Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan detected, wonder what else is on my computer


  • This topic is locked This topic is locked
11 replies to this topic

#1 rcjiang

rcjiang

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 27 February 2015 - 11:19 AM

http://www.bleepingcomputer.com/forums/t/567839/3x-credit-card-stolen-victim-seeking-advice/#entry3640607

 

Was told to link my old forum here so you can see what i've run so far. thank you.



BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:06 AM

Posted 27 February 2015 - 11:29 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Step 2


Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

zoek.jpg

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    systemspecs;
    startupall;
    filesrcm;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 rcjiang

rcjiang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 28 February 2015 - 10:49 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Raymond Chin (administrator) on CHIN-PC on 28-02-2015 10:47:54
Running from C:\Users\Raymond Chin\Desktop
Loaded Profiles: Raymond Chin (Available profiles: Raymond Chin & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-27] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [362432 2011-12-22] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-02-05] (Raptr, Inc)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\...\Run: [Google Update] => C:\Users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\...\Run: [GoogleChromeAutoLaunch_B76D3C19537742362D546E9EA677B648] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-17] (Google Inc.)
HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [761064 2014-12-03] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\Users\Raymond Chin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Citrix.com/npagee64,version=9.2.49.8 -> C:\Program Files\Citrix\Secure Access Client\npagee64.dll (Citrix Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npagee,version=9.2.49.8 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-2545825420-1453635624-3343084205-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Raymond Chin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2545825420-1453635624-3343084205-1000: @talk.google.com/O1DPlugin -> C:\Users\Raymond Chin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2545825420-1453635624-3343084205-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Raymond Chin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2545825420-1453635624-3343084205-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Raymond Chin\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Raymond Chin\AppData\Roaming\mozilla\plugins\npagee.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Raymond Chin\AppData\Roaming\mozilla\plugins\npagee64.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Raymond Chin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Raymond Chin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-19]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-02-07]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-09-03]
CHR Extension: (Google Docs) - C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-03]
CHR Extension: (Google Drive) - C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-03]
CHR Extension: (Slinky Elegant) - C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln [2014-02-18]
CHR Extension: (Google Search) - C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-03]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-02-08]
CHR Extension: (Google Calendar) - C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-11-03]
CHR Extension: (AdBlock) - C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Poppit!) - C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2013-09-03]
CHR Extension: (FlashControl) - C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2013-09-03]
CHR Extension: (Google Wallet) - C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-03]
CHR HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\RAYMON~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-10-24]
CHR HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Raymond Chin\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Raymond Chin\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [33280 2011-01-17] () [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [47104 2009-08-10] (Cypress Semiconductor)
S3 danewFltr; C:\Windows\System32\drivers\danew.sys [12032 2010-03-23] (Razer (Asia-Pacific) Pte Ltd) [File not signed]
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-28 10:47 - 2015-02-28 10:48 - 00028151 _____ () C:\Users\Raymond Chin\Desktop\FRST.txt
2015-02-28 10:47 - 2015-02-28 10:47 - 02087936 _____ (Farbar) C:\Users\Raymond Chin\Desktop\FRST64.exe
2015-02-28 10:47 - 2015-02-28 10:47 - 00000000 ____D () C:\FRST
2015-02-26 19:15 - 2015-02-26 19:15 - 00000000 ____D () C:\Users\Raymond Chin\AppData\Roaming\AMD
2015-02-26 00:30 - 2015-02-26 00:30 - 00000000 ____D () C:\ProgramData\ATI
2015-02-26 00:29 - 2015-02-28 07:16 - 00000000 ____D () C:\Users\Raymond Chin\AppData\Roaming\Raptr
2015-02-26 00:29 - 2015-02-26 00:29 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201502260029088018.log
2015-02-26 00:29 - 2015-02-26 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-02-26 00:29 - 2015-02-26 00:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-02-26 00:29 - 2015-02-26 00:29 - 00000000 ____D () C:\ProgramData\AMD
2015-02-26 00:29 - 2015-02-26 00:29 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-02-26 00:29 - 2015-02-26 00:29 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-02-26 00:28 - 2015-02-26 00:28 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-02-26 00:27 - 2015-02-26 00:28 - 00000000 ____D () C:\Program Files\AMD
2015-02-25 19:48 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-25 19:48 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-25 19:48 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-25 19:48 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-24 22:34 - 2015-02-24 22:34 - 00002093 _____ () C:\Windows\DirectX.log
2015-02-24 22:34 - 2015-02-24 22:34 - 00001377 _____ () C:\Users\Public\Desktop\Marvel Heroes Launcher.lnk
2015-02-24 22:34 - 2015-02-24 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvel Heroes Game
2015-02-24 22:34 - 2015-02-24 22:34 - 00000000 ____D () C:\Program Files (x86)\Gazillion Entertainment
2015-02-24 20:47 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-24 20:47 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 20:44 - 2015-02-24 20:44 - 00000640 _____ () C:\Users\Raymond Chin\Desktop\JRT.txt
2015-02-24 20:37 - 2015-02-24 20:37 - 00003348 _____ () C:\Users\Raymond Chin\Desktop\AdwCleaner[S0].txt
2015-02-24 20:30 - 2015-02-24 20:35 - 00000000 ____D () C:\AdwCleaner
2015-02-24 20:30 - 2015-02-24 20:30 - 00001149 _____ () C:\Users\Raymond Chin\Desktop\est.txt
2015-02-24 19:14 - 2015-02-24 19:14 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-24 19:10 - 2015-02-24 19:10 - 00024030 _____ () C:\Users\Raymond Chin\Desktop\Result.txt
2015-02-16 16:42 - 2015-02-16 16:48 - 00000671 _____ () C:\Users\Raymond Chin\Documents\Uninstall STAR WARS The Old Republic.log
2015-02-11 19:24 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 19:24 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 19:24 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 19:24 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-10 20:37 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 20:37 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 20:37 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 20:37 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 20:37 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 20:37 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 20:37 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 20:37 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 20:37 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 20:37 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 20:37 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 20:37 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 20:37 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 20:37 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 20:37 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 20:37 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 20:37 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 20:37 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 20:37 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 20:37 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 20:37 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 20:37 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 20:37 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 20:37 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 20:36 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 20:36 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 20:36 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 20:36 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 20:36 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 20:36 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 20:36 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 20:36 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 20:36 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 20:36 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 20:36 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 20:36 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 20:36 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 20:36 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 20:36 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 20:36 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 20:36 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 20:36 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 20:36 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 20:36 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 20:36 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 20:36 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 20:36 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 20:36 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 20:36 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 20:36 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 20:36 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 20:36 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 20:36 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 20:36 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 20:36 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 20:36 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 20:36 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 20:36 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 20:36 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 20:36 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 20:36 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 20:36 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 20:36 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 20:36 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 20:36 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 20:36 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 20:36 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 20:36 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 20:36 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 20:36 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 20:36 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 20:36 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 20:36 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 20:36 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 20:36 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 20:36 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 20:36 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 20:36 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 20:36 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 20:36 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 20:36 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 20:36 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 20:36 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 20:36 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 20:36 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 20:36 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 20:36 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 20:36 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 20:36 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 20:36 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 20:20 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 20:20 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 20:15 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 20:15 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 20:15 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 20:15 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 20:15 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 20:15 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 20:15 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 20:15 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 20:05 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 20:05 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 19:55 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 19:55 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 19:45 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 19:45 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 19:45 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 19:45 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 19:45 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 19:45 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 19:45 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 19:40 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-07 23:08 - 2015-02-07 23:08 - 00000000 ____D () C:\Users\Raymond Chin\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2015-02-07 23:02 - 2015-02-07 23:09 - 00010437 _____ () C:\Users\Raymond Chin\Documents\chau grade calculator.xlsx
2015-02-07 18:36 - 2015-02-07 18:37 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-02-07 18:35 - 2015-02-07 18:35 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-02-07 18:35 - 2015-02-07 18:35 - 00002210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-02-07 18:35 - 2015-02-07 18:35 - 00002140 _____ () C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2015-02-07 18:35 - 2015-02-07 18:35 - 00002049 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-02-07 18:35 - 2015-02-07 18:35 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2015-02-07 18:26 - 2015-02-07 18:26 - 01711896 _____ (Adobe) C:\Users\Raymond Chin\Downloads\acrobatpro11_0XdXXwweRWWWjCCP1iQw7Q0409.exe
2015-01-31 16:35 - 2015-01-31 16:35 - 00000000 ____D () C:\Users\Raymond Chin\Documents\My Books
2015-01-31 16:30 - 2015-01-31 16:30 - 00002755 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VitalSource Bookshelf.lnk
2015-01-31 16:30 - 2015-01-31 16:30 - 00002749 _____ () C:\Users\Public\Desktop\VitalSource Bookshelf.lnk
2015-01-31 16:30 - 2015-01-31 16:30 - 00000000 ____D () C:\Users\Public\Documents\Shared Books
2015-01-31 16:30 - 2015-01-31 16:30 - 00000000 ____D () C:\Program Files (x86)\VitalSource Bookshelf
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-28 10:46 - 2012-09-19 20:50 - 01875619 _____ () C:\Windows\WindowsUpdate.log
2015-02-28 10:07 - 2012-08-28 02:29 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-28 09:55 - 2012-04-07 19:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-28 07:23 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-28 07:23 - 2009-07-13 23:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-28 07:20 - 2009-07-14 00:13 - 00867990 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-28 07:16 - 2013-10-23 17:16 - 00000000 ___RD () C:\Users\Raymond Chin\Google Drive
2015-02-28 07:16 - 2013-09-04 07:59 - 00384954 _____ () C:\Windows\PFRO.log
2015-02-28 07:16 - 2013-09-04 07:59 - 00036135 _____ () C:\Windows\setupact.log
2015-02-28 07:16 - 2012-08-28 02:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-28 07:16 - 2012-03-22 00:36 - 00000000 ___RD () C:\Users\Raymond Chin\Dropbox
2015-02-28 07:16 - 2012-03-22 00:35 - 00000000 ____D () C:\Users\Raymond Chin\AppData\Roaming\Dropbox
2015-02-28 07:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-27 21:49 - 2014-07-02 16:34 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-27 01:04 - 2012-03-22 00:01 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2545825420-1453635624-3343084205-1000Core.job
2015-02-26 19:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-02-26 00:30 - 2013-09-03 20:55 - 00110856 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-02-26 00:28 - 2012-03-22 00:07 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-02-26 00:25 - 2012-03-22 00:05 - 00000000 ____D () C:\AMD
2015-02-24 22:35 - 2012-09-23 22:14 - 00000000 ____D () C:\Users\Raymond Chin\Documents\My Games
2015-02-17 01:05 - 2013-06-14 23:13 - 00009044 _____ () C:\Users\Raymond Chin\Desktop\PW.xlsx
2015-02-16 16:46 - 2012-03-22 01:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-16 16:42 - 2014-01-15 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xenimus
2015-02-12 19:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 17:35 - 2013-04-11 20:21 - 00001037 _____ () C:\Users\Raymond Chin\Desktop\Dropbox.lnk
2015-02-12 17:35 - 2012-03-22 00:36 - 00000000 ____D () C:\Users\Raymond Chin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 19:19 - 2009-07-13 23:45 - 00474496 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 19:18 - 2014-12-10 03:45 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 19:18 - 2014-05-05 23:28 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 02:02 - 2012-03-22 00:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 02:02 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2015-02-11 02:00 - 2012-04-30 21:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 02:00 - 2012-03-22 00:15 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 02:00 - 2012-03-22 00:15 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-11 02:00 - 2012-03-22 00:15 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 01:59 - 2013-07-22 07:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 01:54 - 2012-03-22 01:42 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-08 11:49 - 2014-04-08 17:04 - 00001020 _____ () C:\Windows\LkmdfCoInst.log
2015-02-08 11:48 - 2012-04-16 19:47 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-02-08 07:57 - 2012-04-02 22:11 - 00000000 ___HD () C:\Users\Raymond Chin\AppData\Local\Adobe
2015-02-07 23:08 - 2012-03-22 00:24 - 00000000 ____D () C:\Users\Raymond Chin\AppData\Roaming\Adobe
2015-02-07 18:37 - 2012-04-02 22:10 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-07 18:34 - 2014-10-16 02:22 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-06 01:02 - 2012-08-28 02:29 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 01:02 - 2012-08-28 02:29 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 00:59 - 2012-03-22 00:01 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2545825420-1453635624-3343084205-1000UA
2015-02-05 00:59 - 2012-03-22 00:01 - 00003524 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2545825420-1453635624-3343084205-1000Core
2015-02-05 00:59 - 2012-03-22 00:01 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2545825420-1453635624-3343084205-1000UA.job
2015-02-04 20:55 - 2012-04-07 19:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 20:55 - 2012-04-07 19:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 20:55 - 2012-04-07 19:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
==================== Files in the root of some directories =======
 
