\Quent187\Desktop
Loaded Profiles: Quent187 (Available profiles: Quent187)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\AutoKMS\AutoKMS.exe
(Hanwang Technology Co.,Ltd. ) C:\Program Files\ASUS\ASUS FaceID\HWFaceKeyService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Console\ASUS Console Starter.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(ultracopier.first-world.info) C:\Program Files\Supercopier\supercopier.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flux Software LLC) C:\Users\Quent187\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Quent187\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17477_none_fa2b7d3b9b36c7b4\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-10] (cyberlink)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [13936 2013-12-19] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKLM-x32\...\Run: [beid] => "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-24] (CyberLink Corp.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [GoogleChromeAutoLaunch_EC4FBE61DE590B2C589EF8FDE6C2E536] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [ultracopier] => C:\Program Files\Supercopier\supercopier.exe [1319936 2014-02-19] (ultracopier.first-world.info)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [f.lux] => C:\Users\Quent187\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6185240 2013-06-19] (Piriform Ltd)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6185240 2013-06-19] (Piriform Ltd)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [Google Update] => C:\Users\Quent187\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-19] (Google Inc.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [uTorrent] => C:\Users\Quent187\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-22] (BitTorrent Inc.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [Facebook Update] => C:\Users\Quent187\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-07] (Facebook Inc.)
Startup: C:\Users\Quent187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Quent187\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Quent187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Quent187\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Quent187\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Quent187\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: eID België - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.be/
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-11]
CHR Extension: (Superbe capture d'écran : capturer et annoter) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-06-11]
CHR Extension: (Google Docs) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-11]
CHR Extension: (Google Drive) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-06]
CHR Extension: (Shoptimate : comparateur de prix instantané) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibdombdcdbbnfdjkaajfgnfhlapibde [2014-11-27]
CHR Extension: (YouTube) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-11]
CHR Extension: (Google Cast) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-06-19]
CHR Extension: (Facebook) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-07-03]
CHR Extension: (Download FB Album mod) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2014-06-11]
CHR Extension: (Pushbullet) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-11-20]
CHR Extension: (Recherche Google) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-11]
CHR Extension: (Tampermonkey) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-06-11]
CHR Extension: (Google+) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-07-03]
CHR Extension: (Google Agenda) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-06-11]
CHR Extension: (AdBlock) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-11]
CHR Extension: (Hola Internet en mieux) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-02-16]
CHR Extension: (Bookmark Manager) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-25]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-06-11]
CHR Extension: (everygain Translator) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhijkfigabfjoaejaejbpmcncfbaomap [2015-01-16]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-06-11]
CHR Extension: (Dropbox) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-06-11]
CHR Extension: (Streamus) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2015-01-20]
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2014-06-11]
CHR Extension: (Hype Machine) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgamnplmeomlmobikbfjlbfiebabcfpp [2014-07-03]
CHR Extension: (Google Maps) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-11]
CHR Extension: (Google Wallet) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-11]
CHR Extension: (Hover Zoom) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-06-11]
CHR Extension: (Click&Clean App) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-06-11]
CHR Extension: (Outlook.com) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-07-03]
CHR Extension: (Evernote Web Clipper) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-06-11]
CHR Extension: (Gmail) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-11]
CHR HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-18] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASUS FaceID Service; C:\Program Files\ASUS\ASUS FaceID\HWFaceKeyService.exe [261648 2013-10-24] (Hanwang Technology Co.,Ltd. )
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-10] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACSSCR; C:\Windows\system32\DRIVERS\a38usb.sys [62592 2014-05-14] (Advanced Card Systems Ltd.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-11-08] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3609568 2013-12-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows ® Win 7 DDK provider)
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 tpfiltdev; C:\Windows\System32\drivers\tpfiltdev.sys [7424 2012-02-08] ()
S3 tpusbnet; C:\Windows\system32\DRIVERS\tpusbnet.sys [154112 2011-12-08] (QUALCOMM Incorporated)
S3 tpusbser; C:\Windows\system32\DRIVERS\tpusbser.sys [123648 2011-12-08] (QUALCOMM Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-10] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 10:12 - 2015-02-16 11:09 - 00031875 _____ () C:\Users\Quent187\Desktop\FRST.txt
2015-02-16 09:57 - 2015-02-16 09:57 - 00000911 _____ () C:\Users\Quent187\Desktop\JRT.txt
2015-02-16 09:54 - 2015-02-16 09:54 - 00001053 _____ () C:\Users\Quent187\Desktop\Malwarebytes.txt
2015-02-16 09:37 - 2015-02-16 10:13 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-02-16 09:37 - 2015-02-16 09:37 - 00000938 _____ () C:\Users\Quent187\Desktop\AdwCleaner[S1].txt
2015-02-14 01:14 - 2015-02-16 10:31 - 00433992 ____N () C:\Windows\WindowsUpdate.log
2015-02-12 18:08 - 2015-02-14 00:37 - 00000000 ____D () C:\Users\Quent187\AppData\Local\CrashDumps
2015-02-12 12:20 - 2015-02-16 11:09 - 00000000 ____D () C:\FRST
2015-02-12 12:20 - 2015-02-16 10:11 - 02085888 _____ (Farbar) C:\Users\Quent187\Desktop\FRST64.exe
2015-02-12 11:01 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-12 11:01 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-11 17:12 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 17:12 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 17:12 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 17:12 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 17:12 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 17:12 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 17:12 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 17:12 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 17:12 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 17:11 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 17:11 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 17:11 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 17:11 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 17:11 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 17:11 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 17:11 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 17:11 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 17:11 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 17:11 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 17:11 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 17:11 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 17:11 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 17:11 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 17:11 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 17:11 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 17:11 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 17:11 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 17:11 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 17:11 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 17:11 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 17:11 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 17:11 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 17:11 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 17:11 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 17:11 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 17:11 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 17:11 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 17:11 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 17:11 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 17:11 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 17:11 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 17:11 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 17:11 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 17:11 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 17:11 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 17:11 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 17:11 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 17:11 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 17:11 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 17:11 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 17:11 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 17:11 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 17:11 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 17:11 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 17:11 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 17:11 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 17:11 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 17:11 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 17:11 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 17:11 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 17:11 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 17:11 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 17:11 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 17:11 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 17:11 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 17:11 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 17:10 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 17:10 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 17:10 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 17:10 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 17:10 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 17:10 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 17:10 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 10:58 - 2015-02-16 09:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 10:58 - 2015-02-11 10:58 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-11 10:58 - 2015-02-11 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-11 10:58 - 2015-02-11 10:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-11 10:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-11 10:58 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-11 10:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-11 10:57 - 2015-02-16 09:28 - 00000000 ____D () C:\AdwCleaner
2015-02-10 18:20 - 2015-02-10 18:20 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-10 18:20 - 2015-02-10 18:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-06 18:12 - 2015-02-06 18:12 - 00003688 _____ () C:\Windows\System32\Tasks\klcp_update
2015-02-06 18:11 - 2015-02-06 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-02-06 18:11 - 2015-02-06 18:11 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2015-02-06 18:11 - 2015-01-13 19:00 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2015-02-06 18:11 - 2014-12-21 14:58 - 03570688 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2015-02-06 18:11 - 2014-12-21 14:57 - 03588608 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2015-02-06 18:11 - 2014-12-04 23:56 - 00729088 _____ () C:\Windows\system32\xvidcore.dll
2015-02-06 18:11 - 2014-12-04 23:55 - 00655872 _____ () C:\Windows\SysWOW64\xvidcore.dll
2015-02-06 18:11 - 2014-12-02 15:10 - 00260184 _____ () C:\Windows\system32\unrar64.dll
2015-02-06 18:11 - 2014-12-02 15:10 - 00218712 _____ () C:\Windows\SysWOW64\unrar.dll
2015-02-06 18:11 - 2014-11-14 15:12 - 00254976 _____ () C:\Windows\system32\xvidvfw.dll
2015-02-06 18:11 - 2014-11-14 15:11 - 00240128 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2015-02-06 18:11 - 2012-07-21 12:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2015-02-06 18:11 - 2012-07-21 12:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2015-02-06 18:11 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2015-02-06 18:11 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2015-02-02 18:16 - 2015-02-02 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-02 18:15 - 2015-02-02 18:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-02 18:15 - 2015-02-02 18:15 - 00000000 ____D () C:\Program Files\iTunes
2015-02-02 18:15 - 2015-02-02 18:15 - 00000000 ____D () C:\Program Files\iPod
2015-02-02 18:15 - 2015-02-02 18:15 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-26 18:33 - 2015-01-26 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Joiner
2015-01-26 18:33 - 2015-01-26 18:33 - 00000000 ____D () C:\Program Files (x86)\Free Video Joiner
2015-01-23 17:30 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 17:30 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-20 18:03 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-20 18:03 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-20 18:03 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-20 18:03 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-20 18:03 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-20 18:03 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-20 18:03 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-20 18:03 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-20 18:03 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-20 18:03 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-20 18:03 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-20 18:03 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-20 18:03 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-20 18:03 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-20 18:03 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-20 18:03 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-20 18:03 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-20 18:03 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-20 18:03 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-20 18:03 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-20 18:03 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-20 18:03 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-20 18:03 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-20 18:03 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-20 17:58 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-20 17:58 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-20 17:55 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-20 17:55 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-20 08:42 - 2015-01-20 08:42 - 00000558 _____ () C:\Windows\Tasks\Adobe Acrobat Update Task.job
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-16 11:09 - 2014-06-11 11:13 - 00000062 _____ () C:\Users\Quent187\AppData\Roaming\sp_data.sys
2015-02-16 11:08 - 2014-06-12 17:12 - 00000000 __RDO () C:\Users\Quent187\SkyDrive
2015-02-16 11:08 - 2014-06-11 15:22 - 00000000 ___RD () C:\Users\Quent187\Dropbox
2015-02-16 11:07 - 2014-06-11 20:13 - 00000000 ___RD () C:\Users\Quent187\Google Drive
2015-02-16 11:07 - 2014-06-11 14:56 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\Dropbox
2015-02-16 11:06 - 2014-06-11 12:22 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-16 11:05 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 11:04 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-16 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-16 10:51 - 2014-06-11 12:22 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-16 10:14 - 2014-06-19 17:53 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002UA.job
2015-02-16 10:13 - 2014-06-12 13:28 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\XBMC
2015-02-16 10:13 - 2014-06-11 11:18 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4237854855-1735647191-1485768694-1002
2015-02-16 10:07 - 2014-10-07 21:02 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002UA.job
2015-02-16 09:53 - 2014-06-11 16:53 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\uTorrent
2015-02-16 09:39 - 2013-12-13 05:09 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 09:31 - 2013-08-22 15:44 - 05107592 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-16 08:43 - 2014-06-11 11:24 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7DC015E0-9944-4570-8C59-81106872CFC3}
2015-02-15 18:14 - 2014-06-19 17:53 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002Core.job
2015-02-14 12:29 - 2014-07-07 21:39 - 00000000 ____D () C:\Users\Quent187\Documents\µTorrent
2015-02-14 12:04 - 2014-06-11 11:12 - 00000000 ____D () C:\Users\Quent187\AppData\Local\Packages
2015-02-14 11:22 - 2014-07-03 17:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-14 11:21 - 2014-07-03 17:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-14 00:37 - 2014-06-11 16:30 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\Winamp
2015-02-13 22:07 - 2014-10-07 21:02 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002Core.job
2015-02-13 18:01 - 2014-06-12 09:37 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\vlc
2015-02-12 23:28 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-12 23:20 - 2014-03-08 22:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 23:11 - 2014-06-12 21:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 22:53 - 2014-06-12 21:04 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 22:52 - 2013-08-22 14:25 - 00000199 _____ () C:\Windows\win.ini
2015-02-12 22:48 - 2014-12-15 10:32 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 22:48 - 2014-07-10 17:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 11:52 - 2014-07-03 21:37 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-12 11:03 - 2014-03-08 22:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-12 09:53 - 2014-06-11 15:15 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 09:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-08 21:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-05 22:01 - 2014-03-08 22:45 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 22:01 - 2014-03-08 22:45 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 20:07 - 2014-03-08 22:46 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 20:07 - 2014-03-08 22:46 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-03-08 22:46 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-03-08 22:46 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-03-08 22:46 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 20:06 - 2014-03-08 22:46 - 01098384 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-02-05 20:06 - 2014-03-08 22:46 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 20:06 - 2014-03-08 22:46 - 00074896 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-02-05 18:09 - 2014-06-19 17:53 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002UA
2015-02-05 18:09 - 2014-06-19 17:53 - 00003508 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002Core
2015-02-05 17:46 - 2014-06-11 12:22 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 17:45 - 2014-06-11 12:22 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 13:50 - 2014-03-08 22:46 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-03 20:31 - 2014-06-13 10:16 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-06-13 10:16 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 18:15 - 2014-06-12 08:53 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-02 00:43 - 2014-06-11 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-02 00:43 - 2014-06-11 15:34 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-01 20:32 - 2014-06-11 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-01-29 23:47 - 2014-06-11 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-28 18:02 - 2014-06-12 15:23 - 00000000 ____D () C:\Users\Quent187\Documents\Outlook Files
2015-01-28 17:56 - 2014-06-11 11:12 - 00000000 ____D () C:\Users\Quent187
 
==================== Files in the root of some directories =======
 
2014-06-13 10:54 - 2014-06-13 10:54 - 0000021 _____ () C:\Users\Quent187\AppData\Roaming\my_intel.sys
2014-06-11 11:13 - 2015-02-16 11:09 - 0000062 _____ () C:\Users\Quent187\AppData\Roaming\sp_data.sys
2014-03-08 22:36 - 2014-03-08 22:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-13 05:09 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-06-11 11:35 - 2014-06-11 11:36 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-06-11 11:35 - 2014-06-11 11:35 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some content of TEMP:
====================
C:\Users\Quent187\AppData\Local\Temp\avgnt.exe
C:\Users\Quent187\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpudlblq.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-09 17:15
 
==================== End Of Log ============================
 
Log 3 :
 
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
 
 
The problem is still there...
 
Again, thank you for your help!!!
 
Quentin.
 
 

 



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 AM

Posted 16 February 2015 - 03:02 PM

Strange, I don't see it in the FRST Log.

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

Please download Combofix from one of the following locations:

Download Mirror #1
Download Mirror #2
Download Mirror #3


Note: You must save this directly to your Desktop.
  • Save any open documents, then close any open programs.
  • Disable all anti-virus and anti-malware software to prevent them inhibiting Combofix in any way. If you are unsure how to do this, see THIS
  • Double-click on combofix.exe then follow the on screen prompts
  • When Combofix finishes, it will open the log. Please Copy (Ctrl + C) and Paste (Ctrl + V) all of this text into your next post.
If, for whatever reason, the log does not open, it can be found in this location: C:\combofix.txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Quent187

Quent187
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 16 February 2015 - 05:03 PM

Combofix doesn't work, it says "this operating system is not supported! ComboFix only runs on : ... windows 8"

 

So not on 8.1 I guess...



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 AM

Posted 17 February 2015 - 04:41 AM

My mistake. Sorry. :)
  • Download RogueKiller (by tigzy) on the desktop
  • Quit all programs
  • Start RogueKiller.exe. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on RogueKiller.exe and select Run as Administrator)
  • Wait until Prescan has finished ...
  • Click on Scan. Once finished, click on Report
Please post the contents of the RKreport.txt in your next Reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Quent187

Quent187
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 17 February 2015 - 11:33 AM

Hello,
 
Here is the log:
 
RogueKiller V10.3.0.0 [Feb 16 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Quent187 [Administrator]
Mode : Scan -- Date : 02/17/2015  17:31:08
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 56 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe @ 0xfeb5fd (jmp 0xffffffff89e2eccd)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ chrome_child.dll) MF.dll - MFGetService : C:\Windows\SYSTEM32\MFCORE.DLL @ 0x5ea19451
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe @ 0xfeb5fd (jmp 0xffffffff89e2eccd)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe @ 0xfeb5fd (jmp 0xffffffff89e2eccd)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe @ 0xfeb5fd (jmp 0xffffffff89e2eccd)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe @ 0xfeb5fd (jmp 0xffffffff89e2eccd)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe @ 0xfeb5fd (jmp 0xffffffff89e2eccd)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe @ 0xfeb5fd (jmp 0xffffffff89e2eccd)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe @ 0xfeb5fd (jmp 0xffffffff89e2eccd)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe @ 0xfeb5fd (jmp 0xffffffff89e2eccd)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe @ 0xfeb5fd (jmp 0xffffffff89e2eccd)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe @ 0xfeb5fd (jmp 0xffffffff89e2eccd)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe @ 0xfeb5fd (jmp 0xffffffff89e2eccd)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe @ 0xfeb5fd (jmp 0xffffffff89e2eccd)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe @ 0xfeb5fd (jmp 0xffffffff89e2eccd)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
[IAT:Inl(Hook.IEAT)] (chrome.exe) ntdll.dll - NtTerminateProcess : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe @ 0xfeb5fd (jmp 0xffffffff89e2eccd)
[IAT:Addr(Hook.IEAT)] (chrome.exe @ dwrite.dll) ntdll.dll - NtAlpcConnectPort : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b741b7a
[IAT:Addr(Hook.IEAT)] (chrome.exe @ pdf.dll) GDI32.dll - GetFontData : C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\chrome_child.dll @ 0x6b2efa68
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS721010A9E630 +++++
--- User ---
[MBR] b1dde6bce38323fd7a82db79cc9c685b
[BSP] 312c3909bcb010d7313daf2a38cdb306 : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_02102015_183350.log - RKreport_SCN_02102015_183022.log - RKreport_SCN_02102015_183915.log
 
Thank you!


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 AM

Posted 17 February 2015 - 04:15 PM

I want to have a look at your system with one more RootKit Scanner. :)

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Quent187

Quent187
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 17 February 2015 - 05:26 PM

Hey,

 

Still no threats found...

 

Here's the log :

 