2013-08-03 16:20 - 2013-08-03 16:20 - 0000218 ___RH () C:\Users\Raymond Chin\AppData\Local\recently-used.xbel
2014-02-19 19:33 - 2014-03-02 20:36 - 0007602 ____H () C:\Users\Raymond Chin\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\Raymond Chin\AppData\Local\Temp\BRSVC_33723828_hlp.exe
C:\Users\Raymond Chin\AppData\Local\Temp\catalyst_mobility_64-bit_util.exe
C:\Users\Raymond Chin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjfu8lr.dll
C:\Users\Raymond Chin\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Raymond Chin\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Raymond Chin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Raymond Chin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Raymond Chin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Raymond Chin\AppData\Local\Temp\Quarantine.exe
C:\Users\Raymond Chin\AppData\Local\Temp\raptrpatch.exe
C:\Users\Raymond Chin\AppData\Local\Temp\raptr_stub.exe
C:\Users\Raymond Chin\AppData\Local\Temp\riftuninstall.exe
C:\Users\Raymond Chin\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Raymond Chin\AppData\Local\Temp\sqlite3.dll
C:\Users\Raymond Chin\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-24 21:31
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Raymond Chin at 2015-02-28 10:48:16
Running from C:\Users\Raymond Chin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
BisonCam (HKLM-x32\...\{5BBC4803-C96E-4D3E-9D1D-2E43774C4062}) (Version: 9.2.1.71.42 - BisonCam)
Citrix Access Gateway Endpoint Analysis (HKLM\...\{B1C873A0-ECFC-4481-A23F-0B418758FE37}) (Version: 9.2.49.8 - Citrix Systems, Inc.)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.0.89 - Citrix Systems, Inc.)
CPUID HWMonitor 1.19 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Hotkey 3.3020 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 3.3020 - NoteBook)
Hotkey 3.3020 (x32 Version: 3.3020 - NoteBook) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.26.6 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.62.0 - JMicron Technology Corp.)
Logitech Gaming Software 8.52 (HKLM\...\Logitech Gaming Software) (Version: 8.52.15 - Logitech Inc.)
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Logitech Unifying Software 2.00 (HKLM\...\Logitech Unifying) (Version: 2.00.43 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Marvel Heroes Game (HKLM-x32\...\{ca6069b5-fc6b-4ce8-a03e-2304143706b7}_is1) (Version: 1.0 - Gazillion Entertainment)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Miro (HKLM-x32\...\Miro) (Version: 6.0 - Participatory Culture Foundation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Online Plug-in (x32 Version: 13.1.0.89 - Citrix Systems, Inc.) Hidden
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6307 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Self-service Plug-in (x32 Version: 3.1.0.21744 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.14.0 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
THX TruStudio Pro (HKLM-x32\...\{82F99DC9-389A-4528-940C-88248731A620}) (Version: TAMB-CVS1D-1-LB R07 - Creative Technology Limited)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VitalSource Bookshelf (HKLM-x32\...\{5a7d1457-77fa-4cd8-9796-fa3396f44c69}) (Version: 6.05.0037 - Ingram Content Group)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WebCam Installer (HKLM-x32\...\{AAE521B6-2F19-447F-8CB6-6D1E3A19F3ED}) (Version: 3.32 - WebCam)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2545825420-1453635624-3343084205-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Raymond Chin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
24-02-2015 22:34:40 Installed DirectX
26-02-2015 00:27:22 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
26-02-2015 00:27:31 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
26-02-2015 01:44:21 Windows Update
27-02-2015 01:07:52 Windows Update
27-02-2015 21:48:58 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2012-09-20 05:39 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {28CD5396-0DAE-42EB-BFCF-C175F1D3DC90} - System32\Tasks\{45D34788-AC56-4977-A817-366794A37087} => pcalua.exe -a "C:\Users\Raymond Chin\Downloads\setup (3).exe" -d "C:\Users\Raymond Chin\Downloads"
Task: {6A65FBF6-5405-45B5-B7E9-222DDB4ECAB8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2545825420-1453635624-3343084205-1000UA => C:\Users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {762B7619-3B9E-4CF6-8243-63E949D7AEA0} - System32\Tasks\{1C926FE5-72D2-4312-90E8-04B7AEC22747} => pcalua.exe -a "C:\Users\Raymond Chin\Downloads\setup.exe" -d "C:\Users\Raymond Chin\Downloads"
Task: {8F2AA65F-BC23-4C64-81DD-1284EDADA36B} - System32\Tasks\{B996A7C5-4B75-4917-A120-FE415FAAF39E} => pcalua.exe -a "C:\Users\Raymond Chin\Downloads\setup (1).exe" -d "C:\Users\Raymond Chin\Downloads"
Task: {910AFE2B-A8B5-4344-860B-DD88A98ACA2C} - System32\Tasks\{4984A6A4-19EC-4225-AB3F-5E61B17F1EFE} => pcalua.exe -a "C:\Users\Raymond Chin\Downloads\DotNetFx35ClientSetup.exe" -d "C:\Users\Raymond Chin\Downloads"
Task: {96CF944B-5E1F-4A32-A1F9-EE9AE95A9F09} - System32\Tasks\{E3022F3E-E5CF-4BFC-8081-A668449C3C36} => pcalua.exe -a "C:\Users\Raymond Chin\Downloads\DotNetFx35ClientSetup (1).exe" -d "C:\Users\Raymond Chin\Downloads"
Task: {B6F5C517-820C-416D-8985-47F76A879540} - System32\Tasks\{A1B819BD-4B24-46D8-9092-2D056ACD5ECF} => pcalua.exe -a "C:\Users\Raymond Chin\Downloads\setup (2).exe" -d "C:\Users\Raymond Chin\Downloads"
Task: {C2E369FE-3F21-45A9-8551-F6E570211E12} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {CBB39EEE-A551-4A83-9E98-6DA88BF3B022} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {DB2062E8-041E-4B68-8B27-25880BCF0CE7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {E1F18156-2EF3-44FB-B613-D74C30BAF54B} - System32\Tasks\{93FF25D9-9F1D-4BDA-9FD8-D12D426BC48A} => pcalua.exe -a "C:\Users\Raymond Chin\Downloads\setup (4).exe" -d "C:\Users\Raymond Chin\Downloads"
Task: {E4FDF168-AB42-4483-92A2-FE7787492BC1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2545825420-1453635624-3343084205-1000Core => C:\Users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {F9D78D42-F4A1-425E-B67F-7BBBAEB9DEA2} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2545825420-1453635624-3343084205-1000Core.job => C:\Users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2545825420-1453635624-3343084205-1000UA.job => C:\Users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:23 - 2010-10-20 17:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-03-29 22:59 - 2010-11-12 14:38 - 00241152 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2011-10-07 04:39 - 2011-10-07 04:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2011-01-17 18:04 - 2011-01-17 18:04 - 00033280 _____ () C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
2011-01-17 19:01 - 2011-01-17 19:01 - 02946560 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2014-01-10 00:26 - 2014-01-10 00:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:45 - 2010-10-20 17:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-06-06 16:50 - 2009-06-06 16:50 - 00019968 _____ () C:\Program Files (x86)\Hotkey\Audiodll.dll
2015-02-24 19:08 - 2015-02-17 17:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-24 19:08 - 2015-02-17 17:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00750080 _____ () C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-28 07:16 - 2015-02-28 07:16 - 00043008 _____ () c:\Users\Raymond Chin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjfu8lr.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00047616 _____ () C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00865280 _____ () C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-02-10 16:00 - 2015-02-10 16:00 - 00200704 _____ () C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-02-24 19:08 - 2015-02-17 17:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2014-01-10 00:28 - 2014-01-10 00:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-02-28 07:16 - 2015-02-28 07:16 - 00098816 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\win32api.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00110080 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\pywintypes27.dll
2015-02-28 07:16 - 2015-02-28 07:16 - 00364544 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\pythoncom27.dll
2015-02-28 07:16 - 2015-02-28 07:16 - 00045568 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\_socket.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 01160704 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\_ssl.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00320512 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\win32com.shell.shell.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00713216 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\_hashlib.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 01175040 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\wx._core_.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00805888 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\wx._gdi_.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00811008 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\wx._windows_.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 01062400 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\wx._controls_.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00735232 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\wx._misc_.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00557056 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\pysqlite2._sqlite.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00128512 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\_elementtree.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00127488 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\pyexpat.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00087552 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\_ctypes.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00119808 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\win32file.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00108544 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\win32security.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00007168 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\hashobjs_ext.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00167936 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\win32gui.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00018432 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\win32event.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00038912 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\win32inet.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00011264 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\win32crypt.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00070656 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\wx._html2.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00027136 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\_multiprocessing.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00035840 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\win32process.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00686080 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\unicodedata.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00122368 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\wx._wizard.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00024064 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\win32pipe.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00025600 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\win32pdh.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00525640 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\windows._lib_cacheinvalidation.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00010240 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\select.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00017408 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\win32profile.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00022528 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\win32ts.pyd
2015-02-28 07:16 - 2015-02-28 07:16 - 00078336 _____ () C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\wx._animate.pyd
2014-10-16 17:59 - 2014-10-16 17:59 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2012-03-29 23:09 - 2010-11-06 01:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-02-04 20:55 - 2015-02-04 20:55 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Raymond Chin\Downloads\noname.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Raymond Chin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2545825420-1453635624-3343084205-500 - Administrator - Disabled)
Guest (S-1-5-21-2545825420-1453635624-3343084205-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2545825420-1453635624-3343084205-1002 - Limited - Enabled)
Raymond Chin (S-1-5-21-2545825420-1453635624-3343084205-1000 - Administrator - Enabled) => C:\Users\Raymond Chin
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/28/2015 08:35:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/28/2015 07:16:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/28/2015 07:16:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/27/2015 09:45:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/27/2015 09:45:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/27/2015 01:08:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vcredist_x64.exe, version: 11.0.61030.0, time stamp: 0x5213face
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00038e19
Faulting process id: 0xd74
Faulting application start time: 0xvcredist_x64.exe0
Faulting application path: vcredist_x64.exe1
Faulting module path: vcredist_x64.exe2
Report Id: vcredist_x64.exe3
 
Error: (02/27/2015 01:08:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vcredist_x64.exe, version: 11.0.61030.0, time stamp: 0x5213face
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00038e19
Faulting process id: 0x15f4
Faulting application start time: 0xvcredist_x64.exe0
Faulting application path: vcredist_x64.exe1
Faulting module path: vcredist_x64.exe2
Report Id: vcredist_x64.exe3
 
Error: (02/26/2015 07:16:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/26/2015 07:15:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/26/2015 00:29:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MarvelHeroes2015.exe version 1.31.0.347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2188
 
Start Time: 01d05183faa07d0d
 
Termination Time: 11
 
Application Path: C:\Program Files (x86)\Gazillion Entertainment\Marvel Heroes Game\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
 
Report Id:
 
 
System errors:
=============
Error: (02/28/2015 07:16:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (02/27/2015 09:45:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (02/27/2015 01:08:07 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Visual C++ 2012 Update 4 Redistributable Package (KB3032622).
 
Error: (02/26/2015 07:25:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (02/26/2015 07:25:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (02/26/2015 07:15:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (02/24/2015 08:58:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (02/24/2015 08:58:47 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (02/24/2015 08:48:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
 
Microsoft Office Sessions:
=========================
Error: (02/28/2015 08:35:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (02/28/2015 07:16:42 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
 
Error: (02/28/2015 07:16:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/27/2015 09:45:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
 
Error: (02/27/2015 09:45:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/27/2015 01:08:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vcredist_x64.exe11.0.61030.05213facentdll.dll6.1.7601.18247521ea8e7c000000500038e19d7401d05253bcfee1f1C:\Windows\SoftwareDistribution\Download\Install\vcredist_x64.exeC:\Windows\SysWOW64\ntdll.dllfef0046f-be46-11e4-908c-0090f5cbae5d
 
Error: (02/27/2015 01:08:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vcredist_x64.exe11.0.61030.05213facentdll.dll6.1.7601.18247521ea8e7c000000500038e1915f401d05253bd03a4b1C:\Windows\SoftwareDistribution\Download\Install\vcredist_x64.exeC:\Windows\SysWOW64\ntdll.dllfef02b7f-be46-11e4-908c-0090f5cbae5d
 
Error: (02/26/2015 07:16:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\MFC80.DLL
 
Error: (02/26/2015 07:15:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/26/2015 00:29:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: MarvelHeroes2015.exe1.31.0.347218801d05183faa07d0d11C:\Program Files (x86)\Gazillion Entertainment\Marvel Heroes Game\UnrealEngine3\Binaries\Win64\MarvelHeroes2015.exe
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 37%
Total physical RAM: 8169.42 MB
Available physical RAM: 5081.49 MB
Total Pagefile: 16337.02 MB
Available Pagefile: 12683.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.79 GB) (Free:25.92 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:465.66 GB) (Free:270.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E4F0A5CE)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E4F0A5D6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 rcjiang

rcjiang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 28 February 2015 - 10:57 AM

 
Zoek.exe v5.0.0.0 Updated 26-February-2015
Tool run by Raymond Chin on Sat 02/28/2015 at 10:52:22.59.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Raymond Chin\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
2/28/2015 10:52:56 AM Zoek.exe System Restore Point Created Succesfully.
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Raymond Chin\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Raymond Chin\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
 