23:22:28.0082 0x2218  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
23:22:28.0082 0x2218  UEFI system
23:22:50.0116 0x2218  ============================================================
23:22:50.0116 0x2218  Current date / time: 2015/02/17 23:22:50.0116
23:22:50.0116 0x2218  SystemInfo:
23:22:50.0116 0x2218  
23:22:50.0116 0x2218  OS Version: 6.3.9600 ServicePack: 0.0
23:22:50.0116 0x2218  Product type: Workstation
23:22:50.0116 0x2218  ComputerName: QUENTIN
23:22:50.0116 0x2218  UserName: Quent187
23:22:50.0116 0x2218  Windows directory: C:\Windows
23:22:50.0116 0x2218  System windows directory: C:\Windows
23:22:50.0116 0x2218  Running under WOW64
23:22:50.0116 0x2218  Processor architecture: Intel x64
23:22:50.0116 0x2218  Number of processors: 8
23:22:50.0116 0x2218  Page size: 0x1000
23:22:50.0116 0x2218  Boot type: Normal boot
23:22:50.0116 0x2218  ============================================================
23:22:50.0486 0x2218  KLMD registered as C:\Windows\system32\drivers\60401141.sys
23:22:51.0135 0x2218  System UUID: {D58D8390-6DD0-C5C6-79E1-03AEA80F1E61}
23:22:52.0314 0x2218  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:22:52.0317 0x2218  ============================================================
23:22:52.0317 0x2218  \Device\Harddisk0\DR0:
23:22:52.0341 0x2218  GPT partitions:
23:22:52.0343 0x2218  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {2E16D496-65F4-4C05-A1EA-215A3E2694DE}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
23:22:52.0343 0x2218  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6B2781A3-6642-4E77-9BC1-569A9ACBED67}, Name: Basic data partition, StartLBA 0x32800, BlocksNum 0x1C2000
23:22:52.0343 0x2218  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {65E01C6E-93CC-4D19-8552-509E5AB72535}, Name: Microsoft reserved partition, StartLBA 0x1F4800, BlocksNum 0x40000
23:22:52.0343 0x2218  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {C22AE328-9447-4C3D-B8CC-6BE7A9728435}, Name: Basic data partition, StartLBA 0x234800, BlocksNum 0x71CCC800
23:22:52.0343 0x2218  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E1F984EF-89A5-4C2A-B912-7711A6E50D5A}, Name: Basic data partition, StartLBA 0x71F01800, BlocksNum 0x2805000
23:22:52.0343 0x2218  MBR partitions:
23:22:52.0343 0x2218  ============================================================
23:22:52.0386 0x2218  C: <-> \Device\Harddisk0\DR0\Partition4
23:22:52.0386 0x2218  ============================================================
23:22:52.0386 0x2218  Initialize success
23:22:52.0386 0x2218  ============================================================
23:23:17.0144 0x1dec  ============================================================
23:23:17.0144 0x1dec  Scan started
23:23:17.0144 0x1dec  Mode: Manual; 
23:23:17.0144 0x1dec  ============================================================
23:23:17.0144 0x1dec  KSN ping started
23:23:19.0556 0x1dec  KSN ping finished: true
23:23:21.0523 0x1dec  ================ Scan system memory ========================
23:23:21.0523 0x1dec  System memory - ok
23:23:21.0523 0x1dec  ================ Scan services =============================
23:23:21.0666 0x1dec  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
23:23:21.0676 0x1dec  1394ohci - ok
23:23:21.0723 0x1dec  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\Windows\system32\drivers\3ware.sys
23:23:21.0758 0x1dec  3ware - ok
23:23:21.0818 0x1dec  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:23:21.0828 0x1dec  ACPI - ok
23:23:21.0857 0x1dec  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
23:23:21.0858 0x1dec  acpiex - ok
23:23:21.0862 0x1dec  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
23:23:21.0884 0x1dec  acpipagr - ok
23:23:21.0888 0x1dec  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
23:23:21.0891 0x1dec  AcpiPmi - ok
23:23:21.0900 0x1dec  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
23:23:21.0913 0x1dec  acpitime - ok
23:23:21.0951 0x1dec  [ 98137AD1667739F9EF1008BA62FF66AD, 8BD7C483CD705F58BC4A384A5BF2386F5BBF2D37577FFFD6485D8C01D023DDBB ] ACSSCR          C:\Windows\system32\DRIVERS\a38usb.sys
23:23:21.0975 0x1dec  ACSSCR - ok
23:23:22.0053 0x1dec  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:23:22.0208 0x1dec  AdobeARMservice - ok
23:23:22.0276 0x1dec  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
23:23:22.0319 0x1dec  ADP80XX - ok
23:23:22.0366 0x1dec  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:23:22.0369 0x1dec  AeLookupSvc - ok
23:23:22.0404 0x1dec  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\Windows\system32\drivers\afd.sys
23:23:22.0450 0x1dec  AFD - ok
23:23:22.0498 0x1dec  [ 98022774D9930ECBB292E70DB7601DF6, BE64A40B9BE997D73C0FC14D97E204C9D886EDA07EC4C9391A70CE477084E5F1 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
23:23:22.0548 0x1dec  AgereSoftModem - ok
23:23:22.0572 0x1dec  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:23:22.0598 0x1dec  agp440 - ok
23:23:22.0635 0x1dec  [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
23:23:22.0657 0x1dec  ahcache - ok
23:23:22.0691 0x1dec  [ 16F6F6B7903B913AB41AB848C8BB5658, 7304257048CB42E5274B3F6400F4A053A38E3B70A157662FE9D2B7C5979DE851 ] AiCharger       C:\Windows\system32\DRIVERS\AiCharger.sys
23:23:22.0718 0x1dec  AiCharger - ok
23:23:22.0759 0x1dec  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\Windows\System32\alg.exe
23:23:22.0765 0x1dec  ALG - ok
23:23:22.0810 0x1dec  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
23:23:22.0838 0x1dec  AmdK8 - ok
23:23:22.0843 0x1dec  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
23:23:22.0852 0x1dec  AmdPPM - ok
23:23:22.0879 0x1dec  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:23:22.0911 0x1dec  amdsata - ok
23:23:22.0943 0x1dec  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:23:22.0956 0x1dec  amdsbs - ok
23:23:22.0967 0x1dec  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:23:23.0002 0x1dec  amdxata - ok
23:23:23.0475 0x1dec  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:23:23.0481 0x1dec  AntiVirSchedulerService - ok
23:23:23.0638 0x1dec  [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:23:23.0644 0x1dec  AntiVirService - ok
23:23:23.0752 0x1dec  [ 027820FE847A7B4245234A4E6E825BE1, EB5638C22C52D0B07F9782B7660BBA730A10A80DC138B7DAD20F849221DEF80B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
23:23:23.0799 0x1dec  AntiVirWebService - ok
23:23:23.0828 0x1dec  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\Windows\system32\drivers\appid.sys
23:23:23.0854 0x1dec  AppID - ok
23:23:23.0891 0x1dec  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:23:23.0898 0x1dec  AppIDSvc - ok
23:23:23.0932 0x1dec  [ 034ED41F13D9C1845C1E081F05B640DB, E4E17BA0B22C464DE60A6BF68D4D035D1B838DE4F0361029DED1AE00503E135C ] Appinfo         C:\Windows\System32\appinfo.dll
23:23:23.0934 0x1dec  Appinfo - ok
23:23:24.0029 0x1dec  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:23:24.0032 0x1dec  Apple Mobile Device Service - ok
23:23:24.0076 0x1dec  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
23:23:24.0121 0x1dec  AppReadiness - ok
23:23:24.0186 0x1dec  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
23:23:24.0206 0x1dec  AppXSvc - ok
23:23:24.0230 0x1dec  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:23:24.0256 0x1dec  arcsas - ok
23:23:24.0318 0x1dec  [ 28C27484043BDE86B91D1428673B7D2A, 137CDC07F269BEDD5767921CC9D98F13294BEAA2B18C7C3696F106D31835DAB3 ] ASLDRService    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
23:23:24.0319 0x1dec  ASLDRService - ok
23:23:24.0325 0x1dec  [ 4C016FD76ED5C05E84CA8CAB77993961, 025E7BE9FCEFD6A83F4471BBA0C11F1C11BD5047047D26626DA24EE9A419CDC4 ] ASMMAP64        C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
23:23:24.0356 0x1dec  ASMMAP64 - ok
23:23:24.0401 0x1dec  [ 97559D1617464A8E0D2020A2C102D342, 0F8C5483D70877CBE9867F72D670B2350AE48384B25387FA88CF98BC8A29A71F ] ASUS FaceID Service C:\Program Files\ASUS\ASUS FaceID\HWFaceKeyService.exe
23:23:24.0405 0x1dec  ASUS FaceID Service - ok
23:23:24.0437 0x1dec  [ 6A122B4F0E5293CACFA8A5F2CBA9B356, 9D69076B697BEE8742E32EBEF1802D829DEA6B1D93AF485D11CC89A08CA4D809 ] ASUS InstantOn  C:\Program Files\ASUS\P4G\InsOnSrv.exe
23:23:24.0441 0x1dec  ASUS InstantOn - ok
23:23:24.0482 0x1dec  [ 44A17208F438F915FCB490DE8FF052AD, 1B60EEEEB837C5917F57B21C5A99ADBFE6D799EFEEF40A53BF3877CD13F019D2 ] Asus WebStorage Windows Service C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
23:23:24.0485 0x1dec  Asus WebStorage Windows Service - ok
23:23:24.0489 0x1dec  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:23:24.0513 0x1dec  AsyncMac - ok
23:23:24.0517 0x1dec  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:23:24.0526 0x1dec  atapi - ok
23:23:24.0551 0x1dec  [ DBC598E47E7A382E60E2A4745D41FEF9, A810AC197CA456B0285E2CAE6986D38B31F4ADA32BEB47EC7A48A2B2196BA639 ] ATKGFNEXSrv     C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
23:23:24.0596 0x1dec  ATKGFNEXSrv - ok
23:23:24.0633 0x1dec  [ C435191FAD19B43E5C3082E4275DCE75, 12D8AF471CA89FE59790092EF3274D638B4B978F1F061423F8D70F270121CF7A ] ATKWMIACPIIO    C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
23:23:24.0664 0x1dec  ATKWMIACPIIO - ok
23:23:24.0698 0x1dec  [ BCE4FCF0DDBCAC65ECCF52E3484C2E5C, 61EC8DE59072B5A2F9E07D43315FA3C86C5B13B0E079BD95DF3252C68515BC26 ] ATP             C:\Windows\System32\drivers\AsusTP.sys
23:23:24.0726 0x1dec  ATP - ok
23:23:24.0771 0x1dec  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
23:23:24.0774 0x1dec  AudioEndpointBuilder - ok
23:23:24.0828 0x1dec  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:23:24.0843 0x1dec  Audiosrv - ok
23:23:24.0895 0x1dec  [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:23:24.0898 0x1dec  avgntflt - ok
23:23:24.0923 0x1dec  [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:23:24.0930 0x1dec  avipbb - ok
23:23:24.0943 0x1dec  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:23:24.0968 0x1dec  avkmgr - ok
23:23:25.0000 0x1dec  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:23:25.0040 0x1dec  AxInstSV - ok
23:23:25.0083 0x1dec  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
23:23:25.0126 0x1dec  b06bdrv - ok
23:23:25.0150 0x1dec  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
23:23:25.0315 0x1dec  BasicDisplay - ok
23:23:25.0412 0x1dec  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
23:23:25.0489 0x1dec  BasicRender - ok
23:23:25.0533 0x1dec  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
23:23:25.0572 0x1dec  bcmfn2 - ok
23:23:25.0652 0x1dec  [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:23:25.0731 0x1dec  BDESVC - ok
23:23:25.0753 0x1dec  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
23:23:25.0788 0x1dec  Beep - ok
23:23:25.0828 0x1dec  [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE             C:\Windows\System32\bfe.dll
23:23:25.0840 0x1dec  BFE - ok
23:23:25.0882 0x1dec  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\Windows\System32\qmgr.dll
23:23:25.0898 0x1dec  BITS - ok
23:23:26.0011 0x1dec  [ 98CCFB0907C90B795E06A41A79372DB7, DAE51DE54C5FE7E50C5FCE6D348B988FBE2CAAFCCD4620D4D1118352985D081B ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
23:23:26.0029 0x1dec  Bluetooth Device Monitor - ok
23:23:26.0071 0x1dec  [ A24B01133179979911F8E499FAFFC7EE, 3B361C9551EACB6F9B681E4DE0C8833D24796D3968CEB0EDE0E5F122CC0D7F63 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
23:23:26.0088 0x1dec  Bluetooth OBEX Service - ok
23:23:26.0129 0x1dec  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:23:26.0137 0x1dec  Bonjour Service - ok
23:23:26.0168 0x1dec  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:23:26.0169 0x1dec  bowser - ok
23:23:26.0215 0x1dec  [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
23:23:26.0218 0x1dec  BrokerInfrastructure - ok
23:23:26.0260 0x1dec  [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser         C:\Windows\System32\browser.dll
23:23:26.0263 0x1dec  Browser - ok
23:23:26.0291 0x1dec  [ 8F7A6409A76914E203423A384A4E1C11, 567D1B456F6457C2D2612D048B7E59C41504565E67BB7F349530249274BF3C3B ] BthA2DP         C:\Windows\system32\drivers\BthA2DP.sys
23:23:26.0294 0x1dec  BthA2DP - ok
23:23:26.0300 0x1dec  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
23:23:26.0328 0x1dec  BthAvrcpTg - ok
23:23:26.0365 0x1dec  [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
23:23:26.0367 0x1dec  BthEnum - ok
23:23:26.0371 0x1dec  [ E4A1863A32606C95F993345F1D28C86C, 3BED422D932A22F0CB923FE7FFDA0A8EC6E01AD1FB8F616F39E016A19221AD6F ] BthHFAud        C:\Windows\system32\DRIVERS\BthHfAud.sys
23:23:26.0391 0x1dec  BthHFAud - ok
23:23:26.0395 0x1dec  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
23:23:26.0396 0x1dec  BthHFEnum - ok
23:23:26.0402 0x1dec  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
23:23:26.0417 0x1dec  bthhfhid - ok
23:23:26.0460 0x1dec  [ 52AB4FA794AE775BDAF63BBF28ADE65D, DB8C9DA9A2F7E96110C793A35AC7CFA8E324173DAEDEFCC700A9652E389D46FE ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
23:23:26.0465 0x1dec  BthHFSrv - ok
23:23:26.0518 0x1dec  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\Windows\System32\drivers\BthLEEnum.sys
23:23:26.0560 0x1dec  BthLEEnum - ok
23:23:26.0602 0x1dec  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
23:23:26.0608 0x1dec  BTHMODEM - ok
23:23:26.0614 0x1dec  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\Windows\System32\drivers\bthpan.sys
23:23:26.0642 0x1dec  BthPan - ok
23:23:26.0717 0x1dec  [ 97B9076611291AE4C4C107BC915BD026, 0A77873AAF1ADB76CAB98A84D2242781E34E2699632E45EB92ED7DB20B2BE0C1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
23:23:26.0786 0x1dec  BTHPORT - ok
23:23:26.0792 0x1dec  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\Windows\system32\bthserv.dll
23:23:26.0793 0x1dec  bthserv - ok
23:23:26.0855 0x1dec  [ 23E75BED9076F856B36F5F934BBD5795, CCEB72B788522B7D52A6C07646005EBC68F9599D3714ECACF3A194CA47A1BE85 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
23:23:26.0888 0x1dec  BTHUSB - ok
23:23:26.0927 0x1dec  [ 4428C299BE7B9841ECFA82044B69FA6A, F8AB607D6CACBF2DDE3C392F9756B9F32CB99664A75F3140365CB916450660EC ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
23:23:26.0958 0x1dec  btmaux - ok
23:23:27.0010 0x1dec  [ F15D822936DC4D9F3E374C73E9AA6D3F, 04C2A0416D051AC56D4FD6C58FEBC48238830B17B7D6CCF23D3F1B7B0F3C37A9 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
23:23:27.0056 0x1dec  btmhsf - ok
23:23:27.0093 0x1dec  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:23:27.0132 0x1dec  cdfs - ok
23:23:27.0163 0x1dec  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\Windows\System32\drivers\cdrom.sys
23:23:27.0209 0x1dec  cdrom - ok
23:23:27.0304 0x1dec  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:23:27.0306 0x1dec  CertPropSvc - ok
23:23:27.0365 0x1dec  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
23:23:27.0523 0x1dec  circlass - ok
23:23:27.0756 0x1dec  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
23:23:27.0761 0x1dec  CLFS - ok
23:23:27.0864 0x1dec  [ 84A0AC62257C1EACBD4C776796F1E7E8, B10C53B9991A64E31272B9E7E0E3938265AC8B77AD540308C31415F5EC39499E ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
23:23:28.0018 0x1dec  CLKMSVC10_38F51D56 - ok
23:23:28.0050 0x1dec  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
23:23:28.0072 0x1dec  CmBatt - ok
23:23:28.0128 0x1dec  [ 3930E508DDA46C1FF68FD963F350AA0A, BF63F9C7AB30E2A8199D65EDD6DCBB797C93A4A0B972373643FBE1C38BCFA697 ] CNG             C:\Windows\system32\Drivers\cng.sys