==== Services(whitelist) ======================
Powered by E Dev
 
R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
R2 - [AMPPALR3] - Intel® Centrino® Wireless Bluetooth® + High Speed Service - c:\program files\intel\bluetoothhs\bthsamppalservice.exe
R2 - [BTHSSecurityMgr] - Intel® Centrino® Wireless Bluetooth® + High Speed Security Service - c:\program files\intel\bluetoothhs\bthssecuritymgr.exe
R2 - [EvtEng] - Intel® PROSet/Wireless Event Log - c:\program files\intel\wifi\bin\evteng.exe
R2 - [IAStorDataMgrSvc] - Intel® Rapid Storage Technology - c:\program files (x86)\intel\intel® rapid storage technology\iastordatamgrsvc.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe
R2 - [MsMpSvc] - Microsoft Antimalware Service - c:\program files\microsoft security client\msmpeng.exe
R2 - [PowerBiosServer] - PowerBiosServer - c:\program files (x86)\hotkey\powerbiosserver.exe
R2 - [RegSrvc] - Intel® PROSet/Wireless Registry Service - c:\program files\common files\intel\wirelesscommon\regsrvc.exe
R2 - [UNS] - Intel® Management and Security Application User Notification Service - c:\program files (x86)\intel\intel® management engine components\uns\uns.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R2 - [ZeroConfigService] - Intel® PROSet/Wireless Zero Configuration Service - c:\program files\intel\wifi\bin\zeroconfigservice.exe
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - c:\program files (x86)\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [gusvc] - Google Software Updater - c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [LBTServ] - Logitech Bluetooth Service - c:\program files\common files\logishrd\bluetooth\lbtserv.exe
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files (x86)\microsoft office\office14\groove.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server - c:\program files\intel\wifi\bin\pandhcpdns.exe
S3 - [NisSrv] - Microsoft Network Inspection - c:\program files\microsoft security client\nissrv.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
 
==== System Specs ======================
 
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8170 MB
CPU Info: Intel® Core™ i7-2670QM CPU @ 2.20GHz
CPU Speed: 2220.8 MHz
Sound Card: Speakers (Realtek High Definiti | 
Realtek Digital Output (Realtek | 
Display Adapters: AMD Radeon HD 6900M Series | AMD Radeon HD 6900M Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: JMicron PCI Express Gigabit Ethernet Adapter | Microsoft Virtual WiFi Miniport Adapter #2 | Microsoft Virtual WiFi Miniport Adapter | Intel® Centrino® Advanced-N 6230
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  111.8GB | E:  465.7GB
Hard Disks - Free: C:  29.3GB | E:  270.1GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 08/09/11 | MIDERN - 1072009
Time Zone: Eastern Standard Time
Motherboard *: CLEVO                             P150HMx
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 40.0.2214.115
Internet Explorer Version: 11.0.9600.17633 
Google Chrome version: 40.0.2214.115
Adobe Reader version: 11.0.10.32
Sun Java version: 1.7.0_25 (64-bit) 
Flash Player version: 16.0.0.305
Shockwave Player version: 12.1.6r156
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\RAYMON~1\AppData\Local\Temp ====
2015-02-28 12:16:40 057631047016A448B842B96E872B132B 43008 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjfu8lr.dll
2015-02-26 05:29:16 222F76D913947F1991D2DE68DF526209 221632 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\raptr_stub.exe
2015-02-25 01:41:49 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\libintl3.dll
2015-02-25 01:41:49 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\pcre3.dll
2015-02-25 01:41:49 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\regex2.dll
2015-02-25 01:41:48 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\libiconv2.dll
2015-02-16 21:48:09 6DAA0ACBB6775343BD61D3B225FA40D0 484592 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\BRSVC_33723828_hlp.exe
2015-02-16 21:44:11 B1FAFDA800D4B1BDBDCC32CBB506D783 1696416 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\riftuninstall.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-02-26 00:48:35 DDE994E9159497D0D5AB2CDF66D1EAD6 76800 ----a-w- C:\Windows\SysWOW64\wdi.dll
2015-02-25 01:47:24 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\SysWOW64\locale.nls
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-02-26 00:48:35 D713D6446DDBB474D801F361B4B186EA 950272 ----a-w- C:\Windows\Sysnative\perftrack.dll
2015-02-26 00:48:35 C6F7473B55510F0B93961DA03D8E3B38 91136 ----a-w- C:\Windows\Sysnative\wdi.dll
2015-02-26 00:48:35 AA7079AD52B8BFBAE94167D54C32F84F 29696 ----a-w- C:\Windows\Sysnative\powertracker.dll
2015-02-25 01:47:24 3B9E2AB1F3ABC53D4A423E699EB625C8 419936 ----a-w- C:\Windows\Sysnative\locale.nls
====== C:\Windows\Sysnative\drivers =====
2015-02-11 01:37:39 E45CDE1C8340DFEDF1D6724263F39E5B 458824 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2015-02-11 01:37:39 C60C6B9A2E50B0404F6789C62B428C03 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
2015-02-11 01:37:39 78D152A9FD5747FF6AA89C79F0346F62 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-02-26 05:27:44 -------- d-----w- C:\Program Files\AMD
======= C:\PROGRA~2 =====
2015-02-26 05:29:18 -------- d-----w- C:\PROGRA~2\Raptr
2015-02-26 05:29:15 -------- d-----w- C:\PROGRA~2\AMD AVT
2015-02-26 05:28:46 -------- d-----w- C:\PROGRA~2\AMD
2015-02-25 03:34:26 -------- d-----w- C:\PROGRA~2\Gazillion Entertainment
2015-02-25 00:14:28 -------- d-----w- C:\PROGRA~2\ESET
2015-01-31 21:30:25 -------- d-----w- C:\PROGRA~2\VitalSource Bookshelf
======= C: =====
====== C:\Users\Raymond Chin\AppData\Roaming ======
2015-02-27 00:15:54 -------- d-----w- C:\Users\Raymond Chin\AppData\Roaming\AMD
2015-02-26 05:29:18 -------- d-----w- C:\Users\Raymond Chin\AppData\Roaming\Raptr
2015-02-08 04:08:05 -------- d-----w- C:\Users\Raymond Chin\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
====== C:\Users\Raymond Chin ======
2015-02-28 15:47:03 B81464104336B16A9BC6B2874B16A9C5 2087936 ----a-w- C:\Users\Raymond Chin\Desktop\FRST64.exe
2015-02-26 05:30:28 -------- d-----w- C:\ProgramData\ATI
2015-02-26 05:29:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-02-26 05:29:15 -------- d-----w- C:\ProgramData\AMD
2015-02-26 05:29:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-02-25 03:34:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvel Heroes Game
2015-02-07 23:36:11 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2015-01-31 21:30:25 -------- d-----w- C:\Users\Public\Documents\Shared Books
 
====== C: exe-files ==
2015-02-28 15:47:03 B81464104336B16A9BC6B2874B16A9C5 2087936 ----a-w- C:\Users\Raymond Chin\Desktop\FRST64.exe
2015-02-28 03:09:02 78206B34BD050DB564BF5B4B8C697925 1617224 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\SearchWithGoogleUpdate_6F4EEAE8D7FCDAD8.exe
2015-02-28 03:08:58 327C893AA5966AC436CA275F8D64C8C0 1072072 ----a-w- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_BA9226F4C70BECC2.exe
2015-02-28 03:08:20 D15EE16B871FE911D8D7C91FD5F57EBA 532312 ----a-w- C:\Program Files (x86)\Google\Update\Install\{A68858D7-DCFF-4D9A-9815-0A47543B0643}\GoogleToolbarInstaller_updater_signed.exe
2015-02-28 03:08:20 D15EE16B871FE911D8D7C91FD5F57EBA 532312 ----a-w- C:\Program Files (x86)\Google\Update\Download\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}\7.5.6227.252\GoogleToolbarInstaller_updater_signed.exe
2015-02-28 02:49:04 1191BA2A9908EE79C0220221233E850A 455720 ------w- C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
2015-02-27 06:08:00 2B48F69517044D82E1EE675B1690C08B 455576 ----a-w- C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
2015-02-27 00:20:26 CF1915DA17CF2D0C4C0E992777CDED2A 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2545825420-1453635624-3343084205-1000\$IGBR9PP.exe
2015-02-27 00:20:26 A4808EA667551F393DCB11C9477695A1 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2545825420-1453635624-3343084205-1000\$IZ6PAXB.exe
2015-02-27 00:20:26 22ADD19A37054ED69743E2F6B29ED576 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2545825420-1453635624-3343084205-1000\$IYK6NPH.exe
2015-02-27 00:20:26 01331AF2E51BA90209181430A21ED027 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2545825420-1453635624-3343084205-1000\$I4I9S4B.exe
2015-02-26 05:29:18 20546A263F03C062862B670BC8C4431E 52921 ----a-w- C:\Program Files (x86)\Raptr\uninstall.exe
2015-02-26 05:29:16 222F76D913947F1991D2DE68DF526209 221632 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\raptr_stub.exe
2015-02-25 05:14:43 2C13374186857C71152D0F3BCAE269C2 40131456 ----a-w- C:\Program Files (x86)\Gazillion Entertainment\Marvel Heroes Game\Unrealengine3\Binaries\Win64\MarvelHeroes2015.exe
2015-02-25 05:14:42 6C17AAB139654F5CDEB76B2B67614AF0 311808 ----a-w- C:\Program Files (x86)\Gazillion Entertainment\Marvel Heroes Game\Unrealengine3\Binaries\Win64\GazillionWebHelper\MarvelHeroes_WebHelper.exe
2015-02-25 05:13:07 7610CF937290E7621EF1C8B6A707E534 31100288 ----a-w- C:\Program Files (x86)\Gazillion Entertainment\Marvel Heroes Game\Unrealengine3\Binaries\Win32\MarvelHeroes2015.exe
2015-02-25 05:13:06 6E0E4FE7758E8BDFCBE9B0ACA4A0FBCC 222720 ----a-w- C:\Program Files (x86)\Gazillion Entertainment\Marvel Heroes Game\Unrealengine3\Binaries\Win32\GazillionWebHelper\MarvelHeroes_WebHelper.exe
2015-02-25 05:13:06 03F8786FC697BF6EE99CB1D642FDEC32 33792 ----a-w- C:\Program Files (x86)\Gazillion Entertainment\Marvel Heroes Game\Unrealengine3\Binaries\Win32\HardwareSurvey.exe
2015-02-25 05:13:03 50D4FAA7C0091842C413F2F37E7F2A4A 453944 ----a-w- C:\Program Files (x86)\Gazillion Entertainment\Marvel Heroes Game\Unrealengine3\Binaries\Win32\AwesomiumProcess.exe
2015-02-25 04:35:16 8DD627791F665C36B43BE29B3F8EAED1 21836304 ----a-w- C:\Program Files (x86)\Gazillion Entertainment\Marvel Heroes Game\Unrealengine3\Binaries\Redist\UE3Redist.exe
2015-02-25 03:35:12 670F10D03AE2AF88C682DFFCAD748CB1 220672 ----a-w- C:\Program Files (x86)\Gazillion Entertainment\Marvel Heroes Game\crashapp.exe
2015-02-25 03:34:26 4CB3D44DE4530B6D50FF8089AB7E6CCE 3007312 ----a-w- C:\Program Files (x86)\Gazillion Entertainment\Marvel Heroes Game\MarvelHeroesLauncher.exe
2015-02-25 03:34:26 1667D24DE7209210CDDECD6D5E670D88 1001121 ----a-w- C:\Program Files (x86)\Gazillion Entertainment\Marvel Heroes Game\unins000.exe
2015-02-25 01:41:10 AF6E966D1F38287EF4D33B246CCC3A33 1388274 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2545825420-1453635624-3343084205-1000\$RZ6PAXB.exe
2015-02-25 01:30:26 4DB5909D450AE68CC11DC865B9B84F71 2126848 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2545825420-1453635624-3343084205-1000\$RYK6NPH.exe
2015-02-25 00:14:31 E273331224005C5A8A504164373DE1DC 535304 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2015-02-25 00:14:31 9E47522861242EE002D7F385C35D1322 2887824 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2015-02-25 00:14:31 5B3DE7968D23B476AFB256D8014B25B9 333424 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2015-02-25 00:14:31 47B06E473B78A792DF07D226E0537D63 119184 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2015-02-25 00:14:31 3C3F35C91F230493B088B334E39D1F7A 358144 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2015-02-25 00:14:23 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2545825420-1453635624-3343084205-1000\$R4I9S4B.exe
2015-02-25 00:10:01 EB37771FE67C0BE822195BB437AF20A8 401920 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2545825420-1453635624-3343084205-1000\$RGBR9PP.exe
2015-02-25 00:08:20 F4CC03D0A936AD6780ADA614AE81B413 840272 ----a-w- C:\Program Files (x86)\Google\Update\Install\{2FF8454C-9E86-4F58-837C-373A4AB34479}\40.0.2214.115_40.0.2214.111_chrome_updater.exe
2015-02-25 00:08:19 F4CC03D0A936AD6780ADA614AE81B413 840272 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.115\40.0.2214.115_40.0.2214.111_chrome_updater.exe
=== C: other files ==
2015-02-28 12:16:37 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2015-02-28 12:16:37 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\_MEI11002\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2015-02-26 05:30:06 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\Raymond Chin\AppData\Roaming\Raptr\data\raptrguest6es0zhei\config\certificates\x509\tls_peers\xmpp-server3.raptr.com
2015-02-26 05:30:05 620620C91E3FDEE0C182BCE8F9CC36D4 1617 ----a-w- C:\Users\Raymond Chin\AppData\Roaming\Raptr\data\raptrguest6es0zhei\config\certificates\x509\tls_peers\gmail.com
2015-02-25 01:41:48 F56A319979F631C141F5FF02DF87FDB1 43563 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\prelim.bat
2015-02-25 01:41:48 E49F9C309DC32E854A081507B89EBE39 11201 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\runvalues.bat
2015-02-25 01:41:48 DD1E4D974B1672ABD09EFFB225791C4A 1230 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\TDL4.bat
2015-02-25 01:41:48 AD2F52DC72B10AF331692E4A4DD80DFC 18670 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\medfos.bat
2015-02-25 01:41:48 AA0C656F898523BEDF2DA6923197BB80 1264 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\surfvox.bat
2015-02-25 01:41:48 8E6020C14F982CF11B3FE7DBB0CB8EDE 24738 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\searchlnk.bat
2015-02-25 01:41:48 8BA81DD47CF392BEBEE506E3789F9FBA 14924 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\get.bat
2015-02-25 01:41:48 86707BCE5CBB65D9B1C41E249B4423BA 152733 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\firefox.bat
2015-02-25 01:41:48 83F691D8398F0E37E71E9355BF730DB9 719 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\ev_clear.bat
2015-02-25 01:41:48 56CE326F6AAE3CF1709D332C04E8F9F1 191237 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\misc.bat
2015-02-25 01:41:48 38A0BDF322ACCC968B0A824C38D50157 29635 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\ask.bat
2015-02-25 01:41:48 335DFF8F23E5EC02B5426362F0F8509B 31401 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\iexplore.bat
2015-02-25 01:41:48 0C4649A62845AB5D5DBCC4998477FF6D 1813 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\delfolders.bat
2015-02-25 01:41:48 080CFDE64F31E7B50EECF4552033E84D 9937 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\mws.bat
2015-02-25 01:41:48 048407135C9B1FB6A355E256BD96160D 14192 ----a-w- C:\Users\Raymond Chin\AppData\Local\Temp\jrt\chrome.bat
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-2545825420-1453635624-3343084205-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"Google Update"="C:\Users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"GoogleChromeAutoLaunch_B76D3C19537742362D546E9EA677B648"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"THX Audio Control Panel"="C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe /r"
"UpdReg"="C:\Windows\UpdReg.EXE"
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"ConnectionCenter"="C:\Program Files (x86)\Citrix\ICA Client\concentr.exe /startup"
"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
"StartCCC"="C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"Raptr"="C:\PROGRA~2\Raptr\raptrstub.exe --startup"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"Google Update"="C:\Users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"GoogleChromeAutoLaunch_B76D3C19537742362D546E9EA677B648"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"THXCfg64"="C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe /minimized"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"command"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"
"hkey"="HKLM"
"item"="DivXUpdate"
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"
 