23:23:28.0138 0x1dec  CNG - ok
23:23:28.0162 0x1dec  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
23:23:28.0167 0x1dec  CompositeBus - ok
23:23:28.0171 0x1dec  COMSysApp - ok
23:23:28.0178 0x1dec  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
23:23:28.0207 0x1dec  condrv - ok
23:23:28.0292 0x1dec  [ 129EB4266034C5E48DA2845FF92325C8, 68B22F9FFB08C58801D685AF9832B9A36381606141578A786776685859F29361 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
23:23:28.0335 0x1dec  cphs - ok
23:23:28.0368 0x1dec  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:23:28.0370 0x1dec  CryptSvc - ok
23:23:28.0375 0x1dec  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\Windows\system32\drivers\dam.sys
23:23:28.0380 0x1dec  dam - ok
23:23:28.0441 0x1dec  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:23:28.0454 0x1dec  DcomLaunch - ok
23:23:28.0507 0x1dec  [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:23:28.0516 0x1dec  defragsvc - ok
23:23:28.0583 0x1dec  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\Windows\system32\das.dll
23:23:28.0589 0x1dec  DeviceAssociationService - ok
23:23:28.0624 0x1dec  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
23:23:28.0627 0x1dec  DeviceInstall - ok
23:23:28.0644 0x1dec  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
23:23:28.0647 0x1dec  Dfsc - ok
23:23:28.0684 0x1dec  [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
23:23:28.0712 0x1dec  dg_ssudbus - ok
23:23:28.0771 0x1dec  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:23:28.0777 0x1dec  Dhcp - ok
23:23:28.0790 0x1dec  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
23:23:28.0792 0x1dec  disk - ok
23:23:28.0815 0x1dec  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
23:23:28.0838 0x1dec  dmvsc - ok
23:23:28.0872 0x1dec  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:23:28.0875 0x1dec  Dnscache - ok
23:23:28.0932 0x1dec  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\Windows\System32\dot3svc.dll
23:23:28.0944 0x1dec  dot3svc - ok
23:23:28.0960 0x1dec  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\Windows\system32\dps.dll
23:23:28.0963 0x1dec  DPS - ok
23:23:29.0004 0x1dec  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:23:29.0010 0x1dec  drmkaud - ok
23:23:29.0022 0x1dec  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
23:23:29.0026 0x1dec  DsmSvc - ok
23:23:29.0082 0x1dec  [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:23:29.0158 0x1dec  DXGKrnl - ok
23:23:29.0202 0x1dec  [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress      C:\Windows\system32\DRIVERS\e1i63x64.sys
23:23:29.0239 0x1dec  e1iexpress - ok
23:23:29.0268 0x1dec  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\Windows\System32\eapsvc.dll
23:23:29.0299 0x1dec  Eaphost - ok
23:23:29.0393 0x1dec  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
23:23:29.0458 0x1dec  ebdrv - ok
23:23:29.0572 0x1dec  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\Windows\System32\lsass.exe
23:23:29.0573 0x1dec  EFS - ok
23:23:29.0617 0x1dec  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
23:23:29.0664 0x1dec  EhStorClass - ok
23:23:29.0776 0x1dec  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
23:23:29.0806 0x1dec  EhStorTcgDrv - ok
23:23:29.0830 0x1dec  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
23:23:29.0850 0x1dec  ErrDev - ok
23:23:29.0937 0x1dec  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\Windows\system32\es.dll
23:23:29.0944 0x1dec  EventSystem - ok
23:23:30.0031 0x1dec  [ E2EAAD4A81DE29B6D37D70F083746F0B, FD400057970528FFB9BE98CA4DE6BE83C03132F9EEC6ECD2C433DA74A8A21A93 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:23:30.0042 0x1dec  EvtEng - ok
23:23:30.0059 0x1dec  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:23:30.0089 0x1dec  exfat - ok
23:23:30.0121 0x1dec  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:23:30.0127 0x1dec  fastfat - ok
23:23:30.0158 0x1dec  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\Windows\system32\fxssvc.exe
23:23:30.0203 0x1dec  Fax - ok
23:23:30.0231 0x1dec  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\Windows\System32\drivers\fdc.sys
23:23:30.0236 0x1dec  fdc - ok
23:23:30.0249 0x1dec  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\Windows\system32\fdPHost.dll
23:23:30.0250 0x1dec  fdPHost - ok
23:23:30.0255 0x1dec  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\Windows\system32\fdrespub.dll
23:23:30.0256 0x1dec  FDResPub - ok
23:23:30.0265 0x1dec  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\Windows\system32\fhsvc.dll
23:23:30.0292 0x1dec  fhsvc - ok
23:23:30.0331 0x1dec  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:23:30.0332 0x1dec  FileInfo - ok
23:23:30.0352 0x1dec  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:23:30.0379 0x1dec  Filetrace - ok
23:23:30.0402 0x1dec  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
23:23:30.0429 0x1dec  flpydisk - ok
23:23:30.0470 0x1dec  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:23:30.0475 0x1dec  FltMgr - ok
23:23:30.0545 0x1dec  [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache       C:\Windows\system32\FntCache.dll
23:23:30.0565 0x1dec  FontCache - ok
23:23:30.0638 0x1dec  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:23:30.0667 0x1dec  FontCache3.0.0.0 - ok
23:23:30.0705 0x1dec  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:23:30.0731 0x1dec  FsDepends - ok
23:23:30.0758 0x1dec  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:23:30.0762 0x1dec  Fs_Rec - ok
23:23:30.0813 0x1dec  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:23:30.0821 0x1dec  fvevol - ok
23:23:30.0837 0x1dec  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
23:23:30.0859 0x1dec  FxPPM - ok
23:23:30.0863 0x1dec  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:23:30.0869 0x1dec  gagp30kx - ok
23:23:30.0937 0x1dec  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:23:30.0967 0x1dec  GEARAspiWDM - ok
23:23:30.0994 0x1dec  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
23:23:31.0015 0x1dec  gencounter - ok
23:23:31.0115 0x1dec  [ 4DF4ABCA09AF1530D712FA589CE3BE9F, 573C04358BBAEAEDFDC4F265627E8029295C31BB17C13B428D5694119AECEDAD ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
23:23:31.0138 0x1dec  GfExperienceService - ok
23:23:31.0162 0x1dec  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
23:23:31.0189 0x1dec  GPIOClx0101 - ok
23:23:31.0244 0x1dec  [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:23:31.0275 0x1dec  gpsvc - ok
23:23:31.0358 0x1dec  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:23:31.0360 0x1dec  gupdate - ok
23:23:31.0455 0x1dec  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:23:31.0457 0x1dec  gupdatem - ok
23:23:31.0722 0x1dec  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:23:31.0728 0x1dec  HdAudAddService - ok
23:23:31.0767 0x1dec  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
23:23:31.0802 0x1dec  HDAudBus - ok
23:23:31.0826 0x1dec  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
23:23:31.0851 0x1dec  HidBatt - ok
23:23:31.0877 0x1dec  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
23:23:31.0907 0x1dec  HidBth - ok
23:23:31.0933 0x1dec  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
23:23:31.0951 0x1dec  hidi2c - ok
23:23:31.0973 0x1dec  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\Windows\System32\drivers\hidir.sys
23:23:31.0999 0x1dec  HidIr - ok
23:23:32.0040 0x1dec  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\Windows\system32\hidserv.dll
23:23:32.0041 0x1dec  hidserv - ok
23:23:32.0063 0x1dec  [ 894D982CEAB8CD45A56AE2C9988E86C0, AA2DEB62CB69FF1AEF772989342F2CF77CA48F212C9489A92A4FF97FD46D3866 ] HIDSwitch       C:\Windows\System32\drivers\AsHIDSwitch64.sys
23:23:32.0089 0x1dec  HIDSwitch - ok
23:23:32.0124 0x1dec  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
23:23:32.0141 0x1dec  HidUsb - ok
23:23:32.0191 0x1dec  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:23:32.0197 0x1dec  hkmsvc - ok
23:23:32.0233 0x1dec  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:23:32.0243 0x1dec  HomeGroupListener - ok
23:23:32.0387 0x1dec  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:23:32.0416 0x1dec  HomeGroupProvider - ok
23:23:32.0481 0x1dec  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:23:32.0538 0x1dec  HpSAMD - ok
23:23:32.0578 0x1dec  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:23:32.0624 0x1dec  HTTP - ok
23:23:32.0665 0x1dec  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:23:32.0669 0x1dec  hwpolicy - ok
23:23:32.0682 0x1dec  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
23:23:32.0705 0x1dec  hyperkbd - ok
23:23:32.0709 0x1dec  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
23:23:32.0716 0x1dec  HyperVideo - ok
23:23:32.0746 0x1dec  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
23:23:32.0759 0x1dec  i8042prt - ok
23:23:32.0785 0x1dec  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
23:23:32.0789 0x1dec  iaLPSSi_GPIO - ok
23:23:32.0794 0x1dec  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
23:23:32.0801 0x1dec  iaLPSSi_I2C - ok
23:23:32.0837 0x1dec  [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
23:23:32.0846 0x1dec  iaStorA - ok
23:23:32.0896 0x1dec  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
23:23:32.0942 0x1dec  iaStorAV - ok
23:23:32.0987 0x1dec  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:23:33.0026 0x1dec  iaStorV - ok
23:23:33.0085 0x1dec  [ 401FC0EBE6D19FDD6C62959A635D1EB9, 60894A0C2E094EE868B3FB673FE33CEE6D1EAF19F14333EF995F8F07ECBA2002 ] ibtusb          C:\Windows\system32\DRIVERS\ibtusb.sys
23:23:33.0127 0x1dec  ibtusb - ok
23:23:33.0130 0x1dec  IEEtwCollectorService - ok
23:23:33.0814 0x1dec  [ 09E41C653B31A4AF5B0E5D25C3FBC057, B45740F3FCF3565AC1D40486B9313B61F0824B36BD6C28DB057497ACD9D4FB39 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:23:34.0146 0x1dec  igfx - ok
23:23:34.0324 0x1dec  [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT          C:\Windows\System32\ikeext.dll
23:23:34.0352 0x1dec  IKEEXT - ok
23:23:35.0124 0x1dec  [ F962587545EAB719759C70DB286711E1, B49432498098486446ED4B7BA3BE511D6BD7668419E2DE3580BB45ABEF4B5326 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:23:35.0205 0x1dec  IntcAzAudAddService - ok
23:23:35.0320 0x1dec  [ B375D8686E1BD2B79C0F00E3868A8C3B, A15D99F04B69FB37ED3AC0C3BBA464BF6D6EB1873D4AE1062983120E3BD1C4DB ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
23:23:35.0360 0x1dec  IntcDAud - ok
23:23:35.0488 0x1dec  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
23:23:35.0512 0x1dec  Intel® Capability Licensing Service Interface - ok
23:23:35.0837 0x1dec  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
23:23:36.0028 0x1dec  Intel® Capability Licensing Service TCP IP Interface - ok
23:23:36.0047 0x1dec  [ 57739E742ABC085C2A4340D4404B4A8B, B4B85C35AC96D11F5940AFCB15A2B2A41D70E3C392E1D4D9353899FA140FF281 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
23:23:36.0201 0x1dec  Intel® ME Service - ok
23:23:36.0297 0x1dec  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:23:36.0323 0x1dec  intelide - ok
23:23:36.0361 0x1dec  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
23:23:36.0362 0x1dec  intelpep - ok
23:23:36.0380 0x1dec  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
23:23:36.0412 0x1dec  intelppm - ok
23:23:36.0416 0x1dec  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:23:36.0431 0x1dec  IpFilterDriver - ok
23:23:36.0491 0x1dec  [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:23:36.0523 0x1dec  iphlpsvc - ok
23:23:36.0658 0x1dec  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
23:23:36.0688 0x1dec  IPMIDRV - ok
23:23:36.0724 0x1dec  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:23:36.0749 0x1dec  IPNAT - ok
23:23:36.0798 0x1dec  [ 87F8EDF63C97BF0BF21359A3D8ABF0C7, BAAAE1DE50EBD1BCE46F33C5F3A7F3C39F61AB21416D78DAA7F8A19F38F67269 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:23:36.0814 0x1dec  iPod Service - ok
23:23:36.0830 0x1dec  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:23:36.0837 0x1dec  IRENUM - ok
23:23:36.0851 0x1dec  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:23:36.0857 0x1dec  isapnp - ok
23:23:36.0909 0x1dec  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
23:23:37.0022 0x1dec  iScsiPrt - ok
23:23:37.0057 0x1dec  [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC0A3039E26D7BEB ] iwdbus          C:\Windows\System32\drivers\iwdbus.sys
23:23:37.0081 0x1dec  iwdbus - ok
23:23:37.0132 0x1dec  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
23:23:37.0175 0x1dec  jhi_service - ok
23:23:37.0213 0x1dec  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
23:23:37.0250 0x1dec  kbdclass - ok
23:23:37.0277 0x1dec  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
23:23:37.0299 0x1dec  kbdhid - ok
23:23:37.0485 0x1dec  [ 6C6F4A5FC5A2343995D1B0F111D5CF06, 62282992D3B1634C7BBDD1BCFC13F77FC806AD85B2C667FA09D73355825D19A8 ] kbfiltr         C:\Windows\System32\drivers\kbfiltr.sys
23:23:37.0489 0x1dec  kbfiltr - ok
23:23:37.0493 0x1dec  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
23:23:37.0496 0x1dec  kdnic - ok
23:23:37.0522 0x1dec  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\Windows\system32\lsass.exe
23:23:37.0524 0x1dec  KeyIso - ok
23:23:37.0528 0x1dec  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:23:37.0530 0x1dec  KSecDD - ok
23:23:37.0575 0x1dec  [ 15C8C65CEA018C02EA0F648448C491C5, DF909704D22D891BE439B2E3D8386EA659444F91DC92AABFF9766446AEE5EBC0 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:23:37.0578 0x1dec  KSecPkg - ok
23:23:37.0685 0x1dec  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:23:37.0689 0x1dec  ksthunk - ok
23:23:37.0722 0x1dec  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:23:37.0761 0x1dec  KtmRm - ok
23:23:37.0807 0x1dec  [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:23:37.0813 0x1dec  LanmanServer - ok
23:23:38.0110 0x1dec  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:23:38.0172 0x1dec  LanmanWorkstation - ok
23:23:38.0285 0x1dec  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc           C:\Windows\System32\GeofenceMonitorService.dll
23:23:38.0591 0x1dec  lfsvc - ok
23:23:38.0606 0x1dec  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:23:38.0636 0x1dec  lltdio - ok
23:23:38.0686 0x1dec  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:23:38.0719 0x1dec  lltdsvc - ok
23:23:38.0745 0x1dec  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:23:38.0747 0x1dec  lmhosts - ok
23:23:38.0778 0x1dec  [ 6A35B295812CE7064CFBCD9F254169CF, 561DD131FED6F90686D8C031B45B87B6D065C7E0C8804AEFCDE239725AAEE43E ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:23:38.0783 0x1dec  LMS - ok
23:23:38.0856 0x1dec  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:23:38.0891 0x1dec  LSI_SAS - ok
23:23:38.0896 0x1dec  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:23:38.0909 0x1dec  LSI_SAS2 - ok
23:23:38.0913 0x1dec  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
23:23:38.0927 0x1dec  LSI_SAS3 - ok
23:23:38.0932 0x1dec  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
23:23:38.0947 0x1dec  LSI_SSS - ok
23:23:38.0990 0x1dec  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM             C:\Windows\System32\lsm.dll
23:23:39.0002 0x1dec  LSM - ok
23:23:39.0071 0x1dec  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:23:39.0073 0x1dec  luafv - ok
23:23:39.0122 0x1dec  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\Windows\system32\drivers\megasas.sys