 
==== Startup Folders ======================
 
2014-06-04 16:40:58 1155 ----a-w- C:\Users\Raymond Chin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-03-23 05:06:22 865 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [02/04/2015 08:55 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/22/2014 11:15 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/22/2014 11:15 AM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2545825420-1453635624-3343084205-1000Core.job --a------ C:\Users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe [10/20/2014 05:47 AM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2545825420-1453635624-3343084205-1000UA.job --a------ C:\Users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe [10/20/2014 05:47 AM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2545825420-1453635624-3343084205-1000Core" [C:\Users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2545825420-1453635624-3343084205-1000UA" [C:\Users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Sat 02/28/2015 at 10:54:37.88 ======================


#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:06 AM

Posted 28 February 2015 - 11:55 AM

Hi,

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.
tdss.gif


Step 2

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    cmd: type "C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt"
    cmd: type "C:\ComboFix.txt"
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    CHR HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Raymond Chin\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [Not Found]
    CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Raymond Chin\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [Not Found]
    File: "C:\Users\Raymond Chin\Downloads\acrobatpro11_0XdXXwweRWWWjCCP1iQw7Q0409.exe"
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 rcjiang

rcjiang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 28 February 2015 - 12:17 PM

12:15:21.0831 0x1e80  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:15:25.0239 0x1e80  ============================================================
12:15:25.0239 0x1e80  Current date / time: 2015/02/28 12:15:25.0239
12:15:25.0239 0x1e80  SystemInfo:
12:15:25.0239 0x1e80  
12:15:25.0239 0x1e80  OS Version: 6.1.7601 ServicePack: 1.0
12:15:25.0239 0x1e80  Product type: Workstation
12:15:25.0239 0x1e80  ComputerName: CHIN-PC
12:15:25.0239 0x1e80  UserName: Raymond Chin
12:15:25.0239 0x1e80  Windows directory: C:\Windows
12:15:25.0239 0x1e80  System windows directory: C:\Windows
12:15:25.0239 0x1e80  Running under WOW64
12:15:25.0239 0x1e80  Processor architecture: Intel x64
12:15:25.0239 0x1e80  Number of processors: 8
12:15:25.0239 0x1e80  Page size: 0x1000
12:15:25.0239 0x1e80  Boot type: Normal boot
12:15:25.0239 0x1e80  ============================================================
12:15:25.0301 0x1e80  KLMD registered as C:\Windows\system32\drivers\84968571.sys
12:15:25.0398 0x1e80  System UUID: {274A68C5-160E-15C1-A54C-14A7DC1A736C}
12:15:25.0756 0x1e80  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:15:25.0756 0x1e80  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:15:25.0756 0x1e80  ============================================================
12:15:25.0756 0x1e80  \Device\Harddisk0\DR0:
12:15:25.0756 0x1e80  MBR partitions:
12:15:25.0756 0x1e80  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
12:15:25.0756 0x1e80  \Device\Harddisk1\DR1:
12:15:25.0756 0x1e80  MBR partitions:
12:15:25.0756 0x1e80  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:15:25.0756 0x1e80  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A352800
12:15:25.0756 0x1e80  ============================================================
12:15:25.0756 0x1e80  C: <-> \Device\Harddisk0\DR0\Partition1
12:15:26.0068 0x1e80  E: <-> \Device\Harddisk1\DR1\Partition2
12:15:26.0068 0x1e80  ============================================================
12:15:26.0068 0x1e80  Initialize success
12:15:26.0068 0x1e80  ============================================================
12:16:19.0862 0x0bc0  ============================================================
12:16:19.0862 0x0bc0  Scan started
12:16:19.0862 0x0bc0  Mode: Manual; SigCheck; TDLFS; 
12:16:19.0862 0x0bc0  ============================================================
12:16:19.0862 0x0bc0  KSN ping started
12:16:24.0243 0x0bc0  KSN ping finished: true
12:16:24.0400 0x0bc0  ================ Scan system memory ========================
12:16:24.0400 0x0bc0  System memory - ok
12:16:24.0400 0x0bc0  ================ Scan services =============================
12:16:24.0478 0x0bc0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
12:16:24.0509 0x0bc0  1394ohci - ok
12:16:24.0525 0x0bc0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:16:24.0540 0x0bc0  ACPI - ok
12:16:24.0556 0x0bc0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:16:24.0572 0x0bc0  AcpiPmi - ok
12:16:24.0572 0x0bc0  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:16:24.0603 0x0bc0  AdobeARMservice - ok
12:16:24.0634 0x0bc0  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:16:24.0650 0x0bc0  AdobeFlashPlayerUpdateSvc - ok
12:16:24.0665 0x0bc0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:16:24.0681 0x0bc0  adp94xx - ok
12:16:24.0696 0x0bc0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:16:24.0712 0x0bc0  adpahci - ok
12:16:24.0712 0x0bc0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:16:24.0728 0x0bc0  adpu320 - ok
12:16:24.0728 0x0bc0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:16:24.0790 0x0bc0  AeLookupSvc - ok
12:16:24.0806 0x0bc0  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
12:16:24.0821 0x0bc0  AFD - ok
12:16:24.0837 0x0bc0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:16:24.0837 0x0bc0  agp440 - ok
12:16:24.0852 0x0bc0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:16:24.0868 0x0bc0  ALG - ok
12:16:24.0868 0x0bc0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:16:24.0868 0x0bc0  aliide - ok
12:16:24.0884 0x0bc0  [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:16:24.0915 0x0bc0  AMD External Events Utility - ok
12:16:24.0930 0x0bc0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:16:24.0930 0x0bc0  amdide - ok
12:16:24.0946 0x0bc0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:16:24.0946 0x0bc0  AmdK8 - ok
12:16:25.0352 0x0bc0  [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:16:25.0729 0x0bc0  amdkmdag - ok
12:16:25.0760 0x0bc0  [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:16:25.0791 0x0bc0  amdkmdap - ok
12:16:25.0791 0x0bc0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:16:25.0807 0x0bc0  AmdPPM - ok
12:16:25.0807 0x0bc0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:16:25.0823 0x0bc0  amdsata - ok
12:16:25.0838 0x0bc0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:16:25.0838 0x0bc0  amdsbs - ok
12:16:25.0854 0x0bc0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:16:25.0854 0x0bc0  amdxata - ok
12:16:25.0854 0x0bc0  [ 888B1D8C4F7B6D2106D178204724ECAD, C23E280E77D14F678672066F7CB234FC3E73BDF10300CCF916C284A8A55F3CF4 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
12:16:25.0885 0x0bc0  AMPPAL - ok
12:16:25.0901 0x0bc0  [ 888B1D8C4F7B6D2106D178204724ECAD, C23E280E77D14F678672066F7CB234FC3E73BDF10300CCF916C284A8A55F3CF4 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
12:16:25.0901 0x0bc0  AMPPALP - ok
12:16:25.0916 0x0bc0  [ E307ED976D238B30B247108D1978A377, AF65336156897B0E28F2FA7306CEF2239FA0475C9542181003B44C643F19EC33 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
12:16:25.0947 0x0bc0  AMPPALR3 - ok
12:16:25.0947 0x0bc0  [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
12:16:25.0963 0x0bc0  AppHostSvc - ok
12:16:25.0963 0x0bc0  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
12:16:26.0041 0x0bc0  AppID - ok
12:16:26.0041 0x0bc0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:16:26.0072 0x0bc0  AppIDSvc - ok
12:16:26.0072 0x0bc0  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
12:16:26.0088 0x0bc0  Appinfo - ok
12:16:26.0088 0x0bc0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
12:16:26.0103 0x0bc0  arc - ok
12:16:26.0103 0x0bc0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:16:26.0119 0x0bc0  arcsas - ok
12:16:26.0135 0x0bc0  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:16:26.0135 0x0bc0  aspnet_state - ok
12:16:26.0150 0x0bc0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:16:26.0166 0x0bc0  AsyncMac - ok
12:16:26.0166 0x0bc0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:16:26.0181 0x0bc0  atapi - ok
12:16:26.0181 0x0bc0  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:16:26.0213 0x0bc0  AtiHDAudioService - ok
12:16:26.0228 0x0bc0  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:16:26.0244 0x0bc0  AudioEndpointBuilder - ok
12:16:26.0259 0x0bc0  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:16:26.0291 0x0bc0  AudioSrv - ok
12:16:26.0291 0x0bc0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:16:26.0322 0x0bc0  AxInstSV - ok
12:16:26.0337 0x0bc0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:16:26.0353 0x0bc0  b06bdrv - ok
12:16:26.0353 0x0bc0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:16:26.0369 0x0bc0  b57nd60a - ok
12:16:26.0384 0x0bc0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:16:26.0400 0x0bc0  BDESVC - ok
12:16:26.0400 0x0bc0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:16:26.0415 0x0bc0  Beep - ok
12:16:26.0431 0x0bc0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
12:16:26.0462 0x0bc0  BFE - ok
12:16:26.0493 0x0bc0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
12:16:26.0540 0x0bc0  BITS - ok
12:16:26.0540 0x0bc0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:16:26.0556 0x0bc0  blbdrive - ok
12:16:26.0556 0x0bc0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:16:26.0571 0x0bc0  bowser - ok
12:16:26.0571 0x0bc0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:16:26.0587 0x0bc0  BrFiltLo - ok
12:16:26.0587 0x0bc0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:16:26.0603 0x0bc0  BrFiltUp - ok
12:16:26.0603 0x0bc0  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:16:26.0634 0x0bc0  BridgeMP - ok
12:16:26.0634 0x0bc0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:16:26.0649 0x0bc0  Browser - ok
12:16:26.0649 0x0bc0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:16:26.0681 0x0bc0  Brserid - ok
12:16:26.0681 0x0bc0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:16:26.0696 0x0bc0  BrSerWdm - ok
12:16:26.0696 0x0bc0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:16:26.0696 0x0bc0  BrUsbMdm - ok
12:16:26.0712 0x0bc0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:16:26.0712 0x0bc0  BrUsbSer - ok
12:16:26.0727 0x0bc0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:16:26.0727 0x0bc0  BTHMODEM - ok
12:16:26.0743 0x0bc0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:16:26.0759 0x0bc0  bthserv - ok
12:16:26.0774 0x0bc0  [ D30286FF3C7B6318C024D2BC2955C1BF, 47863D046C94A5C19F7D4E0BA393E6FE1E249C78FAB9B8705F7DD2CD87EAC16C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
12:16:26.0774 0x0bc0  BTHSSecurityMgr - ok
12:16:26.0790 0x0bc0  catchme - ok
12:16:26.0790 0x0bc0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:16:26.0821 0x0bc0  cdfs - ok
12:16:26.0821 0x0bc0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:16:26.0837 0x0bc0  cdrom - ok
12:16:26.0837 0x0bc0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:16:26.0868 0x0bc0  CertPropSvc - ok
12:16:26.0868 0x0bc0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:16:26.0883 0x0bc0  circlass - ok
12:16:26.0883 0x0bc0  [ FF60401F1C659CA2ED4BAE85D3FD14DA, 71EEA0078E1545A2F80B0020BE7113843B713DE1A5CC20D9810BD9F3889A4DB0 ] CISVC           C:\Windows\system32\CISVC.EXE
12:16:26.0899 0x0bc0  CISVC - ok
12:16:26.0915 0x0bc0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
12:16:26.0930 0x0bc0  CLFS - ok
12:16:26.0930 0x0bc0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:16:26.0946 0x0bc0  clr_optimization_v2.0.50727_32 - ok
12:16:26.0946 0x0bc0  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:16:26.0961 0x0bc0  clr_optimization_v2.0.50727_64 - ok
12:16:26.0977 0x0bc0  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:16:26.0977 0x0bc0  clr_optimization_v4.0.30319_32 - ok