23:23:39.0214 0x1dec  megasas - ok
23:23:39.0348 0x1dec  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
23:23:39.0393 0x1dec  megasr - ok
23:23:39.0459 0x1dec  [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
23:23:39.0466 0x1dec  MEIx64 - ok
23:23:39.0484 0x1dec  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\Windows\system32\mmcss.dll
23:23:39.0486 0x1dec  MMCSS - ok
23:23:39.0512 0x1dec  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\Windows\system32\drivers\modem.sys
23:23:39.0627 0x1dec  Modem - ok
23:23:39.0656 0x1dec  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\Windows\System32\drivers\monitor.sys
23:23:39.0660 0x1dec  monitor - ok
23:23:39.0664 0x1dec  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
23:23:39.0695 0x1dec  mouclass - ok
23:23:39.0716 0x1dec  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\Windows\System32\drivers\mouhid.sys
23:23:39.0717 0x1dec  mouhid - ok
23:23:39.0722 0x1dec  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:23:39.0724 0x1dec  mountmgr - ok
23:23:39.0728 0x1dec  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:23:39.0758 0x1dec  mpsdrv - ok
23:23:39.0812 0x1dec  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:23:39.0855 0x1dec  MpsSvc - ok
23:23:39.0914 0x1dec  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:23:39.0943 0x1dec  MRxDAV - ok
23:23:39.0986 0x1dec  [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:23:39.0993 0x1dec  mrxsmb - ok
23:23:40.0128 0x1dec  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:23:40.0132 0x1dec  mrxsmb10 - ok
23:23:40.0251 0x1dec  [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:23:40.0437 0x1dec  mrxsmb20 - ok
23:23:40.0507 0x1dec  [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
23:23:40.0540 0x1dec  MsBridge - ok
23:23:40.0654 0x1dec  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\Windows\System32\msdtc.exe
23:23:40.0775 0x1dec  MSDTC - ok
23:23:40.0888 0x1dec  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:23:40.0888 0x1dec  Msfs - ok
23:23:41.0019 0x1dec  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
23:23:41.0227 0x1dec  msgpiowin32 - ok
23:23:41.0249 0x1dec  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:23:41.0274 0x1dec  mshidkmdf - ok
23:23:41.0296 0x1dec  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
23:23:41.0321 0x1dec  mshidumdf - ok
23:23:41.0352 0x1dec  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:23:41.0352 0x1dec  msisadrv - ok
23:23:41.0381 0x1dec  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:23:41.0412 0x1dec  MSiSCSI - ok
23:23:41.0415 0x1dec  msiserver - ok
23:23:41.0434 0x1dec  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:23:41.0438 0x1dec  MSKSSRV - ok
23:23:41.0460 0x1dec  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
23:23:41.0465 0x1dec  MsLldp - ok
23:23:41.0497 0x1dec  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:23:41.0499 0x1dec  MSPCLOCK - ok
23:23:41.0503 0x1dec  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:23:41.0525 0x1dec  MSPQM - ok
23:23:41.0534 0x1dec  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:23:41.0540 0x1dec  MsRPC - ok
23:23:41.0546 0x1dec  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
23:23:41.0567 0x1dec  mssmbios - ok
23:23:41.0571 0x1dec  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:23:41.0574 0x1dec  MSTEE - ok
23:23:41.0578 0x1dec  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
23:23:41.0582 0x1dec  MTConfig - ok
23:23:41.0587 0x1dec  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\Windows\system32\Drivers\mup.sys
23:23:41.0588 0x1dec  Mup - ok
23:23:41.0617 0x1dec  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
23:23:41.0658 0x1dec  mvumis - ok
23:23:41.0700 0x1dec  [ 91D84C98D8C500E4F207D9C241A1ED5D, 2F4AAC60CC2572BEDE16C760156A6CF7D59FA95AB636B3A12B1F6AE444CC222A ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
23:23:41.0736 0x1dec  MyWiFiDHCPDNS - ok
23:23:41.0785 0x1dec  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\Windows\system32\qagentRT.dll
23:23:41.0796 0x1dec  napagent - ok
23:23:41.0871 0x1dec  [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:23:42.0171 0x1dec  NativeWifiP - ok
23:23:42.0214 0x1dec  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\Windows\System32\ncasvc.dll
23:23:42.0250 0x1dec  NcaSvc - ok
23:23:42.0281 0x1dec  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\Windows\System32\ncbservice.dll
23:23:42.0284 0x1dec  NcbService - ok
23:23:42.0289 0x1dec  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
23:23:42.0324 0x1dec  NcdAutoSetup - ok
23:23:42.0369 0x1dec  [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:23:42.0386 0x1dec  NDIS - ok
23:23:42.0433 0x1dec  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:23:42.0460 0x1dec  NdisCap - ok
23:23:42.0494 0x1dec  [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
23:23:42.0500 0x1dec  NdisImPlatform - ok
23:23:42.0517 0x1dec  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:23:42.0625 0x1dec  NdisTapi - ok
23:23:42.0661 0x1dec  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:23:42.0824 0x1dec  Ndisuio - ok
23:23:42.0882 0x1dec  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
23:23:42.0939 0x1dec  NdisVirtualBus - ok
23:23:43.0091 0x1dec  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:23:43.0181 0x1dec  NdisWan - ok
23:23:43.0211 0x1dec  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
23:23:43.0214 0x1dec  NdisWanLegacy - ok
23:23:43.0247 0x1dec  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:23:43.0273 0x1dec  NDProxy - ok
23:23:43.0307 0x1dec  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
23:23:43.0314 0x1dec  Ndu - ok
23:23:43.0328 0x1dec  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:23:43.0329 0x1dec  NetBIOS - ok
23:23:43.0337 0x1dec  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:23:43.0370 0x1dec  NetBT - ok
23:23:43.0398 0x1dec  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\Windows\system32\lsass.exe
23:23:43.0399 0x1dec  Netlogon - ok
23:23:43.0422 0x1dec  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\Windows\System32\netman.dll
23:23:43.0429 0x1dec  Netman - ok
23:23:43.0457 0x1dec  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\Windows\System32\netprofmsvc.dll
23:23:43.0465 0x1dec  netprofm - ok
23:23:43.0512 0x1dec  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:23:43.0601 0x1dec  NetTcpPortSharing - ok
23:23:43.0627 0x1dec  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\Windows\system32\DRIVERS\netvsc63.sys
23:23:43.0687 0x1dec  netvsc - ok
23:23:43.0970 0x1dec  [ 9F7C86B844F2A3B435547AFDC14EB4BC, 7645462A27925E0FB0F877EE2626D1D7017B3474B87C04BCD5CBA0D9E5B14A6B ] NETwNb64        C:\Windows\system32\DRIVERS\NETwbw02.sys
23:23:44.0085 0x1dec  NETwNb64 - ok
23:23:44.0265 0x1dec  [ B636B4A8E59A73033B766EA7FD7C3B81, CAC8614DEE83623DE56C969C668A33366793779084B6A23F59ADC98392115F8C ] NETwNe64        C:\Windows\system32\DRIVERS\NETwew02.sys
23:23:44.0371 0x1dec  NETwNe64 - ok
23:23:44.0663 0x1dec  [ 272BB8C52BE106B5CC69171AF1D281D4, 3D65A772C15440DF5895843185241D890CCDECA0E02DD6CF32CCB9B5849E31A4 ] NETwNs64        C:\Windows\system32\DRIVERS\Netwsw00.sys
23:23:44.0908 0x1dec  NETwNs64 - ok
23:23:45.0054 0x1dec  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:23:45.0185 0x1dec  NlaSvc - ok
23:23:45.0219 0x1dec  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:23:45.0220 0x1dec  Npfs - ok
23:23:45.0224 0x1dec  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
23:23:45.0250 0x1dec  npsvctrig - ok
23:23:45.0290 0x1dec  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\Windows\system32\nsisvc.dll
23:23:45.0292 0x1dec  nsi - ok
23:23:45.0298 0x1dec  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:23:45.0327 0x1dec  nsiproxy - ok
23:23:45.0407 0x1dec  [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:23:45.0435 0x1dec  Ntfs - ok
23:23:45.0448 0x1dec  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
23:23:45.0470 0x1dec  Null - ok
23:23:45.0721 0x1dec  [ 3B99271224C43ADAB5A7F8D4B574AE3F, 931B011EA7796C61922D892C11D880BCC0383FCECABC4F4855AF89BA20B9B01B ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:23:46.0044 0x1dec  nvlddmkm - ok
23:23:46.0134 0x1dec  [ EC4F787905DC5753C46A4C05CEBADF45, 334E7E277A6FDABD91108DC4FE0D861DE6C00616CCFDC5E2D390CDDED62AF5D5 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
23:23:46.0162 0x1dec  NvNetworkService - ok
23:23:46.0178 0x1dec  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:23:46.0185 0x1dec  nvraid - ok
23:23:46.0201 0x1dec  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:23:46.0229 0x1dec  nvstor - ok
23:23:46.0255 0x1dec  [ D92F4ED189C8207D0274B8B6BB494892, 8F7656662D3F26BE51AED9B7368278B18915F98A627E70021F914016BF3E22DB ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
23:23:46.0277 0x1dec  NvStreamKms - ok
23:23:46.0299 0x1dec  NvStreamSvc - ok
23:23:46.0345 0x1dec  [ 97ADEBE576474D4CEC53F8E06590FFC8, 2CC8587AAB595D7621AA57A33D94789BD9DC6DBFB4FA9BDEFBB425B7ACCB65AB ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:23:46.0359 0x1dec  nvsvc - ok
23:23:46.0430 0x1dec  [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
23:23:46.0439 0x1dec  nvvad_WaveExtensible - ok
23:23:46.0453 0x1dec  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:23:46.0466 0x1dec  nv_agp - ok
23:23:46.0513 0x1dec  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:23:46.0527 0x1dec  ose64 - ok
23:23:46.0572 0x1dec  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:23:46.0600 0x1dec  p2pimsvc - ok
23:23:46.0644 0x1dec  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:23:46.0673 0x1dec  p2psvc - ok
23:23:46.0709 0x1dec  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\Windows\System32\drivers\parport.sys
23:23:46.0716 0x1dec  Parport - ok
23:23:46.0729 0x1dec  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:23:46.0731 0x1dec  partmgr - ok
23:23:46.0763 0x1dec  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:23:46.0771 0x1dec  PcaSvc - ok
23:23:46.0895 0x1dec  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\Windows\system32\drivers\pci.sys
23:23:46.0899 0x1dec  pci - ok
23:23:46.0929 0x1dec  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:23:47.0078 0x1dec  pciide - ok
23:23:47.0104 0x1dec  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:23:47.0287 0x1dec  pcmcia - ok
23:23:47.0363 0x1dec  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:23:47.0364 0x1dec  pcw - ok
23:23:47.0408 0x1dec  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\Windows\system32\drivers\pdc.sys
23:23:47.0409 0x1dec  pdc - ok
23:23:47.0466 0x1dec  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:23:47.0486 0x1dec  PEAUTH - ok
23:23:47.0555 0x1dec  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:23:47.0584 0x1dec  PerfHost - ok
23:23:47.0662 0x1dec  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\Windows\system32\pla.dll
23:23:47.0692 0x1dec  pla - ok
23:23:47.0743 0x1dec  [ 650A060D264FDDB365513A31B0BF31B7, E5EE292D486063F70119013FE89C15953BD46795E001C8A71D612351BC26DF33 ] plctrl          C:\Program Files\ASUS\P4G\plctrl.sys
23:23:47.0746 0x1dec  plctrl - ok
23:23:47.0783 0x1dec  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:23:47.0789 0x1dec  PlugPlay - ok
23:23:47.0798 0x1dec  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:23:47.0822 0x1dec  PNRPAutoReg - ok
23:23:47.0856 0x1dec  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:23:47.0862 0x1dec  PNRPsvc - ok
23:23:47.0889 0x1dec  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:23:47.0919 0x1dec  PolicyAgent - ok
23:23:47.0956 0x1dec  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\Windows\system32\umpo.dll
23:23:47.0963 0x1dec  Power - ok
23:23:47.0988 0x1dec  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:23:47.0995 0x1dec  PptpMiniport - ok
23:23:48.0096 0x1dec  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
23:23:48.0140 0x1dec  PrintNotify - ok
23:23:48.0184 0x1dec  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\Windows\System32\drivers\processr.sys
23:23:48.0216 0x1dec  Processor - ok
23:23:48.0256 0x1dec  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:23:48.0265 0x1dec  ProfSvc - ok
23:23:48.0296 0x1dec  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:23:48.0326 0x1dec  Psched - ok
23:23:48.0365 0x1dec  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\Windows\system32\qwave.dll
23:23:48.0370 0x1dec  QWAVE - ok
23:23:48.0388 0x1dec  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:23:48.0395 0x1dec  QWAVEdrv - ok
23:23:48.0403 0x1dec  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:23:48.0427 0x1dec  RasAcd - ok
23:23:48.0460 0x1dec  [ 674A4702E4E144E8710ED1A2EC6DD049, 613A921101A6815C9185D5EF3E251A592604E56FADE945BB7E256885CAD473BC ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:23:48.0482 0x1dec  RasAgileVpn - ok
23:23:48.0505 0x1dec  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\Windows\System32\rasauto.dll
23:23:48.0533 0x1dec  RasAuto - ok
23:23:48.0578 0x1dec  [ BBB6272B7F46C4640A8CDB8A70C3450F, 4266C3ABD0D1D0219F715EA0F155744F7C1E3A7B722BE863831B57AE785419A2 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:23:48.0604 0x1dec  Rasl2tp - ok
23:23:48.0652 0x1dec  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\Windows\System32\rasmans.dll
23:23:48.0695 0x1dec  RasMan - ok
23:23:48.0699 0x1dec  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:23:48.0716 0x1dec  RasPppoe - ok
23:23:48.0754 0x1dec  [ 2B0F1677CDD08967005F34488559BC6F, FFF168EBD171C0B85A448AD1A04F66534E889AE1DC128F68EA3F35D5996C8D39 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:23:48.0798 0x1dec  RasSstp - ok
23:23:48.0838 0x1dec  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:23:48.0846 0x1dec  rdbss - ok
23:23:48.0863 0x1dec  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
23:23:48.0866 0x1dec  rdpbus - ok
23:23:48.0883 0x1dec  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
23:23:48.0908 0x1dec  RDPDR - ok
23:23:48.0948 0x1dec  [ 9F08A6608F98B5407E7DDBCF306573EF, 92812F97CFDB2EC128BC48143DE215B7D012B15D3FB4D2199222AD8C31DA5016 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:23:48.0970 0x1dec  RdpVideoMiniport - ok
23:23:49.0011 0x1dec  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:23:49.0016 0x1dec  rdyboost - ok
23:23:49.0216 0x1dec  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
23:23:49.0406 0x1dec  ReFS - ok
23:23:49.0610 0x1dec  [ 73023176A5708728CAA341A63D5567A1, 47B529A6A8D4B348B5D5D0E253003C5181060664E98B309F777829BC074DC55C ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:23:49.0613 0x1dec  RegSrvc - ok
23:23:49.0731 0x1dec  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:23:49.0780 0x1dec  RemoteAccess - ok
23:23:49.0810 0x1dec  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:23:49.0842 0x1dec  RemoteRegistry - ok
23:23:49.0888 0x1dec  [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
23:23:49.0928 0x1dec  RFCOMM - ok
23:23:49.0957 0x1dec  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:23:49.0959 0x1dec  RpcEptMapper - ok
23:23:49.0966 0x1dec  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\Windows\system32\locator.exe
23:23:49.0990 0x1dec  RpcLocator - ok
23:23:50.0043 0x1dec  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\Windows\system32\rpcss.dll
23:23:50.0055 0x1dec  RpcSs - ok
23:23:50.0099 0x1dec  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:23:50.0121 0x1dec  rspndr - ok
23:23:50.0155 0x1dec  [ 4EC89C0725CE4B98994B88F19B30C288, 4FA73C24A2E18D04CE27EEF17C9AE847D0251B711F60D116139F6166F90CD08F ] RSUSBVSTOR      C:\Windows\System32\Drivers\RtsUVStor.sys
23:23:50.0166 0x1dec  RSUSBVSTOR - ok
23:23:50.0188 0x1dec  [ CFE738C524F35B6E523A4D0F54840C30, 73E051DEA744EEC5202693C11EDABB36DE2D086160648D4E41F1F299CBAD8409 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
23:23:50.0228 0x1dec  RTL8168 - ok
23:23:50.0253 0x1dec  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
23:23:50.0291 0x1dec  s3cap - ok
23:23:50.0331 0x1dec  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\Windows\system32\lsass.exe
23:23:50.0333 0x1dec  SamSs - ok
23:23:50.0346 0x1dec  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:23:50.0389 0x1dec  sbp2port - ok
23:23:50.0420 0x1dec  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:23:50.0454 0x1dec  SCardSvr - ok
23:23:50.0481 0x1dec  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
23:23:50.0488 0x1dec  ScDeviceEnum - ok
23:23:50.0509 0x1dec  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:23:50.0538 0x1dec  scfilter - ok
23:23:50.0598 0x1dec  [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule        C:\Windows\system32\schedsvc.dll
23:23:50.0616 0x1dec  Schedule - ok
23:23:50.0665 0x1dec  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:23:50.0667 0x1dec  SCPolicySvc - ok
23:23:50.0708 0x1dec  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
23:23:50.0762 0x1dec  sdbus - ok
23:23:50.0800 0x1dec  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
23:23:50.0836 0x1dec  sdstor - ok
23:23:50.0855 0x1dec  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:23:50.0860 0x1dec  secdrv - ok
23:23:50.0880 0x1dec  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\Windows\system32\seclogon.dll
23:23:50.0882 0x1dec  seclogon - ok
23:23:50.0897 0x1dec  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\Windows\System32\sens.dll
23:23:50.0899 0x1dec  SENS - ok
23:23:50.0911 0x1dec  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:23:50.0915 0x1dec  SensrSvc - ok
23:23:50.0935 0x1dec  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
23:23:50.0963 0x1dec  SerCx - ok
23:23:51.0005 0x1dec  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
23:23:51.0043 0x1dec  SerCx2 - ok
23:23:51.0047 0x1dec  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\Windows\System32\drivers\serenum.sys
23:23:51.0062 0x1dec  Serenum - ok
23:23:51.0088 0x1dec  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
23:23:51.0125 0x1dec  Serial - ok
23:23:51.0128 0x1dec  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
23:23:51.0149 0x1dec  sermouse - ok
23:23:51.0192 0x1dec  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:23:51.0232 0x1dec  SessionEnv - ok
23:23:51.0235 0x1dec  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
23:23:51.0249 0x1dec  sfloppy - ok
23:23:51.0296 0x1dec  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:23:51.0334 0x1dec  SharedAccess - ok
23:23:51.0558 0x1dec  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:23:51.0569 0x1dec  ShellHWDetection - ok
23:23:51.0654 0x1dec  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:23:51.0660 0x1dec  SiSRaid2 - ok
23:23:51.0679 0x1dec  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:23:51.0756 0x1dec  SiSRaid4 - ok
23:23:51.0809 0x1dec  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\Windows\System32\smphost.dll
23:23:51.0873 0x1dec  smphost - ok
23:23:51.0897 0x1dec  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:23:51.0921 0x1dec  SNMPTRAP - ok
23:23:51.0967 0x1dec  [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport       C:\Windows\system32\drivers\spaceport.sys
23:23:51.0973 0x1dec  spaceport - ok
23:23:51.0977 0x1dec  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
23:23:52.0012 0x1dec  SpbCx - ok
23:23:52.0062 0x1dec  [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler         C:\Windows\System32\spoolsv.exe
23:23:52.0075 0x1dec  Spooler - ok
23:23:52.0244 0x1dec  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\Windows\system32\sppsvc.exe
23:23:52.0338 0x1dec  sppsvc - ok
23:23:52.0395 0x1dec  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:23:52.0400 0x1dec  srv - ok
23:23:52.0426 0x1dec  [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:23:52.0435 0x1dec  srv2 - ok
23:23:52.0476 0x1dec  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:23:52.0479 0x1dec  srvnet - ok
23:23:52.0516 0x1dec  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:23:52.0521 0x1dec  SSDPSRV - ok
23:23:52.0531 0x1dec  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:23:52.0561 0x1dec  SstpSvc - ok
23:23:52.0596 0x1dec  [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
23:23:52.0637 0x1dec  ssudmdm - ok
23:23:52.0717 0x1dec  [ 9DA3B55B17B54789AFB8C657D4ACE4D7, 5E4599E682327E3B8097A88A69ED73F96254A29054744D5DFB782054863F131E ] ss_conn_service C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
23:23:52.0728 0x1dec  ss_conn_service - ok
23:23:52.0749 0x1dec  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:23:52.0781 0x1dec  stexstor - ok
23:23:52.0959 0x1dec  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\Windows\System32\wiaservc.dll
23:23:52.0972 0x1dec  stisvc - ok
23:23:52.0993 0x1dec  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
23:23:53.0034 0x1dec  storahci - ok
23:23:53.0055 0x1dec  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
23:23:53.0081 0x1dec  storflt - ok
23:23:53.0087 0x1dec  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
23:23:53.0095 0x1dec  stornvme - ok
23:23:53.0128 0x1dec  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\Windows\system32\storsvc.dll
23:23:53.0133 0x1dec  StorSvc - ok
23:23:53.0137 0x1dec  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\Windows\system32\drivers\storvsc.sys
23:23:53.0164 0x1dec  storvsc - ok
23:23:53.0189 0x1dec  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\Windows\system32\svsvc.dll
23:23:53.0222 0x1dec  svsvc - ok
23:23:53.0250 0x1dec  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\Windows\System32\drivers\swenum.sys
23:23:53.0255 0x1dec  swenum - ok
23:23:53.0394 0x1dec  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:23:53.0402 0x1dec  SwitchBoard - ok
23:23:53.0508 0x1dec  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv           C:\Windows\System32\swprv.dll
23:23:53.0520 0x1dec  swprv - ok
23:23:53.0663 0x1dec  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\Windows\system32\sysmain.dll
23:23:53.0694 0x1dec  SysMain - ok
23:23:53.0787 0x1dec  [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
23:23:53.0792 0x1dec  SystemEventsBroker - ok
23:23:53.0814 0x1dec  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\Windows\System32\TabSvc.dll
23:23:53.0817 0x1dec  TabletInputService - ok
23:23:53.0844 0x1dec  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
23:23:53.0866 0x1dec  tap0901 - ok
23:23:53.0892 0x1dec  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:23:53.0930 0x1dec  TapiSrv - ok
23:23:53.0961 0x1dec  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD, 58F14DAA0EA21EA2F2A1D3D62C88BD8E5A0E0EF498B7B8D367BEEADE6A46843C ] tapoas          C:\Windows\system32\DRIVERS\tapoas.sys
23:23:53.0981 0x1dec  tapoas - ok
23:23:54.0074 0x1dec  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:23:54.0111 0x1dec  Tcpip - ok
23:23:54.0158 0x1dec  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:23:54.0190 0x1dec  TCPIP6 - ok
23:23:54.0234 0x1dec  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:23:54.0261 0x1dec  tcpipreg - ok
23:23:54.0335 0x1dec  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:23:54.0358 0x1dec  tdx - ok
23:23:54.0379 0x1dec  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
23:23:54.0407 0x1dec  terminpt - ok
23:23:54.0462 0x1dec  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService     C:\Windows\System32\termsrv.dll
23:23:54.0485 0x1dec  TermService - ok
23:23:54.0502 0x1dec  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\Windows\system32\themeservice.dll
23:23:54.0504 0x1dec  Themes - ok
23:23:54.0527 0x1dec  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\Windows\system32\mmcss.dll
23:23:54.0533 0x1dec  THREADORDER - ok
23:23:54.0540 0x1dec  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
23:23:54.0546 0x1dec  TimeBroker - ok
23:23:54.0574 0x1dec  [ E6488935EB54FF211692F4952AEC5295, 48E9AD8003DADF9CBEAD4E38329E1CBDEB51092CD16A39FEE1CB8C5BFCC45562 ] tpfiltdev       C:\Windows\System32\drivers\tpfiltdev.sys
23:23:54.0577 0x1dec  tpfiltdev - ok
23:23:54.0602 0x1dec  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\Windows\system32\drivers\tpm.sys
23:23:54.0611 0x1dec  TPM - ok
23:23:54.0630 0x1dec  [ D10540001C13EE71F3B5FBEA5269F671, 2735001EEAC94B4DD22EF9D2D3CBE080BDBD0A0028FE08E4B1BD2C41F7909D04 ] tpusbnet        C:\Windows\system32\DRIVERS\tpusbnet.sys
23:23:54.0679 0x1dec  tpusbnet - ok
23:23:54.0703 0x1dec  [ 66E0B6F54C3C850F52BCAC603E4907BC, 30814973D5D6E75FE4FC4104109412C9C9FCA05B7E2ED5C37189274B35E5740B ] tpusbser        C:\Windows\system32\DRIVERS\tpusbser.sys
23:23:54.0736 0x1dec  tpusbser - ok
23:23:54.0742 0x1dec  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\Windows\System32\trkwks.dll
23:23:54.0745 0x1dec  TrkWks - ok
23:23:54.0830 0x1dec  [ FD44FA80DA03EA144153A76DEBBB61B4, 0C46717F489A415A583470DAE8CF58E47BC307B9CB0F9DB6C4EDF33B7525475C ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
23:23:54.0861 0x1dec  TrueSight - ok
23:23:54.0935 0x1dec  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:23:54.0939 0x1dec  TrustedInstaller - ok
23:23:54.0955 0x1dec  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:23:54.0981 0x1dec  TsUsbFlt - ok
23:23:54.0985 0x1dec  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
23:23:55.0025 0x1dec  TsUsbGD - ok
23:23:55.0074 0x1dec  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:23:55.0151 0x1dec  tunnel - ok
23:23:55.0155 0x1dec  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:23:55.0168 0x1dec  uagp35 - ok
23:23:55.0192 0x1dec  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
23:23:55.0262 0x1dec  UASPStor - ok
23:23:55.0292 0x1dec  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
23:23:55.0323 0x1dec  UCX01000 - ok
23:23:55.0355 0x1dec  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:23:55.0389 0x1dec  udfs - ok
23:23:55.0412 0x1dec  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
23:23:55.0417 0x1dec  UEFI - ok
23:23:55.0437 0x1dec  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:23:55.0605 0x1dec  UI0Detect - ok
23:23:55.0629 0x1dec  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:23:55.0750 0x1dec  uliagpkx - ok
23:23:55.0779 0x1dec  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\Windows\System32\drivers\umbus.sys
23:23:55.0804 0x1dec  umbus - ok
23:23:55.0807 0x1dec  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
23:23:55.0817 0x1dec  UmPass - ok
23:23:55.0849 0x1dec  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\Windows\System32\umrdp.dll
23:23:55.0876 0x1dec  UmRdpService - ok
23:23:55.0941 0x1dec  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\Windows\System32\upnphost.dll
23:23:55.0948 0x1dec  upnphost - ok
23:23:55.0972 0x1dec  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\System32\Drivers\usbaapl64.sys
23:23:55.0978 0x1dec  USBAAPL64 - ok
23:23:56.0013 0x1dec  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
23:23:56.0044 0x1dec  usbccgp - ok
23:23:56.0072 0x1dec  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
23:23:56.0080 0x1dec  usbcir - ok
23:23:56.0104 0x1dec  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
23:23:56.0112 0x1dec  usbehci - ok
23:23:56.0140 0x1dec  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
23:23:56.0160 0x1dec  usbhub - ok
23:23:56.0177 0x1dec  [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
23:23:56.0227 0x1dec  USBHUB3 - ok
23:23:56.0280 0x1dec  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
23:23:56.0285 0x1dec  usbohci - ok
23:23:56.0288 0x1dec  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
23:23:56.0293 0x1dec  usbprint - ok
23:23:56.0329 0x1dec  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
23:23:56.0359 0x1dec  USBSTOR - ok
23:23:56.0387 0x1dec  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
23:23:56.0420 0x1dec  usbuhci - ok
23:23:56.0449 0x1dec  [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
23:23:56.0458 0x1dec  usbvideo - ok
23:23:56.0504 0x1dec  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
23:23:56.0543 0x1dec  USBXHCI - ok
23:23:56.0577 0x1dec  [ 3CAAB947B1F247A570DE15983BEDEBCF, 81480D999F67A1755D5C21CE046FB439F0FBD743F73D23C19BC8C4DEB78A4F91 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
23:23:56.0581 0x1dec  usb_rndisx - ok
23:23:56.0591 0x1dec  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\Windows\system32\lsass.exe
23:23:56.0592 0x1dec  VaultSvc - ok
23:23:56.0596 0x1dec  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:23:56.0597 0x1dec  vdrvroot - ok
23:23:56.0634 0x1dec  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\Windows\System32\vds.exe
23:23:56.0666 0x1dec  vds - ok
23:23:56.0683 0x1dec  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
23:23:56.0728 0x1dec  VerifierExt - ok
23:23:56.0784 0x1dec  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
23:23:56.0820 0x1dec  vhdmp - ok
23:23:56.0851 0x1dec  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:23:56.0855 0x1dec  viaide - ok
23:23:56.0860 0x1dec  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\Windows\system32\drivers\vmbus.sys
23:23:56.0899 0x1dec  vmbus - ok
23:23:56.0902 0x1dec  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
23:23:56.0905 0x1dec  VMBusHID - ok
23:23:56.0943 0x1dec  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
23:23:56.0988 0x1dec  vmicguestinterface - ok
23:23:56.0999 0x1dec  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
23:23:57.0007 0x1dec  vmicheartbeat - ok
23:23:57.0020 0x1dec  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
23:23:57.0030 0x1dec  vmickvpexchange - ok
23:23:57.0047 0x1dec  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\Windows\System32\ICSvc.dll
23:23:57.0054 0x1dec  vmicrdv - ok
23:23:57.0065 0x1dec  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
23:23:57.0072 0x1dec  vmicshutdown - ok
23:23:57.0082 0x1dec  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\Windows\System32\ICSvc.dll
23:23:57.0090 0x1dec  vmictimesync - ok
23:23:57.0101 0x1dec  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\Windows\System32\ICSvc.dll
23:23:57.0112 0x1dec  vmicvss - ok
23:23:57.0150 0x1dec  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:23:57.0151 0x1dec  volmgr - ok
23:23:57.0161 0x1dec  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:23:57.0168 0x1dec  volmgrx - ok
23:23:57.0211 0x1dec  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:23:57.0215 0x1dec  volsnap - ok
23:23:57.0219 0x1dec  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\Windows\System32\drivers\vpci.sys
23:23:57.0246 0x1dec  vpci - ok
23:23:57.0280 0x1dec  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:23:57.0310 0x1dec  vsmraid - ok
23:23:57.0372 0x1dec  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS             C:\Windows\system32\vssvc.exe
23:23:57.0395 0x1dec  VSS - ok
23:23:57.0406 0x1dec  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
23:23:57.0527 0x1dec  VSTXRAID - ok