12:16:26.0993 0x0bc0  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:16:26.0993 0x0bc0  clr_optimization_v4.0.30319_64 - ok
12:16:27.0008 0x0bc0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:16:27.0008 0x0bc0  CmBatt - ok
12:16:27.0008 0x0bc0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:16:27.0024 0x0bc0  cmdide - ok
12:16:27.0039 0x0bc0  [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:16:27.0055 0x0bc0  CNG - ok
12:16:27.0055 0x0bc0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:16:27.0071 0x0bc0  Compbatt - ok
12:16:27.0071 0x0bc0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:16:27.0086 0x0bc0  CompositeBus - ok
12:16:27.0086 0x0bc0  COMSysApp - ok
12:16:27.0102 0x0bc0  [ C08063F052308B6F5882482615387F30, 523D1D43E896077F32CD9ACAA8E85B513BFB7B013A625E56F0D4E9675D9822BA ] cpuz135         C:\Windows\system32\drivers\cpuz135_x64.sys
12:16:27.0102 0x0bc0  cpuz135 - ok
12:16:27.0102 0x0bc0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:16:27.0117 0x0bc0  crcdisk - ok
12:16:27.0117 0x0bc0  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:16:27.0133 0x0bc0  CryptSvc - ok
12:16:27.0149 0x0bc0  [ BF62FF663AE55E4ED99DE76881C2C0F1, 87018B61B2310558EB9C96887D92FA5ED06B9A4D69999F6B6F7BDD2D486FAA0D ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
12:16:27.0164 0x0bc0  ctxusbm - ok
12:16:27.0164 0x0bc0  [ 8EC96B753727B380089D66D4AB5869DF, F8E36B68EED9680291610C83E7DF16A04D278E3E7BC807CF8A870D01C4E5A95E ] CYUSB           C:\Windows\system32\Drivers\CYUSB.sys
12:16:27.0180 0x0bc0  CYUSB - ok
12:16:27.0180 0x0bc0  [ 003626F7CA17C204F16CD5047AF0703A, BA9063D77A60AF1107A1A6B3C1DD6F1EF3D9DCE7616BAC67DF13AEDD67B683F3 ] danewFltr       C:\Windows\system32\drivers\danew.sys
12:16:27.0195 0x0bc0  danewFltr - detected UnsignedFile.Multi.Generic ( 1 )
12:16:29.0880 0x0bc0  Detect skipped due to KSN trusted
12:16:29.0880 0x0bc0  danewFltr - ok
12:16:29.0896 0x0bc0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:16:29.0927 0x0bc0  DcomLaunch - ok
12:16:29.0942 0x0bc0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:16:29.0974 0x0bc0  defragsvc - ok
12:16:29.0974 0x0bc0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:16:30.0005 0x0bc0  DfsC - ok
12:16:30.0005 0x0bc0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:16:30.0036 0x0bc0  Dhcp - ok
12:16:30.0036 0x0bc0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:16:30.0067 0x0bc0  discache - ok
12:16:30.0067 0x0bc0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
12:16:30.0083 0x0bc0  Disk - ok
12:16:30.0083 0x0bc0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:16:30.0098 0x0bc0  Dnscache - ok
12:16:30.0098 0x0bc0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:16:30.0130 0x0bc0  dot3svc - ok
12:16:30.0145 0x0bc0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:16:30.0176 0x0bc0  DPS - ok
12:16:30.0176 0x0bc0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:16:30.0176 0x0bc0  drmkaud - ok
12:16:30.0208 0x0bc0  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:16:30.0239 0x0bc0  DXGKrnl - ok
12:16:30.0239 0x0bc0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:16:30.0270 0x0bc0  EapHost - ok
12:16:30.0332 0x0bc0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:16:30.0426 0x0bc0  ebdrv - ok
12:16:30.0434 0x0bc0  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS             C:\Windows\System32\lsass.exe
12:16:30.0436 0x0bc0  EFS - ok
12:16:30.0451 0x0bc0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:16:30.0483 0x0bc0  ehRecvr - ok
12:16:30.0483 0x0bc0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:16:30.0498 0x0bc0  ehSched - ok
12:16:30.0514 0x0bc0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:16:30.0529 0x0bc0  elxstor - ok
12:16:30.0529 0x0bc0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:16:30.0545 0x0bc0  ErrDev - ok
12:16:30.0561 0x0bc0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:16:30.0592 0x0bc0  EventSystem - ok
12:16:30.0607 0x0bc0  [ C8559336BB21FF701CBEF14527D7660F, AE8CD6514C0B121B260D9101D76E6225599B832504EB5719FD110E348C9E6682 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:16:30.0654 0x0bc0  EvtEng - ok
12:16:30.0654 0x0bc0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:16:30.0685 0x0bc0  exfat - ok
12:16:30.0701 0x0bc0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:16:30.0717 0x0bc0  fastfat - ok
12:16:30.0748 0x0bc0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:16:30.0763 0x0bc0  Fax - ok
12:16:30.0763 0x0bc0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
12:16:30.0779 0x0bc0  fdc - ok
12:16:30.0779 0x0bc0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:16:30.0810 0x0bc0  fdPHost - ok
12:16:30.0810 0x0bc0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:16:30.0841 0x0bc0  FDResPub - ok
12:16:30.0841 0x0bc0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:16:30.0857 0x0bc0  FileInfo - ok
12:16:30.0857 0x0bc0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:16:30.0873 0x0bc0  Filetrace - ok
12:16:30.0904 0x0bc0  [ 8669BE94F63944E4F899C3950B520241, 9991E57B3C366D59BD186CEAA78D4590EDB2BC127250CF4D1522CBE413453E72 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:16:30.0935 0x0bc0  FLEXnet Licensing Service - ok
12:16:30.0935 0x0bc0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:16:30.0951 0x0bc0  flpydisk - ok
12:16:30.0951 0x0bc0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:16:30.0966 0x0bc0  FltMgr - ok
12:16:30.0997 0x0bc0  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
12:16:31.0044 0x0bc0  FontCache - ok
12:16:31.0044 0x0bc0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:16:31.0060 0x0bc0  FontCache3.0.0.0 - ok
12:16:31.0060 0x0bc0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:16:31.0060 0x0bc0  FsDepends - ok
12:16:31.0075 0x0bc0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:16:31.0075 0x0bc0  Fs_Rec - ok
12:16:31.0091 0x0bc0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:16:31.0107 0x0bc0  fvevol - ok
12:16:31.0107 0x0bc0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:16:31.0107 0x0bc0  gagp30kx - ok
12:16:31.0138 0x0bc0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:16:31.0169 0x0bc0  gpsvc - ok
12:16:31.0185 0x0bc0  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:16:31.0185 0x0bc0  gupdate - ok
12:16:31.0200 0x0bc0  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:16:31.0200 0x0bc0  gupdatem - ok
12:16:31.0216 0x0bc0  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:16:31.0216 0x0bc0  gusvc - ok
12:16:31.0231 0x0bc0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:16:31.0231 0x0bc0  hcw85cir - ok
12:16:31.0247 0x0bc0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:16:31.0263 0x0bc0  HdAudAddService - ok
12:16:31.0278 0x0bc0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:16:31.0278 0x0bc0  HDAudBus - ok
12:16:31.0294 0x0bc0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:16:31.0294 0x0bc0  HidBatt - ok
12:16:31.0294 0x0bc0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:16:31.0309 0x0bc0  HidBth - ok
12:16:31.0325 0x0bc0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:16:31.0325 0x0bc0  HidIr - ok
12:16:31.0341 0x0bc0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
12:16:31.0356 0x0bc0  hidserv - ok
12:16:31.0372 0x0bc0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:16:31.0372 0x0bc0  HidUsb - ok
12:16:31.0387 0x0bc0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:16:31.0403 0x0bc0  hkmsvc - ok
12:16:31.0419 0x0bc0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:16:31.0434 0x0bc0  HomeGroupListener - ok
12:16:31.0434 0x0bc0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:16:31.0450 0x0bc0  HomeGroupProvider - ok
12:16:31.0450 0x0bc0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:16:31.0465 0x0bc0  HpSAMD - ok
12:16:31.0481 0x0bc0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:16:31.0528 0x0bc0  HTTP - ok
12:16:31.0528 0x0bc0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:16:31.0543 0x0bc0  hwpolicy - ok
12:16:31.0543 0x0bc0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:16:31.0559 0x0bc0  i8042prt - ok
12:16:31.0575 0x0bc0  [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:16:31.0590 0x0bc0  iaStor - ok
12:16:31.0590 0x0bc0  [ 8FFF9083252C16FE3960173722605E9E, 6546FDA34B9AF94C5E86E5269BBC2F02F1E78D6D4BE5B5EC01F4B284CC934994 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:16:31.0590 0x0bc0  IAStorDataMgrSvc - ok
12:16:31.0606 0x0bc0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:16:31.0621 0x0bc0  iaStorV - ok
12:16:31.0653 0x0bc0  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:16:31.0685 0x0bc0  idsvc - ok
12:16:31.0685 0x0bc0  IEEtwCollectorService - ok
12:16:31.0685 0x0bc0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:16:31.0700 0x0bc0  iirsp - ok
12:16:31.0716 0x0bc0  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:16:31.0747 0x0bc0  IKEEXT - ok
12:16:31.0810 0x0bc0  [ 2CC2F7C5990BB76767038F4B16D17A56, 78D12EFC0AB81B87706D3F7ADFF3FA9C5AD05C7F02169DDBE7E2D2A67B47D9DE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:16:31.0872 0x0bc0  IntcAzAudAddService - ok
12:16:31.0872 0x0bc0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:16:31.0903 0x0bc0  intelide - ok
12:16:31.0903 0x0bc0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:16:31.0919 0x0bc0  intelppm - ok
12:16:31.0919 0x0bc0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:16:31.0950 0x0bc0  IPBusEnum - ok
12:16:31.0950 0x0bc0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:16:31.0981 0x0bc0  IpFilterDriver - ok
12:16:31.0997 0x0bc0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:16:32.0012 0x0bc0  iphlpsvc - ok
12:16:32.0028 0x0bc0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:16:32.0028 0x0bc0  IPMIDRV - ok
12:16:32.0044 0x0bc0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:16:32.0075 0x0bc0  IPNAT - ok
12:16:32.0075 0x0bc0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:16:32.0090 0x0bc0  IRENUM - ok
12:16:32.0090 0x0bc0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:16:32.0106 0x0bc0  isapnp - ok
12:16:32.0106 0x0bc0  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:16:32.0122 0x0bc0  iScsiPrt - ok
12:16:32.0137 0x0bc0  [ ABE4CA2661C8E90404A16FC543C28723, 95945DE853AAC71A01F6EDA7AF23250DA2473B150926E3E3037200834D1F5B78 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
12:16:32.0137 0x0bc0  JMCR - ok
12:16:32.0153 0x0bc0  [ A4F45625CCD360DE35DA5051FDA0B47F, CE30568DAB53D129A4099C4E5EAAE5BFCDBB8DD08166ECA73ED3A9BD0FE6C0EF ] JME             C:\Windows\system32\DRIVERS\JME.sys
12:16:32.0153 0x0bc0  JME - ok
12:16:32.0153 0x0bc0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:16:32.0168 0x0bc0  kbdclass - ok
12:16:32.0168 0x0bc0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:16:32.0184 0x0bc0  kbdhid - ok
12:16:32.0184 0x0bc0  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso          C:\Windows\system32\lsass.exe
12:16:32.0200 0x0bc0  KeyIso - ok
12:16:32.0200 0x0bc0  [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:16:32.0200 0x0bc0  KSecDD - ok
12:16:32.0215 0x0bc0  [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:16:32.0231 0x0bc0  KSecPkg - ok
12:16:32.0231 0x0bc0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:16:32.0246 0x0bc0  ksthunk - ok
12:16:32.0262 0x0bc0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:16:32.0293 0x0bc0  KtmRm - ok
12:16:32.0309 0x0bc0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:16:32.0340 0x0bc0  LanmanServer - ok
12:16:32.0340 0x0bc0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:16:32.0371 0x0bc0  LanmanWorkstation - ok
12:16:32.0387 0x0bc0  [ 7772DFAB22611050B79504E671B06E6E, 331FE235EDBCF48EE96A5A9D5D0560457CD85FA3FD7BEACD3700055F815D9F13 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:16:32.0402 0x0bc0  LBTServ - ok
12:16:32.0402 0x0bc0  [ ED7EC050CD6C20E1A93A4DAFB7EFD14D, 9B3B9FA23788680D13E3DC2EEA2F127591A368578AEAB70F03AC379BA7379184 ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
12:16:32.0418 0x0bc0  LEqdUsb - ok
12:16:32.0418 0x0bc0  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
12:16:32.0418 0x0bc0  LGBusEnum - ok
12:16:32.0434 0x0bc0  [ 94AF1384A67B9FCF5651E70BC9D4C526, 9C025F7BBB5BBE9DAF3DEF2F6385CE77C8F413912C4D16930814F6D19B62B367 ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
12:16:32.0434 0x0bc0  LGSHidFilt - ok
12:16:32.0434 0x0bc0  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