23:23:57.0559 0x1dec  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:23:57.0695 0x1dec  vwifibus - ok
23:23:57.0739 0x1dec  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:23:57.0811 0x1dec  vwififlt - ok
23:23:57.0893 0x1dec  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
23:23:57.0926 0x1dec  vwifimp - ok
23:23:58.0026 0x1dec  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\Windows\system32\w32time.dll
23:23:58.0035 0x1dec  W32Time - ok
23:23:58.0054 0x1dec  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
23:23:58.0080 0x1dec  WacomPen - ok
23:23:58.0102 0x1dec  [ AFCD4054D61BD708B82991348ED1C763, EBDAC0E218F1DFC405DB3C8A2F014D20A17B0690EA381C750BED5C2AFCDFEBE3 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:23:58.0128 0x1dec  WANARP - ok
23:23:58.0131 0x1dec  [ AFCD4054D61BD708B82991348ED1C763, EBDAC0E218F1DFC405DB3C8A2F014D20A17B0690EA381C750BED5C2AFCDFEBE3 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:23:58.0133 0x1dec  Wanarpv6 - ok
23:23:58.0203 0x1dec  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\Windows\system32\wbengine.exe
23:23:58.0257 0x1dec  wbengine - ok
23:23:58.0304 0x1dec  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:23:58.0314 0x1dec  WbioSrvc - ok
23:23:58.0356 0x1dec  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
23:23:58.0362 0x1dec  Wcmsvc - ok
23:23:58.0428 0x1dec  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:23:58.0436 0x1dec  wcncsvc - ok
23:23:58.0448 0x1dec  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:23:58.0475 0x1dec  WcsPlugInService - ok
23:23:58.0517 0x1dec  [ 0359607177E5E9F6041136CC0A5CB0B6, 16687BE2639648CF46E8768BA1798030472C525612C629BF134D053240E2195B ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
23:23:58.0547 0x1dec  WdBoot - ok
23:23:58.0584 0x1dec  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\System32\drivers\wdcsam64.sys
23:23:58.0587 0x1dec  WDC_SAM - ok
23:23:58.0628 0x1dec  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:23:58.0640 0x1dec  Wdf01000 - ok
23:23:58.0688 0x1dec  [ DE8D12B4C3F55FA2C5E9774314F6C58A, C3E835DC066A94E1431BCDC90D7EA27AAC6F82826F4A5527B37D865241D7A366 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
23:23:58.0727 0x1dec  WdFilter - ok
23:23:58.0766 0x1dec  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:23:58.0768 0x1dec  WdiServiceHost - ok
23:23:58.0772 0x1dec  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:23:58.0774 0x1dec  WdiSystemHost - ok
23:23:58.0797 0x1dec  [ 4AD874CDC812EC156265E451B6B09DAB, 6E3E05B8301841425E9BB0D54B35EF386B78EEB307B5A6153FD1F366D30F23FA ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
23:23:58.0824 0x1dec  WdNisDrv - ok
23:23:58.0857 0x1dec  WdNisSvc - ok
23:23:58.0903 0x1dec  [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient       C:\Windows\System32\webclnt.dll
23:23:58.0909 0x1dec  WebClient - ok
23:23:58.0925 0x1dec  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:23:58.0968 0x1dec  Wecsvc - ok
23:23:58.0995 0x1dec  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
23:23:59.0002 0x1dec  WEPHOSTSVC - ok
23:23:59.0042 0x1dec  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:23:59.0046 0x1dec  wercplsupport - ok
23:23:59.0084 0x1dec  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:23:59.0087 0x1dec  WerSvc - ok
23:23:59.0129 0x1dec  [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
23:23:59.0131 0x1dec  WFPLWFS - ok
23:23:59.0155 0x1dec  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\Windows\System32\wiarpc.dll
23:23:59.0164 0x1dec  WiaRpc - ok
23:23:59.0189 0x1dec  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:23:59.0217 0x1dec  WIMMount - ok
23:23:59.0219 0x1dec  WinDefend - ok
23:23:59.0260 0x1dec  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
23:23:59.0272 0x1dec  WinHttpAutoProxySvc - ok
23:23:59.0315 0x1dec  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:23:59.0318 0x1dec  Winmgmt - ok
23:23:59.0405 0x1dec  [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:23:59.0477 0x1dec  WinRM - ok
23:23:59.0537 0x1dec  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\Windows\System32\drivers\WinUSB.sys
23:23:59.0566 0x1dec  WinUsb - ok
23:23:59.0632 0x1dec  [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc         C:\Windows\System32\wlansvc.dll
23:23:59.0657 0x1dec  WlanSvc - ok
23:23:59.0843 0x1dec  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
23:23:59.0868 0x1dec  wlidsvc - ok
23:23:59.0973 0x1dec  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
23:24:00.0001 0x1dec  WmiAcpi - ok
23:24:00.0044 0x1dec  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:24:00.0071 0x1dec  wmiApSrv - ok
23:24:00.0105 0x1dec  WMPNetworkSvc - ok
23:24:00.0145 0x1dec  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\Windows\system32\drivers\Wof.sys
23:24:00.0148 0x1dec  Wof - ok
23:24:00.0223 0x1dec  [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
23:24:00.0281 0x1dec  workfolderssvc - ok
23:24:00.0322 0x1dec  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
23:24:00.0327 0x1dec  wpcfltr - ok
23:24:00.0351 0x1dec  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:24:00.0356 0x1dec  WPCSvc - ok
23:24:00.0365 0x1dec  [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:24:00.0368 0x1dec  WPDBusEnum - ok
23:24:00.0380 0x1dec  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
23:24:00.0406 0x1dec  WpdUpFltr - ok
23:24:00.0451 0x1dec  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:24:00.0472 0x1dec  ws2ifsl - ok
23:24:00.0512 0x1dec  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\Windows\System32\wscsvc.dll
23:24:00.0516 0x1dec  wscsvc - ok
23:24:00.0536 0x1dec  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
23:24:00.0540 0x1dec  WSDPrintDevice - ok
23:24:00.0566 0x1dec  [ D38297814FB6E33655342D869996E617, 3701892EEF87D1BF0E73322B90678802B6EA4AFA9CBF6111F39611C79DBA96C7 ] WSDScan         C:\Windows\System32\drivers\WSDScan.sys
23:24:00.0569 0x1dec  WSDScan - ok
23:24:00.0572 0x1dec  WSearch - ok
23:24:00.0684 0x1dec  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService       C:\Windows\System32\WSService.dll
23:24:00.0745 0x1dec  WSService - ok
23:24:00.0850 0x1dec  [ DCD090318EC800CF6275C6835900B0C6, 9E72762EEE46CC0606B909850E6D22E9C8E5C88E82F7C974B2B7C1E5160BEBA7 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:24:00.0909 0x1dec  wuauserv - ok
23:24:00.0932 0x1dec  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:24:00.0959 0x1dec  WudfPf - ok
23:24:00.0983 0x1dec  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
23:24:01.0009 0x1dec  WUDFRd - ok
23:24:01.0021 0x1dec  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP    C:\Windows\System32\drivers\WUDFRd.sys
23:24:01.0024 0x1dec  WUDFSensorLP - ok
23:24:01.0032 0x1dec  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:24:01.0036 0x1dec  wudfsvc - ok
23:24:01.0045 0x1dec  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
23:24:01.0049 0x1dec  WUDFWpdFs - ok
23:24:01.0054 0x1dec  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
23:24:01.0058 0x1dec  WUDFWpdMtp - ok
23:24:01.0098 0x1dec  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:24:01.0112 0x1dec  WwanSvc - ok
23:24:01.0245 0x1dec  [ 823302D012F67DA0E76EBA3C3A885AA5, 031471C4B67654817254D4E19F94705333FF53184E0803CF111F7DC15FD75F8C ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
23:24:01.0300 0x1dec  ZeroConfigService - ok
23:24:01.0317 0x1dec  ================ Scan global ===============================
23:24:01.0361 0x1dec  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\Windows\system32\basesrv.dll
23:24:01.0406 0x1dec  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\Windows\system32\winsrv.dll
23:24:01.0454 0x1dec  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\Windows\system32\sxssrv.dll
23:24:01.0499 0x1dec  [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\Windows\system32\services.exe
23:24:01.0506 0x1dec  [ Global ] - ok
23:24:01.0506 0x1dec  ================ Scan MBR ==================================
23:24:01.0519 0x1dec  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
23:24:01.0523 0x1dec  \Device\Harddisk0\DR0 - ok
23:24:01.0524 0x1dec  ================ Scan VBR ==================================
23:24:01.0526 0x1dec  [ BFD4D107900FA60401EA63790008AF48 ] \Device\Harddisk0\DR0\Partition1
23:24:01.0571 0x1dec  \Device\Harddisk0\DR0\Partition1 - ok
23:24:01.0580 0x1dec  [ 7AE197EE06A98302267A8B5369927220 ] \Device\Harddisk0\DR0\Partition2
23:24:01.0641 0x1dec  \Device\Harddisk0\DR0\Partition2 - ok
23:24:01.0650 0x1dec  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
23:24:01.0650 0x1dec  \Device\Harddisk0\DR0\Partition3 - ok
23:24:01.0664 0x1dec  [ 303A9ABBAFA069B7C8CA305C12F66B5C ] \Device\Harddisk0\DR0\Partition4
23:24:01.0796 0x1dec  \Device\Harddisk0\DR0\Partition4 - ok
23:24:01.0850 0x1dec  [ 9E2687B836B7D7CEFFDB9A073F260D97 ] \Device\Harddisk0\DR0\Partition5
23:24:01.0921 0x1dec  \Device\Harddisk0\DR0\Partition5 - ok
23:24:01.0921 0x1dec  ================ Scan generic autorun ======================
23:24:02.0020 0x1dec  [ C2243DA410D23C77B08C58AF53C44F5E, 78EDEC282BEAA1D6F603DAF11DB784C2015DE409B54C511CDB3AD3700A4A140A ] C:\Windows\system32\igfxtray.exe
23:24:02.0026 0x1dec  IgfxTray - ok
23:24:02.0043 0x1dec  [ 0D75DE5FB54237E8DDBBA26C3263972A, 1BE77A1CD35322782D3D9A80A7CD200F394E8990B51DE3BC49B8C7D6EB562B5F ] C:\Windows\system32\hkcmd.exe
23:24:02.0056 0x1dec  HotKeysCmds - ok
23:24:02.0059 0x1dec  BTMTrayAgent - ok
23:24:02.0084 0x1dec  [ 6E0BDFBEEED65B017F2E4C2C910B0520, 54D798C2E2804DCDB84E9650EA4A032C669B10C586B396D5505F16235D83882C ] C:\Windows\system32\rundll32.exe
23:24:02.0085 0x1dec  ShadowPlay - ok
23:24:02.0180 0x1dec  [ 1F441326CD77B3F1532D487004B180FF, FD2FE6EECE1EF99F800DAF7B0C825C94FACE4C6D5806A2335B4D3C41F1E87F7F ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
23:24:02.0217 0x1dec  NvBackend - ok
23:24:02.0323 0x1dec  [ 1315C5C5C54CE2AA37A155F97027DB59, 70CDA6AE7FF4FD08FAD931477C524957952EDC89985696FD988B9786A349C565 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
23:24:02.0329 0x1dec  AdobeAAMUpdater-1.0 - ok
23:24:02.0369 0x1dec  [ FF0FAB199882C00D6DC54CA035865C49, BF4D65D96F8DC0057042C2A4B70106D156B0D13C75839935BC9051089363C495 ] C:\Program Files\iTunes\iTunesHelper.exe
23:24:02.0371 0x1dec  iTunesHelper - ok
23:24:02.0463 0x1dec  [ 07CF5B01CD55D63E986B63D63539C32A, 88DC0B9D534E570F96D6D6938C99660B7EA19B4C2AF3E6DF261C60915DEDAC5C ] C:\Program Files (x86)\ASUS\APRP\APRP.EXE
23:24:02.0591 0x1dec  ASUSPRP - ok
23:24:02.0674 0x1dec  [ C049C40CAEE8900130BD5F80B594CC7B, F54FC31662A9B8032B380793D534F34A0C63FED9C84DE313D17A61612EB31DC4 ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
23:24:02.0676 0x1dec  RemoteControl10 - ok
23:24:02.0700 0x1dec  [ 9773782D7DD122E1CFA71DE7E067F196, C78220E74B4BBB185E53A9B4A67273926CD253EEE4052A71E098A3254B379369 ] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
23:24:02.0702 0x1dec  BDRegion - ok
23:24:02.0734 0x1dec  [ EC993ED73E8F71680B9C1954D06A24F3, CB18AD3451F96A3ACD9F31FE4985A4FF6EAE3EB4ECCC0C3AEC2B22BBE064A411 ] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
23:24:02.0738 0x1dec  ASUS InstantKey - ok
23:24:02.0786 0x1dec  [ 70BC8374217BFC5C24D4504C2459FEB6, EDFCE91A3A2475AF3396E543B5C7421650D764C03ACF84AC1815431E77983B9A ] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
23:24:02.0787 0x1dec  CLMLServer - ok
23:24:02.0843 0x1dec  [ A162B967A88BF374A81E01EF6E7A2655, 3616D7DDF72964EB1C7C40E45CCEFD7116252607068AEB9FB093F20064FB5BA2 ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
23:24:02.0852 0x1dec  avgnt - ok
23:24:02.0958 0x1dec  [ DFCD94101C5AAE5BDE2F662A60E725EA, ACEF94E75342AE8328C21555B2D640FA80F0110ED0BDE1CB4D3188A8AE9F600F ] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
23:24:02.0976 0x1dec  CanonQuickMenu - ok
23:24:03.0091 0x1dec  beid - ok
23:24:03.0314 0x1dec  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:24:03.0369 0x1dec  Adobe ARM - ok
23:24:03.0425 0x1dec  [ 247FD3171B3E08CFCC8ACB540818CA15, 7F1195A40187C04CEE532B258421A3422AACA16BE54FD55F12966DC00FDBDCC4 ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
23:24:03.0431 0x1dec  IJNetworkScannerSelectorEX - ok
23:24:03.0500 0x1dec  [ 308F2EE28005510DE616409148CF077B, A2126CB185B0053086BDD6F0A16A503F6CA629AC677E4B7AE6D43C770061D087 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
23:24:03.0504 0x1dec  SunJavaUpdateSched - ok
23:24:03.0554 0x1dec  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:24:03.0563 0x1dec  SwitchBoard - ok
23:24:03.0649 0x1dec  [ 8FE651ACBA3344E645CFEB6286FFF6B8, ECE4DFFEB7EB0B19B6790FD0F619A5C4B23CA0BA9CC3F25924925F8EA07264B6 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
23:24:03.0938 0x1dec  AdobeCS6ServiceManager - ok
23:24:04.0253 0x1dec  [ 5541A3BDC236D261B9EDC122643D5871, 54F53BCF61C3E413EADD3069AF5937661C3746519F372437CEECCE2DE1872012 ] C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
23:24:04.0347 0x1dec  Power2GoExpress - ok
23:24:04.0412 0x1dec  [ FF1AC73491E703FB01E2952455F20AAB, C6DFA9D4354E19F0D7A1CF270AD097A0CF0A5B5C8E26D4E2E9E5173ECEDD59F5 ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
23:24:04.0424 0x1dec  GoogleChromeAutoLaunch_EC4FBE61DE590B2C589EF8FDE6C2E536 - ok
23:24:04.0487 0x1dec  [ 624BE27E112CC7632F532CC8C5695F07, B15FE48276D5280F2500AAA2AEABEA0861F2317B1FC1843D08DFA9357AA92C3B ] C:\Program Files\Supercopier\supercopier.exe
23:24:04.0507 0x1dec  ultracopier - ok
23:24:04.0557 0x1dec  GoogleDriveSync - ok
23:24:04.0682 0x1dec  [ 44A9229022A519ED45294A1934C05EEC, 6DEF0DB5F9B50E9B0AFEE1CF50066BEB4FB7E15E2DC829A499509925660D6992 ] C:\Users\Quent187\AppData\Local\FluxSoftware\Flux\flux.exe
23:24:04.0696 0x1dec  f.lux - ok
23:24:04.0835 0x1dec  [ ECC9B782385F30965970ACA1BEA26B27, 7BB9E380E114EE477E2F71B49FBA54D578BC2C9CB302AEA3F7823850D6E3E6F5 ] C:\Program Files\CCleaner\CCleaner64.exe
23:24:04.0925 0x1dec  CCleaner Monitoring - ok
23:24:05.0031 0x1dec  [ ECC9B782385F30965970ACA1BEA26B27, 7BB9E380E114EE477E2F71B49FBA54D578BC2C9CB302AEA3F7823850D6E3E6F5 ] C:\Program Files\CCleaner\CCleaner64.exe
23:24:05.0108 0x1dec  CCleaner - ok
23:24:05.0181 0x1dec  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Users\Quent187\AppData\Local\Google\Update\GoogleUpdate.exe
23:24:05.0182 0x1dec  Google Update - ok
23:24:05.0293 0x1dec  [ FA18A83CD2D176C72692F149C549E247, C845C47CF894FE312E1CC4C2667AFBAFABFCFFD0F8425D9ED34324AA9E491BD3 ] C:\Users\Quent187\AppData\Roaming\uTorrent\uTorrent.exe
23:24:05.0570 0x1dec  uTorrent - ok
23:24:05.0612 0x1dec  [ 2A3FB4C98F139038E23330D2439DB8A4, DE9253AD362B03FA5D3D4912662398E5C4AC76F7274B83E51C251A6921A5B838 ] C:\Users\Quent187\AppData\Local\Facebook\Update\FacebookUpdate.exe
23:24:05.0614 0x1dec  Facebook Update - ok
23:24:05.0615 0x1dec  Waiting for KSN requests completion. In queue: 166
23:24:06.0616 0x1dec  Waiting for KSN requests completion. In queue: 166
23:24:07.0616 0x1dec  Waiting for KSN requests completion. In queue: 166
23:24:08.0717 0x1dec  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x41000 ( enabled : updated )
23:24:08.0793 0x1dec  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.6.305.0 ), 0x60100 ( disabled : updated )
23:24:08.0825 0x1dec  Win FW state via NFP2: enabled
23:24:11.0222 0x1dec  ============================================================
23:24:11.0222 0x1dec  Scan finished
23:24:11.0222 0x1dec  ============================================================
23:24:11.0230 0x1cc0  Detected object count: 0
23:24:11.0230 0x1cc0  Actual detected object count: 0
23:24:50.0729 0x0f64  Deinitialize success
 