12:16:32.0449 0x0bc0  LGVirHid - ok
12:16:32.0449 0x0bc0  [ 3267BC698E29474A8381E68904EB0390, A653ED6364D4B7E02FB7087D364E33D029B15A92E0FAAB176877DE5F93B36B65 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
12:16:32.0449 0x0bc0  LHidEqd - ok
12:16:32.0465 0x0bc0  [ 241F2648ADF090E2A10095BD6D6F5DCB, D31F50F7A70A62E3CA45071F75C56FFA21464BFAF4CA4A3AD2482D7477D78D4E ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:16:32.0465 0x0bc0  LHidFilt - ok
12:16:32.0465 0x0bc0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:16:32.0496 0x0bc0  lltdio - ok
12:16:32.0512 0x0bc0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:16:32.0543 0x0bc0  lltdsvc - ok
12:16:32.0543 0x0bc0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:16:32.0574 0x0bc0  lmhosts - ok
12:16:32.0574 0x0bc0  [ 342ED5A4B3326014438F36D22D803737, 45488402BD919D84729A19E618B3595D615EB1F73FB9BC77675A21E7DB80AB6C ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:16:32.0574 0x0bc0  LMouFilt - ok
12:16:32.0590 0x0bc0  [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:16:32.0605 0x0bc0  LMS - ok
12:16:32.0605 0x0bc0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:16:32.0621 0x0bc0  LSI_FC - ok
12:16:32.0621 0x0bc0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:16:32.0636 0x0bc0  LSI_SAS - ok
12:16:32.0636 0x0bc0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:16:32.0652 0x0bc0  LSI_SAS2 - ok
12:16:32.0652 0x0bc0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:16:32.0668 0x0bc0  LSI_SCSI - ok
12:16:32.0668 0x0bc0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:16:32.0699 0x0bc0  luafv - ok
12:16:32.0699 0x0bc0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:16:32.0714 0x0bc0  Mcx2Svc - ok
12:16:32.0714 0x0bc0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:16:32.0730 0x0bc0  megasas - ok
12:16:32.0730 0x0bc0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:16:32.0746 0x0bc0  MegaSR - ok
12:16:32.0761 0x0bc0  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
12:16:32.0761 0x0bc0  MEIx64 - ok
12:16:32.0777 0x0bc0  Microsoft SharePoint Workspace Audit Service - ok
12:16:32.0777 0x0bc0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:16:32.0808 0x0bc0  MMCSS - ok
12:16:32.0808 0x0bc0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:16:32.0824 0x0bc0  Modem - ok
12:16:32.0839 0x0bc0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:16:32.0839 0x0bc0  monitor - ok
12:16:32.0855 0x0bc0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:16:32.0855 0x0bc0  mouclass - ok
12:16:32.0855 0x0bc0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:16:32.0870 0x0bc0  mouhid - ok
12:16:32.0870 0x0bc0  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:16:32.0886 0x0bc0  mountmgr - ok
12:16:32.0902 0x0bc0  [ FBA4CDA6B3B00D7A116DCC2B5C7E9790, FE909159323290555971F031E7911DCCD035B873E630A230A660C13D57719206 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
12:16:32.0917 0x0bc0  MpFilter - ok
12:16:32.0917 0x0bc0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:16:32.0933 0x0bc0  mpio - ok
12:16:32.0933 0x0bc0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:16:32.0964 0x0bc0  mpsdrv - ok
12:16:32.0980 0x0bc0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:16:33.0026 0x0bc0  MpsSvc - ok
12:16:33.0026 0x0bc0  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:16:33.0042 0x0bc0  MRxDAV - ok
12:16:33.0058 0x0bc0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:16:33.0058 0x0bc0  mrxsmb - ok
12:16:33.0073 0x0bc0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:16:33.0089 0x0bc0  mrxsmb10 - ok
12:16:33.0089 0x0bc0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:16:33.0104 0x0bc0  mrxsmb20 - ok
12:16:33.0104 0x0bc0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:16:33.0120 0x0bc0  msahci - ok
12:16:33.0120 0x0bc0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:16:33.0136 0x0bc0  msdsm - ok
12:16:33.0136 0x0bc0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:16:33.0151 0x0bc0  MSDTC - ok
12:16:33.0167 0x0bc0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:16:33.0182 0x0bc0  Msfs - ok
12:16:33.0182 0x0bc0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:16:33.0214 0x0bc0  mshidkmdf - ok
12:16:33.0214 0x0bc0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:16:33.0229 0x0bc0  msisadrv - ok
12:16:33.0229 0x0bc0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:16:33.0260 0x0bc0  MSiSCSI - ok
12:16:33.0260 0x0bc0  msiserver - ok
12:16:33.0260 0x0bc0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:16:33.0292 0x0bc0  MSKSSRV - ok
12:16:33.0292 0x0bc0  [ F46BA4E7F4A34295B20917CD77F6CEC9, 1A91AC1AC1FBFC6922D0430D752240A91C9001373B1F84F960FDE0AC062A411A ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:16:33.0307 0x0bc0  MsMpSvc - ok
12:16:33.0307 0x0bc0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:16:33.0338 0x0bc0  MSPCLOCK - ok
12:16:33.0338 0x0bc0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:16:33.0354 0x0bc0  MSPQM - ok
12:16:33.0370 0x0bc0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:16:33.0385 0x0bc0  MsRPC - ok
12:16:33.0385 0x0bc0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:16:33.0401 0x0bc0  mssmbios - ok
12:16:33.0401 0x0bc0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:16:33.0432 0x0bc0  MSTEE - ok
12:16:33.0432 0x0bc0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:16:33.0448 0x0bc0  MTConfig - ok
12:16:33.0448 0x0bc0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:16:33.0448 0x0bc0  Mup - ok
12:16:33.0463 0x0bc0  [ 50E1967C1C2A2BBF4E361DE1A6DD9A5E, 914650EE73313FF15F778F9002D8A1F43D9850D3D1086282B408CD71AC3874D0 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:16:33.0494 0x0bc0  MyWiFiDHCPDNS - ok
12:16:33.0510 0x0bc0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:16:33.0551 0x0bc0  napagent - ok
12:16:33.0552 0x0bc0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:16:33.0568 0x0bc0  NativeWifiP - ok
12:16:33.0599 0x0bc0  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:16:33.0630 0x0bc0  NDIS - ok
12:16:33.0630 0x0bc0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:16:33.0661 0x0bc0  NdisCap - ok
12:16:33.0661 0x0bc0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:16:33.0693 0x0bc0  NdisTapi - ok
12:16:33.0693 0x0bc0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:16:33.0711 0x0bc0  Ndisuio - ok
12:16:33.0727 0x0bc0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:16:33.0742 0x0bc0  NdisWan - ok
12:16:33.0758 0x0bc0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:16:33.0774 0x0bc0  NDProxy - ok
12:16:33.0789 0x0bc0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:16:33.0805 0x0bc0  NetBIOS - ok
12:16:33.0820 0x0bc0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:16:33.0852 0x0bc0  NetBT - ok
12:16:33.0852 0x0bc0  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon        C:\Windows\system32\lsass.exe
12:16:33.0867 0x0bc0  Netlogon - ok
12:16:33.0867 0x0bc0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:16:33.0898 0x0bc0  Netman - ok
12:16:33.0914 0x0bc0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:16:33.0930 0x0bc0  NetMsmqActivator - ok
12:16:33.0930 0x0bc0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:16:33.0945 0x0bc0  NetPipeActivator - ok
12:16:33.0961 0x0bc0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:16:33.0992 0x0bc0  netprofm - ok
12:16:33.0992 0x0bc0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:16:34.0008 0x0bc0  NetTcpActivator - ok
12:16:34.0008 0x0bc0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:16:34.0023 0x0bc0  NetTcpPortSharing - ok
12:16:34.0304 0x0bc0  [ DB8B323B4F2B46B32ECD2BAE7955E4AA, 89BC9F951B08A8566837DF442C95842061B921B79102A8AD2245783717355B34 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwsw00.sys
12:16:34.0585 0x0bc0  NETwNs64 - ok
12:16:34.0585 0x0bc0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:16:34.0600 0x0bc0  nfrd960 - ok
12:16:34.0600 0x0bc0  [ E10B84385C3FEEF4BDE8E6A980535522, 56D9E47B76CDABE45E64C9E74DCBCC2F7C07A44519ED938BD730018C48445614 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:16:34.0616 0x0bc0  NisDrv - ok
12:16:34.0632 0x0bc0  [ 9BF50324444C46997C2492D505B47F2D, 42C74456C64F7D688E0911255746BD2A52A3590AED22B24F7E385760D720B8E9 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
12:16:34.0647 0x0bc0  NisSrv - ok
12:16:34.0663 0x0bc0  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:16:34.0678 0x0bc0  NlaSvc - ok
12:16:34.0678 0x0bc0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:16:34.0694 0x0bc0  Npfs - ok
12:16:34.0710 0x0bc0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:16:34.0725 0x0bc0  nsi - ok
12:16:34.0741 0x0bc0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:16:34.0756 0x0bc0  nsiproxy - ok
12:16:34.0803 0x0bc0  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:16:34.0850 0x0bc0  Ntfs - ok
12:16:34.0850 0x0bc0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:16:34.0881 0x0bc0  Null - ok
12:16:34.0881 0x0bc0  [ A7127E86F9FFE2A53E271B56B2C4CEDF, 9C8D60290B66976BBC6E6FE0C2B8EBBCF65B019C95116565CA75098E9F66C05D ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
12:16:34.0881 0x0bc0  nusb3hub - ok
12:16:34.0897 0x0bc0  [ 49BBEC6F48D5F9284B03ABF3A959B19B, 688AFDFA9E2F0AB3BDE22EC55C70FD592AA0236557DA9310E1557C083307CEC5 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:16:34.0912 0x0bc0  nusb3xhc - ok
12:16:34.0912 0x0bc0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:16:34.0928 0x0bc0  nvraid - ok
12:16:34.0928 0x0bc0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:16:34.0944 0x0bc0  nvstor - ok
12:16:34.0944 0x0bc0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:16:34.0959 0x0bc0  nv_agp - ok
12:16:34.0959 0x0bc0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:16:34.0975 0x0bc0  ohci1394 - ok
12:16:34.0975 0x0bc0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:16:34.0990 0x0bc0  ose - ok
12:16:35.0100 0x0bc0  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:16:35.0209 0x0bc0  osppsvc - ok
12:16:35.0224 0x0bc0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:16:35.0256 0x0bc0  p2pimsvc - ok
12:16:35.0271 0x0bc0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:16:35.0287 0x0bc0  p2psvc - ok
12:16:35.0287 0x0bc0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
12:16:35.0302 0x0bc0  Parport - ok
12:16:35.0302 0x0bc0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:16:35.0318 0x0bc0  partmgr - ok
12:16:35.0318 0x0bc0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:16:35.0334 0x0bc0  PcaSvc - ok
12:16:35.0349 0x0bc0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
12:16:35.0365 0x0bc0  pci - ok
12:16:35.0365 0x0bc0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:16:35.0365 0x0bc0  pciide - ok
12:16:35.0380 0x0bc0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:16:35.0396 0x0bc0  pcmcia - ok
12:16:35.0396 0x0bc0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:16:35.0396 0x0bc0  pcw - ok
12:16:35.0412 0x0bc0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:16:35.0458 0x0bc0  PEAUTH - ok
12:16:35.0490 0x0bc0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:16:35.0490 0x0bc0  PerfHost - ok
12:16:35.0536 0x0bc0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
12:16:35.0583 0x0bc0  pla - ok
12:16:35.0599 0x0bc0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:16:35.0614 0x0bc0  PlugPlay - ok
12:16:35.0614 0x0bc0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:16:35.0630 0x0bc0  PNRPAutoReg - ok
12:16:35.0646 0x0bc0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:16:35.0661 0x0bc0  PNRPsvc - ok
12:16:35.0677 0x0bc0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:16:35.0708 0x0bc0  PolicyAgent - ok
12:16:35.0708 0x0bc0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
12:16:35.0746 0x0bc0  Power - ok
12:16:35.0746 0x0bc0  [ CB20BF725AB8A5782EB239E98110618F, 7C87A54BABE8031F13E091E250E47078F237F2B011848A5BAE77950F01AA0867 ] PowerBiosServer C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
12:16:35.0746 0x0bc0  PowerBiosServer - detected UnsignedFile.Multi.Generic ( 1 )
12:16:38.0516 0x0bc0  PowerBiosServer ( UnsignedFile.Multi.Generic ) - warning
12:16:41.0319 0x0bc0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:16:41.0350 0x0bc0  PptpMiniport - ok
12:16:41.0350 0x0bc0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
12:16:41.0366 0x0bc0  Processor - ok
12:16:41.0382 0x0bc0  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:16:41.0397 0x0bc0  ProfSvc - ok
12:16:41.0397 0x0bc0  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:16:41.0397 0x0bc0  ProtectedStorage - ok
12:16:41.0413 0x0bc0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:16:41.0428 0x0bc0  Psched - ok
12:16:41.0475 0x0bc0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:16:41.0506 0x0bc0  ql2300 - ok
12:16:41.0522 0x0bc0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:16:41.0522 0x0bc0  ql40xx - ok
12:16:41.0538 0x0bc0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:16:41.0553 0x0bc0  QWAVE - ok
12:16:41.0553 0x0bc0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:16:41.0569 0x0bc0  QWAVEdrv - ok
12:16:41.0569 0x0bc0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:16:41.0600 0x0bc0  RasAcd - ok
12:16:41.0600 0x0bc0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:16:41.0631 0x0bc0  RasAgileVpn - ok
12:16:41.0631 0x0bc0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:16:41.0662 0x0bc0  RasAuto - ok
12:16:41.0678 0x0bc0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:16:41.0694 0x0bc0  Rasl2tp - ok
12:16:41.0709 0x0bc0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:16:41.0740 0x0bc0  RasMan - ok
12:16:41.0740 0x0bc0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:16:41.0775 0x0bc0  RasPppoe - ok
12:16:41.0775 0x0bc0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:16:41.0806 0x0bc0  RasSstp - ok
12:16:41.0821 0x0bc0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:16:41.0853 0x0bc0  rdbss - ok
12:16:41.0853 0x0bc0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
12:16:41.0868 0x0bc0  rdpbus - ok
12:16:41.0868 0x0bc0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:16:41.0884 0x0bc0  RDPCDD - ok
12:16:41.0899 0x0bc0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:16:41.0915 0x0bc0  RDPENCDD - ok
12:16:41.0915 0x0bc0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:16:41.0946 0x0bc0  RDPREFMP - ok
12:16:41.0946 0x0bc0  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:16:41.0962 0x0bc0  RdpVideoMiniport - ok
12:16:41.0977 0x0bc0  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:16:41.0993 0x0bc0  RDPWD - ok
12:16:41.0993 0x0bc0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:16:42.0009 0x0bc0  rdyboost - ok
12:16:42.0009 0x0bc0  [ 7256A19A9397E71FADC46E23E11B1609, AF403728F751C3ECFBA68D05C1E9672CB7B52CB078DE85CB16EAEC5230BBD5BC ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:16:42.0024 0x0bc0  RegSrvc - ok
12:16:42.0024 0x0bc0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:16:42.0055 0x0bc0  RemoteAccess - ok
12:16:42.0055 0x0bc0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:16:42.0087 0x0bc0  RemoteRegistry - ok
12:16:42.0087 0x0bc0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:16:42.0118 0x0bc0  RpcEptMapper - ok
12:16:42.0118 0x0bc0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:16:42.0133 0x0bc0  RpcLocator - ok
12:16:42.0149 0x0bc0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
12:16:42.0196 0x0bc0  RpcSs - ok
12:16:42.0211 0x0bc0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:16:42.0227 0x0bc0  rspndr - ok
12:16:42.0243 0x0bc0  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs           C:\Windows\system32\lsass.exe
12:16:42.0243 0x0bc0  SamSs - ok
12:16:42.0243 0x0bc0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:16:42.0258 0x0bc0  sbp2port - ok
12:16:42.0274 0x0bc0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:16:42.0305 0x0bc0  SCardSvr - ok
12:16:42.0305 0x0bc0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:16:42.0321 0x0bc0  scfilter - ok
12:16:42.0352 0x0bc0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
12:16:42.0414 0x0bc0  Schedule - ok
12:16:42.0414 0x0bc0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:16:42.0445 0x0bc0  SCPolicySvc - ok
12:16:42.0445 0x0bc0  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
12:16:42.0461 0x0bc0  sdbus - ok
12:16:42.0461 0x0bc0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:16:42.0477 0x0bc0  SDRSVC - ok
12:16:42.0477 0x0bc0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:16:42.0508 0x0bc0  secdrv - ok
12:16:42.0508 0x0bc0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
12:16:42.0539 0x0bc0  seclogon - ok
12:16:42.0539 0x0bc0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
12:16:42.0570 0x0bc0  SENS - ok
12:16:42.0570 0x0bc0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:16:42.0586 0x0bc0  SensrSvc - ok
12:16:42.0586 0x0bc0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:16:42.0601 0x0bc0  Serenum - ok
12:16:42.0601 0x0bc0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
12:16:42.0617 0x0bc0  Serial - ok
12:16:42.0617 0x0bc0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:16:42.0633 0x0bc0  sermouse - ok
12:16:42.0633 0x0bc0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:16:42.0664 0x0bc0  SessionEnv - ok
12:16:42.0664 0x0bc0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:16:42.0679 0x0bc0  sffdisk - ok
12:16:42.0679 0x0bc0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:16:42.0695 0x0bc0  sffp_mmc - ok
12:16:42.0695 0x0bc0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:16:42.0711 0x0bc0  sffp_sd - ok
12:16:42.0711 0x0bc0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:16:42.0726 0x0bc0  sfloppy - ok
12:16:42.0726 0x0bc0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:16:42.0773 0x0bc0  SharedAccess - ok
12:16:42.0773 0x0bc0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:16:42.0820 0x0bc0  ShellHWDetection - ok
12:16:42.0820 0x0bc0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:16:42.0820 0x0bc0  SiSRaid2 - ok
12:16:42.0835 0x0bc0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:16:42.0835 0x0bc0  SiSRaid4 - ok
12:16:42.0851 0x0bc0  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:16:42.0851 0x0bc0  SkypeUpdate - ok
12:16:42.0867 0x0bc0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:16:42.0898 0x0bc0  Smb - ok
12:16:42.0898 0x0bc0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:16:42.0913 0x0bc0  SNMPTRAP - ok
12:16:42.0913 0x0bc0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:16:42.0913 0x0bc0  spldr - ok
12:16:42.0929 0x0bc0  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
12:16:42.0960 0x0bc0  Spooler - ok
12:16:43.0049 0x0bc0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:16:43.0158 0x0bc0  sppsvc - ok
12:16:43.0158 0x0bc0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:16:43.0190 0x0bc0  sppuinotify - ok
12:16:43.0205 0x0bc0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:16:43.0221 0x0bc0  srv - ok
12:16:43.0236 0x0bc0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:16:43.0252 0x0bc0  srv2 - ok
12:16:43.0252 0x0bc0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:16:43.0268 0x0bc0  srvnet - ok
12:16:43.0283 0x0bc0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:16:43.0314 0x0bc0  SSDPSRV - ok
12:16:43.0314 0x0bc0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:16:43.0346 0x0bc0  SstpSvc - ok
12:16:43.0346 0x0bc0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:16:43.0346 0x0bc0  stexstor - ok
12:16:43.0361 0x0bc0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:16:43.0392 0x0bc0  stisvc - ok
12:16:43.0392 0x0bc0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:16:43.0408 0x0bc0  swenum - ok
12:16:43.0424 0x0bc0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:16:43.0455 0x0bc0  swprv - ok
12:16:43.0486 0x0bc0  [ F4DB1D9E6A42D491F0F8E21854301C0B, 7B038121D85D7C147C2FA8D5D34BF44B8792E7CD6E468C9884A109A0B6C9E84A ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:16:43.0517 0x0bc0  SynTP - ok
12:16:43.0564 0x0bc0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
12:16:43.0626 0x0bc0  SysMain - ok
12:16:43.0626 0x0bc0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:16:43.0642 0x0bc0  TabletInputService - ok
12:16:43.0658 0x0bc0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:16:43.0689 0x0bc0  TapiSrv - ok
12:16:43.0689 0x0bc0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
12:16:43.0722 0x0bc0  TBS - ok
12:16:43.0772 0x0bc0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:16:43.0819 0x0bc0  Tcpip - ok
12:16:43.0865 0x0bc0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:16:43.0912 0x0bc0  TCPIP6 - ok
12:16:43.0912 0x0bc0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:16:43.0928 0x0bc0  tcpipreg - ok
12:16:43.0928 0x0bc0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:16:43.0943 0x0bc0  TDPIPE - ok
12:16:43.0943 0x0bc0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:16:43.0959 0x0bc0  TDTCP - ok
12:16:43.0959 0x0bc0  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:16:43.0975 0x0bc0  tdx - ok
12:16:43.0975 0x0bc0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:16:43.0975 0x0bc0  TermDD - ok
12:16:43.0990 0x0bc0  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
12:16:44.0021 0x0bc0  TermService - ok
12:16:44.0021 0x0bc0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:16:44.0037 0x0bc0  Themes - ok
12:16:44.0053 0x0bc0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:16:44.0068 0x0bc0  THREADORDER - ok
12:16:44.0084 0x0bc0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:16:44.0099 0x0bc0  TrkWks - ok
12:16:44.0115 0x0bc0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:16:44.0146 0x0bc0  TrustedInstaller - ok
12:16:44.0146 0x0bc0  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:16:44.0162 0x0bc0  tssecsrv - ok
12:16:44.0162 0x0bc0  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:16:44.0177 0x0bc0  TsUsbFlt - ok
12:16:44.0177 0x0bc0  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:16:44.0177 0x0bc0  TsUsbGD - ok
12:16:44.0193 0x0bc0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:16:44.0224 0x0bc0  tunnel - ok
12:16:44.0224 0x0bc0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:16:44.0224 0x0bc0  uagp35 - ok
12:16:44.0240 0x0bc0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:16:44.0271 0x0bc0  udfs - ok
12:16:44.0271 0x0bc0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:16:44.0287 0x0bc0  UI0Detect - ok
12:16:44.0287 0x0bc0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:16:44.0302 0x0bc0  uliagpkx - ok
12:16:44.0302 0x0bc0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:16:44.0318 0x0bc0  umbus - ok
12:16:44.0318 0x0bc0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:16:44.0333 0x0bc0  UmPass - ok
12:16:44.0396 0x0bc0  [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:16:44.0458 0x0bc0  UNS - ok
12:16:44.0474 0x0bc0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:16:44.0521 0x0bc0  upnphost - ok
12:16:44.0521 0x0bc0  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:16:44.0536 0x0bc0  usbccgp - ok
12:16:44.0536 0x0bc0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:16:44.0552 0x0bc0  usbcir - ok
12:16:44.0552 0x0bc0  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:16:44.0552 0x0bc0  usbehci - ok
12:16:44.0567 0x0bc0  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:16:44.0583 0x0bc0  usbhub - ok
12:16:44.0583 0x0bc0  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:16:44.0599 0x0bc0  usbohci - ok
12:16:44.0599 0x0bc0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:16:44.0614 0x0bc0  usbprint - ok
12:16:44.0614 0x0bc0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:16:44.0630 0x0bc0  USBSTOR - ok
12:16:44.0630 0x0bc0  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:16:44.0645 0x0bc0  usbuhci - ok
12:16:44.0645 0x0bc0  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:16:44.0661 0x0bc0  usbvideo - ok
12:16:44.0661 0x0bc0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
12:16:44.0692 0x0bc0  UxSms - ok
12:16:44.0692 0x0bc0  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc        C:\Windows\system32\lsass.exe
12:16:44.0708 0x0bc0  VaultSvc - ok
12:16:44.0708 0x0bc0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:16:44.0723 0x0bc0  vdrvroot - ok
12:16:44.0739 0x0bc0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
12:16:44.0770 0x0bc0  vds - ok
12:16:44.0770 0x0bc0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:16:44.0786 0x0bc0  vga - ok
12:16:44.0786 0x0bc0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:16:44.0817 0x0bc0  VgaSave - ok
12:16:44.0817 0x0bc0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:16:44.0833 0x0bc0  vhdmp - ok