 
Thank you,
 
Quentin.


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 AM

Posted 18 February 2015 - 07:07 AM

So, we know you have no RootKits. That are good news! :)But we still need to fix the miner.exe issue.
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Quent187

Quent187
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 18 February 2015 - 11:51 AM

Hello,

 

Yes indeed!

 

Here's the log :

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Quent187 (administrator) on QUENTIN on 18-02-2015 17:48:18
Running from C:\Users\Quent187\Desktop
Loaded Profiles: Quent187 (Available profiles: Quent187)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hanwang Technology Co.,Ltd. ) C:\Program Files\ASUS\ASUS FaceID\HWFaceKeyService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS Console\ASUS Console Starter.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ultracopier.first-world.info) C:\Program Files\Supercopier\supercopier.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Flux Software LLC) C:\Users\Quent187\AppData\Local\FluxSoftware\Flux\flux.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dropbox, Inc.) C:\Users\Quent187\AppData\Roaming\Dropbox\bin\Dropbox.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Quent187\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179976 2013-09-10] (cyberlink)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [13936 2013-12-19] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKLM-x32\...\Run: [beid] => "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [Power2GoExpress] => C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe [2649816 2012-12-24] (CyberLink Corp.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [GoogleChromeAutoLaunch_EC4FBE61DE590B2C589EF8FDE6C2E536] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [ultracopier] => C:\Program Files\Supercopier\supercopier.exe [1319936 2014-02-19] (ultracopier.first-world.info)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [f.lux] => C:\Users\Quent187\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6185240 2013-06-19] (Piriform Ltd)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6185240 2013-06-19] (Piriform Ltd)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [Google Update] => C:\Users\Quent187\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-19] (Google Inc.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [uTorrent] => C:\Users\Quent187\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-22] (BitTorrent Inc.)
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Run: [Facebook Update] => C:\Users\Quent187\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-07] (Facebook Inc.)
Startup: C:\Users\Quent187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Quent187\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Quent187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Quent187\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Quent187\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Quent187\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-4237854855-1735647191-1485768694-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Quent187\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: eID België - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.be/
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-06-11]
CHR Extension: (Superbe capture d'écran : capturer et annoter) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2014-06-11]
CHR Extension: (Google Docs) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-11]
CHR Extension: (Google Drive) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-06]
CHR Extension: (Shoptimate : comparateur de prix instantané) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\bibdombdcdbbnfdjkaajfgnfhlapibde [2014-11-27]
CHR Extension: (YouTube) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-11]
CHR Extension: (Google Cast) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-06-19]
CHR Extension: (Facebook) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-07-03]
CHR Extension: (Download FB Album mod) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2014-06-11]
CHR Extension: (Pushbullet) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2014-11-20]
CHR Extension: (Recherche Google) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-11]
CHR Extension: (Tampermonkey) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-06-11]
CHR Extension: (Google+) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2014-07-03]
CHR Extension: (Google Agenda) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-06-11]
CHR Extension: (AdBlock) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-11]
CHR Extension: (Bookmark Manager) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-01-25]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-06-11]
CHR Extension: (everygain Translator) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhijkfigabfjoaejaejbpmcncfbaomap [2015-01-16]
CHR Extension: (Social Fixer for Facebook) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-06-11]
CHR Extension: (Dropbox) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2014-06-11]
CHR Extension: (Streamus) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2015-01-20]
CHR Extension: (Clipular! Research, save & share screenshot) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp [2014-06-11]
CHR Extension: (Hype Machine) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgamnplmeomlmobikbfjlbfiebabcfpp [2014-07-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-02-16]
CHR Extension: (Google Maps) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-06-11]
CHR Extension: (Google Wallet) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-11]
CHR Extension: (Hover Zoom) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-06-11]
CHR Extension: (Click&Clean App) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2014-06-11]
CHR Extension: (Outlook.com) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-07-03]
CHR Extension: (Evernote Web Clipper) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-06-11]
CHR Extension: (Gmail) - C:\Users\Quent187\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-11]
CHR HKU\S-1-5-21-4237854855-1735647191-1485768694-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-18] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-18] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ASUS FaceID Service; C:\Program Files\ASUS\ASUS FaceID\HWFaceKeyService.exe [261648 2013-10-24] (Hanwang Technology Co.,Ltd. )
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243464 2013-09-10] (CyberLink)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACSSCR; C:\Windows\system32\DRIVERS\a38usb.sys [62592 2014-05-14] (Advanced Card Systems Ltd.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-11-08] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131608 2014-10-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3609568 2013-12-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows ® Win 7 DDK provider)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 tpfiltdev; C:\Windows\System32\drivers\tpfiltdev.sys [7424 2012-02-08] ()
S3 tpusbnet; C:\Windows\system32\DRIVERS\tpusbnet.sys [154112 2011-12-08] (QUALCOMM Incorporated)
S3 tpusbser; C:\Windows\system32\DRIVERS\tpusbser.sys [123648 2011-12-08] (QUALCOMM Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-17] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-17 23:20 - 2015-02-17 23:21 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Quent187\Desktop\tdsskiller.exe
2015-02-17 17:31 - 2015-02-17 17:31 - 00010474 _____ () C:\Users\Quent187\Desktop\RKreport_SCN_02172015_173108.log
2015-02-17 17:22 - 2015-02-17 17:22 - 15494232 _____ () C:\Users\Quent187\Desktop\RogueKiller.exe
2015-02-16 22:58 - 2015-02-16 22:58 - 05611903 _____ (Swearware) C:\Users\Quent187\Desktop\ComboFix.exe
2015-02-16 21:06 - 2015-02-18 08:36 - 00002320 _____ () C:\Windows\setupact.log
2015-02-16 21:06 - 2015-02-16 21:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-16 20:30 - 2015-02-18 17:20 - 00511152 _____ () C:\Windows\WindowsUpdate.log
2015-02-16 11:24 - 2015-02-16 11:24 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-16 11:23 - 2015-02-18 11:23 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-02-16 11:21 - 2015-02-16 11:21 - 00000000 __SHD () C:\Users\Quent187\AppData\Local\EmieUserList
2015-02-16 11:21 - 2015-02-16 11:21 - 00000000 __SHD () C:\Users\Quent187\AppData\Local\EmieSiteList
2015-02-16 11:21 - 2015-02-16 11:21 - 00000000 __SHD () C:\Users\Quent187\AppData\Local\EmieBrowserModeList
2015-02-16 11:18 - 2015-02-16 11:18 - 00001448 _____ () C:\Users\Quent187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-16 11:10 - 2015-02-16 11:11 - 00036718 _____ () C:\Users\Quent187\Desktop\Addition.txt
2015-02-16 10:12 - 2015-02-18 17:48 - 00031479 _____ () C:\Users\Quent187\Desktop\FRST.txt
2015-02-16 09:57 - 2015-02-16 09:57 - 00000911 _____ () C:\Users\Quent187\Desktop\JRT.txt
2015-02-16 09:54 - 2015-02-16 09:54 - 00001053 _____ () C:\Users\Quent187\Desktop\Malwarebytes.txt
2015-02-16 09:37 - 2015-02-16 09:37 - 00000938 _____ () C:\Users\Quent187\Desktop\AdwCleaner[S1].txt
2015-02-12 18:08 - 2015-02-18 08:46 - 00000000 ____D () C:\Users\Quent187\AppData\Local\CrashDumps
2015-02-12 12:20 - 2015-02-18 17:48 - 00000000 ____D () C:\FRST
2015-02-12 12:20 - 2015-02-16 10:11 - 02085888 _____ (Farbar) C:\Users\Quent187\Desktop\FRST64.exe
2015-02-12 11:01 - 2015-02-05 22:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-12 11:01 - 2015-02-05 22:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00399504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00345744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-12 11:01 - 2015-02-05 22:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-11 17:12 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 17:12 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 17:12 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-02-11 17:12 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-02-11 17:12 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 17:12 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 17:12 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 17:12 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 17:12 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 17:11 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-02-11 17:11 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 17:11 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 17:11 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 17:11 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 17:11 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 17:11 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 17:11 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 17:11 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 17:11 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 17:11 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 17:11 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 17:11 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 17:11 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 17:11 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 17:11 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-11 17:11 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-11 17:11 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-11 17:11 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 17:11 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 17:11 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 17:11 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 17:11 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 17:11 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 17:11 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-11 17:11 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-11 17:11 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 17:11 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-02-11 17:11 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 17:11 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-11 17:11 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 17:11 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 17:11 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 17:11 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 17:11 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 17:11 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 17:11 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 17:11 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 17:11 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 17:11 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 17:11 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-11 17:11 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-11 17:11 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 17:11 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 17:11 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 17:11 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 17:11 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 17:11 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 17:11 - 2014-12-09 00:12 - 00391526 _____ () C:\Windows\system32\ApnDatabase.xml
2015-02-11 17:11 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-11 17:11 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-11 17:11 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-11 17:11 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-11 17:11 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-11 17:11 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-11 17:11 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-11 17:11 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-11 17:10 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 17:10 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 17:10 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 17:10 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 17:10 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 17:10 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 17:10 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 12:03 - 2015-02-11 12:03 - 01388274 _____ (Thisisu) C:\Users\Quent187\Desktop\JRT.exe
2015-02-11 10:58 - 2015-02-16 09:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-11 10:58 - 2015-02-11 10:58 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-11 10:58 - 2015-02-11 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-11 10:58 - 2015-02-11 10:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-11 10:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-11 10:58 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-11 10:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-11 10:57 - 2015-02-16 09:28 - 00000000 ____D () C:\AdwCleaner
2015-02-11 10:57 - 2015-02-11 10:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Quent187\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-11 10:57 - 2015-02-11 10:57 - 02112512 _____ () C:\Users\Quent187\Desktop\AdwCleaner.exe
2015-02-10 18:20 - 2015-02-17 17:24 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-10 18:20 - 2015-02-10 18:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-06 18:12 - 2015-02-06 18:12 - 00003688 _____ () C:\Windows\System32\Tasks\klcp_update
2015-02-06 18:11 - 2015-02-06 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-02-06 18:11 - 2015-02-06 18:11 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2015-02-06 18:11 - 2015-01-13 19:00 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2015-02-06 18:11 - 2014-12-21 14:58 - 03570688 _____ (x264vfw project) C:\Windows\system32\x264vfw64.dll
2015-02-06 18:11 - 2014-12-21 14:57 - 03588608 _____ (x264vfw project) C:\Windows\SysWOW64\x264vfw.dll
2015-02-06 18:11 - 2014-12-04 23:56 - 00729088 _____ () C:\Windows\system32\xvidcore.dll
2015-02-06 18:11 - 2014-12-04 23:55 - 00655872 _____ () C:\Windows\SysWOW64\xvidcore.dll
2015-02-06 18:11 - 2014-12-02 15:10 - 00260184 _____ () C:\Windows\system32\unrar64.dll
2015-02-06 18:11 - 2014-12-02 15:10 - 00218712 _____ () C:\Windows\SysWOW64\unrar.dll
2015-02-06 18:11 - 2014-11-14 15:12 - 00254976 _____ () C:\Windows\system32\xvidvfw.dll
2015-02-06 18:11 - 2014-11-14 15:11 - 00240128 _____ () C:\Windows\SysWOW64\xvidvfw.dll
2015-02-06 18:11 - 2012-07-21 12:55 - 00180736 _____ (fccHandler) C:\Windows\system32\ac3acm.acm
2015-02-06 18:11 - 2012-07-21 12:54 - 00122880 _____ (fccHandler) C:\Windows\SysWOW64\ac3acm.acm
2015-02-06 18:11 - 2011-12-07 19:37 - 00148992 _____ ( ) C:\Windows\system32\lagarith.dll
2015-02-06 18:11 - 2011-12-07 19:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\lagarith.dll
2015-02-02 18:16 - 2015-02-02 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-02 18:15 - 2015-02-02 18:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-02 18:15 - 2015-02-02 18:15 - 00000000 ____D () C:\Program Files\iTunes
2015-02-02 18:15 - 2015-02-02 18:15 - 00000000 ____D () C:\Program Files\iPod
2015-02-02 18:15 - 2015-02-02 18:15 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-26 18:33 - 2015-01-26 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Joiner
2015-01-26 18:33 - 2015-01-26 18:33 - 00000000 ____D () C:\Program Files (x86)\Free Video Joiner
2015-01-23 17:30 - 2015-01-10 09:07 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434725.dll
2015-01-23 17:30 - 2015-01-10 09:07 - 01556808 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434725.dll
2015-01-20 18:03 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-20 18:03 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-20 18:03 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-20 18:03 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-20 18:03 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-20 18:03 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-20 18:03 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-20 18:03 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-20 18:03 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-20 18:03 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-20 18:03 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-20 18:03 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-20 18:03 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-20 18:03 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-20 18:03 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-20 18:03 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-01-20 18:03 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-01-20 18:03 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-20 18:03 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-20 18:03 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-20 18:03 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-20 18:03 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-20 18:03 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-20 18:03 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-20 18:03 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-20 17:58 - 2014-12-13 11:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2015-01-20 17:58 - 2014-12-13 11:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2015-01-20 17:55 - 2014-11-22 11:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-01-20 17:55 - 2014-11-22 11:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-01-20 08:42 - 2015-01-20 08:42 - 00000558 _____ () C:\Windows\Tasks\Adobe Acrobat Update Task.job
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-18 17:48 - 2014-06-11 16:53 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\uTorrent
2015-02-18 17:14 - 2014-06-19 17:53 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002UA.job
2015-02-18 17:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-02-18 16:51 - 2014-06-11 12:22 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-18 16:07 - 2014-10-07 21:02 - 00000956 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002UA.job
2015-02-18 14:56 - 2014-06-11 11:24 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7DC015E0-9944-4570-8C59-81106872CFC3}
2015-02-18 08:46 - 2014-06-12 17:12 - 00000000 ___DO () C:\Users\Quent187\SkyDrive
2015-02-18 00:06 - 2014-06-12 13:28 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\XBMC
2015-02-18 00:03 - 2014-06-12 09:37 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\vlc
2015-02-17 23:29 - 2014-07-07 21:39 - 00000000 ____D () C:\Users\Quent187\Documents\µTorrent
2015-02-17 22:07 - 2014-10-07 21:02 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002Core.job
2015-02-17 18:28 - 2014-06-11 11:18 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4237854855-1735647191-1485768694-1002
2015-02-17 18:14 - 2014-06-19 17:53 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002Core.job
2015-02-17 17:50 - 2014-06-11 12:22 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-17 14:47 - 2014-06-11 20:13 - 00000000 ___RD () C:\Users\Quent187\Google Drive
2015-02-17 14:43 - 2014-06-11 15:22 - 00000000 ___RD () C:\Users\Quent187\Dropbox
2015-02-17 08:44 - 2014-07-03 17:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-17 08:44 - 2014-07-03 17:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-17 08:44 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-02-16 23:00 - 2014-06-11 16:30 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\Winamp
2015-02-16 18:43 - 2013-12-13 05:09 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-16 18:35 - 2014-09-26 10:02 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\Mp3tag
2015-02-16 17:37 - 2014-06-12 15:23 - 00000000 ____D () C:\Users\Quent187\Documents\Outlook Files
2015-02-16 13:31 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-02-16 11:22 - 2014-06-11 11:13 - 00000062 _____ () C:\Users\Quent187\AppData\Roaming\sp_data.sys
2015-02-16 11:20 - 2014-06-11 14:56 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\Dropbox
2015-02-16 11:17 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-16 11:17 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-02-16 09:31 - 2013-08-22 15:44 - 05107592 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-14 12:04 - 2014-06-11 11:12 - 00000000 ____D () C:\Users\Quent187\AppData\Local\Packages
2015-02-12 23:20 - 2014-03-08 22:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-12 23:11 - 2014-06-12 21:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 22:53 - 2014-06-12 21:04 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 22:52 - 2013-08-22 14:25 - 00000199 _____ () C:\Windows\win.ini
2015-02-12 22:48 - 2014-12-15 10:32 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-12 22:48 - 2014-07-10 17:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 11:52 - 2014-07-03 21:37 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-12 11:03 - 2014-03-08 22:46 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-12 09:53 - 2014-06-11 15:15 - 00000000 ____D () C:\Users\Quent187\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-12 09:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-02-08 21:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-05 22:01 - 2014-03-08 22:45 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-05 22:01 - 2014-03-08 22:45 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-05 20:07 - 2014-03-08 22:46 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-05 20:07 - 2014-03-08 22:46 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-05 20:07 - 2014-03-08 22:46 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-05 20:07 - 2014-03-08 22:46 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-05 20:07 - 2014-03-08 22:46 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-05 20:06 - 2014-03-08 22:46 - 01098384 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-02-05 20:06 - 2014-03-08 22:46 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-05 20:06 - 2014-03-08 22:46 - 00074896 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-02-05 18:09 - 2014-06-19 17:53 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002UA
2015-02-05 18:09 - 2014-06-19 17:53 - 00003508 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4237854855-1735647191-1485768694-1002Core
2015-02-05 17:46 - 2014-06-11 12:22 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-05 17:45 - 2014-06-11 12:22 - 00003658 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 13:50 - 2014-03-08 22:46 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-03 20:31 - 2014-06-13 10:16 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-06-13 10:16 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 18:15 - 2014-06-12 08:53 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-02 00:43 - 2014-06-11 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-02 00:43 - 2014-06-11 15:34 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-02-01 20:32 - 2014-06-11 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-01-29 23:47 - 2014-06-11 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-28 17:56 - 2014-06-11 11:12 - 00000000 ____D () C:\Users\Quent187
 
==================== Files in the root of some directories =======
 
2014-06-13 10:54 - 2014-06-13 10:54 - 0000021 _____ () C:\Users\Quent187\AppData\Roaming\my_intel.sys
2014-06-11 11:13 - 2015-02-16 11:22 - 0000062 _____ () C:\Users\Quent187\AppData\Roaming\sp_data.sys
2014-03-08 22:36 - 2014-03-08 22:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-12-13 05:09 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-06-11 11:35 - 2014-06-11 11:36 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2014-06-11 11:35 - 2014-06-11 11:35 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some content of TEMP:
====================
C:\Users\Quent187\AppData\Local\Temp\avgnt.exe
C:\Users\Quent187\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Quent187\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj8iyhn.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-16 13:11
 
==================== End Of Log ============================
 
Thank you!
 
Quentin.


#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 AM

Posted 19 February 2015 - 04:33 AM

Can you give me the file path of miner.exe, Quentin? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 Quent187

Quent187
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 19 February 2015 - 04:34 AM

No, actually I have no idea where it is, I looked for it but could not find it...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users