12:16:44.0833 0x0bc0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:16:44.0848 0x0bc0  viaide - ok
12:16:44.0848 0x0bc0  [ 3B59BB6D10CF969DBE4DB93D9EAD7FB4, 8BD4648AAD460F276C79AF81D1479E781E62D292F3318D39B53703403E57E52F ] VKbms           C:\Windows\system32\DRIVERS\VKbms.sys
12:16:44.0864 0x0bc0  VKbms - ok
12:16:44.0879 0x0bc0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:16:44.0879 0x0bc0  volmgr - ok
12:16:44.0895 0x0bc0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:16:44.0911 0x0bc0  volmgrx - ok
12:16:44.0926 0x0bc0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:16:44.0926 0x0bc0  volsnap - ok
12:16:44.0942 0x0bc0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:16:44.0957 0x0bc0  vsmraid - ok
12:16:44.0989 0x0bc0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
12:16:45.0051 0x0bc0  VSS - ok
12:16:45.0051 0x0bc0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:16:45.0067 0x0bc0  vwifibus - ok
12:16:45.0067 0x0bc0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:16:45.0082 0x0bc0  vwififlt - ok
12:16:45.0082 0x0bc0  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:16:45.0098 0x0bc0  vwifimp - ok
12:16:45.0113 0x0bc0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
12:16:45.0145 0x0bc0  W32Time - ok
12:16:45.0160 0x0bc0  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
12:16:45.0230 0x0bc0  W3SVC - ok
12:16:45.0230 0x0bc0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:16:45.0230 0x0bc0  WacomPen - ok
12:16:45.0245 0x0bc0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:16:45.0261 0x0bc0  WANARP - ok
12:16:45.0276 0x0bc0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:16:45.0292 0x0bc0  Wanarpv6 - ok
12:16:45.0308 0x0bc0  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
12:16:45.0339 0x0bc0  WAS - ok
12:16:45.0370 0x0bc0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:16:45.0401 0x0bc0  WatAdminSvc - ok
12:16:45.0432 0x0bc0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:16:45.0479 0x0bc0  wbengine - ok
12:16:45.0479 0x0bc0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:16:45.0510 0x0bc0  WbioSrvc - ok
12:16:45.0510 0x0bc0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:16:45.0542 0x0bc0  wcncsvc - ok
12:16:45.0542 0x0bc0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:16:45.0557 0x0bc0  WcsPlugInService - ok
12:16:45.0557 0x0bc0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
12:16:45.0557 0x0bc0  Wd - ok
12:16:45.0573 0x0bc0  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
12:16:45.0573 0x0bc0  WDC_SAM - ok
12:16:45.0588 0x0bc0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:16:45.0620 0x0bc0  Wdf01000 - ok
12:16:45.0620 0x0bc0  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:16:45.0651 0x0bc0  WdiServiceHost - ok
12:16:45.0651 0x0bc0  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:16:45.0666 0x0bc0  WdiSystemHost - ok
12:16:45.0666 0x0bc0  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
12:16:45.0682 0x0bc0  WebClient - ok
12:16:45.0698 0x0bc0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:16:45.0729 0x0bc0  Wecsvc - ok
12:16:45.0729 0x0bc0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:16:45.0760 0x0bc0  wercplsupport - ok
12:16:45.0760 0x0bc0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:16:45.0794 0x0bc0  WerSvc - ok
12:16:45.0794 0x0bc0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:16:45.0825 0x0bc0  WfpLwf - ok
12:16:45.0825 0x0bc0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:16:45.0825 0x0bc0  WIMMount - ok
12:16:45.0841 0x0bc0  WinDefend - ok
12:16:45.0841 0x0bc0  WinHttpAutoProxySvc - ok
12:16:45.0857 0x0bc0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:16:45.0888 0x0bc0  Winmgmt - ok
12:16:45.0935 0x0bc0  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
12:16:45.0981 0x0bc0  WinRM - ok
12:16:45.0997 0x0bc0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
12:16:45.0997 0x0bc0  WinUsb - ok
12:16:46.0028 0x0bc0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:16:46.0059 0x0bc0  Wlansvc - ok
12:16:46.0059 0x0bc0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:16:46.0075 0x0bc0  WmiAcpi - ok
12:16:46.0091 0x0bc0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:16:46.0091 0x0bc0  wmiApSrv - ok
12:16:46.0106 0x0bc0  WMPNetworkSvc - ok
12:16:46.0106 0x0bc0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:16:46.0122 0x0bc0  WPCSvc - ok
12:16:46.0122 0x0bc0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:16:46.0140 0x0bc0  WPDBusEnum - ok
12:16:46.0143 0x0bc0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:16:46.0168 0x0bc0  ws2ifsl - ok
12:16:46.0168 0x0bc0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
12:16:46.0184 0x0bc0  wscsvc - ok
12:16:46.0184 0x0bc0  WSearch - ok
12:16:46.0246 0x0bc0  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:16:46.0308 0x0bc0  wuauserv - ok
12:16:46.0324 0x0bc0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:16:46.0340 0x0bc0  WudfPf - ok
12:16:46.0340 0x0bc0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:16:46.0355 0x0bc0  WUDFRd - ok
12:16:46.0355 0x0bc0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:16:46.0371 0x0bc0  wudfsvc - ok
12:16:46.0386 0x0bc0  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:16:46.0402 0x0bc0  WwanSvc - ok
12:16:46.0480 0x0bc0  [ 19137CA32DA7AA6F4936514721AA53BA, E9E5E6F05A1D529D19339F0C71AA5F9D412F6D3AE4BF84CF340C8569BA367D51 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
12:16:46.0589 0x0bc0  ZeroConfigService - ok
12:16:46.0589 0x0bc0  ================ Scan global ===============================
12:16:46.0589 0x0bc0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
12:16:46.0605 0x0bc0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:16:46.0620 0x0bc0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
12:16:46.0620 0x0bc0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:16:46.0636 0x0bc0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
12:16:46.0652 0x0bc0  [ Global ] - ok
12:16:46.0652 0x0bc0  ================ Scan MBR ==================================
12:16:46.0652 0x0bc0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:16:46.0667 0x0bc0  \Device\Harddisk0\DR0 - ok
12:16:46.0917 0x0bc0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:16:47.0338 0x0bc0  \Device\Harddisk1\DR1 - ok
12:16:47.0338 0x0bc0  ================ Scan VBR ==================================
12:16:47.0338 0x0bc0  [ 62E86A78A6E6D83493CFAE45631FAD88 ] \Device\Harddisk0\DR0\Partition1
12:16:47.0354 0x0bc0  \Device\Harddisk0\DR0\Partition1 - ok
12:16:47.0385 0x0bc0  [ C8000BA6C1AB3B4864B9BB5007AE7C59 ] \Device\Harddisk1\DR1\Partition1
12:16:47.0385 0x0bc0  \Device\Harddisk1\DR1\Partition1 - ok
12:16:47.0385 0x0bc0  [ FDE1514C7E6AE4E1155F8F0091129954 ] \Device\Harddisk1\DR1\Partition2
12:16:47.0385 0x0bc0  \Device\Harddisk1\DR1\Partition2 - ok
12:16:47.0385 0x0bc0  ================ Scan generic autorun ======================
12:16:47.0385 0x0bc0  SynTPEnh - ok
12:16:47.0650 0x0bc0  [ 33FB7C579FB2591443D4255FED6E9087, 77D122B4BBAF13B89A3C00D0392B109B6088A0F5BD36FD959E28D1E3CE846E86 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
12:16:47.0934 0x0bc0  RtHDVCpl - ok
12:16:47.0949 0x0bc0  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\RunDLL32.exe
12:16:47.0949 0x0bc0  THXCfg64 - ok
12:16:47.0965 0x0bc0  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
12:16:47.0965 0x0bc0  Logitech Download Assistant - ok
12:16:48.0012 0x0bc0  [ DF72D700CC33611206675B8A2FD4D4F9, AB3AF6FD92140A1432FEAFFF2015CFAD5E9362F0018EA1D859A2DA349E95847D ] C:\Program Files\Logitech\SetPointP\SetPoint.exe
12:16:48.0059 0x0bc0  EvtMgr6 - ok
12:16:48.0090 0x0bc0  [ 87A4BA086E5B5DF0F36E3F6D7234D701, EE26338497E016A95CB5970777B7B7AC8FAEF4E491713D729EDEFBCDC9FBF4A4 ] C:\Program Files\Microsoft Security Client\msseces.exe
12:16:48.0137 0x0bc0  MSC - ok
12:16:48.0308 0x0bc0  [ C840E193B58F94CC671EBF66BB84CA75, 7994786935D6F5331639EA0C03B568D9F7F85234156DA3AAEEA562C12E6B75E8 ] C:\Program Files\Logitech Gaming Software\LCore.exe
12:16:48.0464 0x0bc0  Launch LCore - ok
12:16:48.0495 0x0bc0  [ F5A5DBADCD24BDF33BFDAA789E39C876, A0D931FA339CA1FB6198BF5DF327ECEB0881796FFF92BDE0F9FC2C233C46E83C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
12:16:48.0511 0x0bc0  AdobeAAMUpdater-1.0 - ok
12:16:48.0511 0x0bc0  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
12:16:48.0527 0x0bc0  BCSSync - ok
12:16:48.0527 0x0bc0  [ 9D51EA92A612B37E76E5E4621650C50A, 00BD61C8527A80C0F684882379A0AC2E5A54E8BBECC797087B960CDC8454C373 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
12:16:48.0542 0x0bc0  NUSB3MON - ok
12:16:48.0558 0x0bc0  [ 193B1D98DCD8FF8D1FCD0F990DC5EDA5, 87BBFE567C15413764A7CAD85A5107C214DE923B5A6147D69F8EC1BED94210EF ] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
12:16:48.0605 0x0bc0  THX Audio Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
12:16:51.0435 0x0bc0  Detect skipped due to KSN trusted
12:16:51.0435 0x0bc0  THX Audio Control Panel - ok
12:16:51.0435 0x0bc0  [ C419DF63E0121D72411285780C2FC6CC, F47F854D327C589D174D3BB5B55D5C05F5ACA73DF52A6BEF47596B9010190291 ] C:\Windows\UpdReg.EXE
12:16:51.0451 0x0bc0  UpdReg - detected UnsignedFile.Multi.Generic ( 1 )
12:16:54.0362 0x0bc0  Detect skipped due to KSN trusted
12:16:54.0362 0x0bc0  UpdReg - ok
12:16:54.0362 0x0bc0  [ 4A73AB8412D3AA6CFAD24051FF9DBFA7, 7C1F6BDECE92F2A58E88FC603F1BEE9B0F72130136AE9A368892323A9A327FD1 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
12:16:54.0378 0x0bc0  IAStorIcon - ok
12:16:54.0396 0x0bc0  [ 1ABEDCA6C59B91A1EFAC92A6E0A9BE93, 150B4171DE73F510342AB8EF69CE63CBA0F722879ACA55C8B13E98AA1BCBC5B5 ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
12:16:54.0411 0x0bc0  ConnectionCenter - ok
12:16:54.0418 0x0bc0  [ 0A8C7CDE76A44A98E1B1CE34D27AC926, 26B86CA609DD15F86981C1FC4667814A2A7EE5D4BC944B5306A06C00DA35E1D0 ] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
12:16:54.0434 0x0bc0  DivXMediaServer - ok
12:16:54.0465 0x0bc0  [ 16AFB34618E1286FF856DC600AC49C79, 431EC110507685A0F4472EAE35383B4C1E3DC0B56E01CDECFB18F753181DC995 ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
12:16:54.0527 0x0bc0  DivXUpdate - ok
12:16:54.0551 0x0bc0  [ 3E04F1E482357B1FC8B088197C3D9FF8, 85524ADDC27ADC831EBBD24E079B412CFDC69E5F594BD153319087665A28D546 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:16:54.0567 0x0bc0  Adobe ARM - ok
12:16:54.0567 0x0bc0  GoogleDriveSync - ok
12:16:54.0582 0x0bc0  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] C:\Users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe
12:16:54.0598 0x0bc0  Google Update - ok
12:16:54.0613 0x0bc0  [ B9D6D7E6E5C4FCD8DD7F88EC9D563085, C99B96924C8F2E24C39557E527E7F9E3C385A48D808EC343FB3368CEA92B3EAF ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
12:16:54.0632 0x0bc0  GoogleChromeAutoLaunch_B76D3C19537742362D546E9EA677B648 - ok
12:16:54.0648 0x0bc0  [ 7FF6B40B11B2BDB95293D9DEA1564CD2, 394A1EDB81F4BDBB3DAE94CE6DE601A4ABBA91F85828A9BE71686CEFFE0E1F30 ] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe
12:16:54.0679 0x0bc0  Adobe Acrobat Synchronizer - ok
12:16:54.0710 0x0bc0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:16:54.0743 0x0bc0  Sidebar - ok
12:16:54.0743 0x0bc0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:16:54.0759 0x0bc0  mctadmin - ok
12:16:54.0759 0x0bc0  Waiting for KSN requests completion. In queue: 9
12:16:55.0760 0x0bc0  Waiting for KSN requests completion. In queue: 9
12:16:56.0767 0x0bc0  Waiting for KSN requests completion. In queue: 9
12:16:57.0767 0x0bc0  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.7.205.0 ), 0x61000 ( enabled : updated )
12:16:57.0767 0x0bc0  Win FW state via NFP2: enabled
12:17:00.0565 0x0bc0  ============================================================
12:17:00.0565 0x0bc0  Scan finished
12:17:00.0565 0x0bc0  ============================================================
12:17:00.0565 0x0888  Detected object count: 1
12:17:00.0565 0x0888  Actual detected object count: 1
12:17:18.0018 0x0888  PowerBiosServer ( UnsignedFile.Multi.Generic ) - skipped by user
12:17:18.0018 0x0888  PowerBiosServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 


#7 rcjiang

rcjiang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 28 February 2015 - 12:21 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Raymond Chin at 2015-02-28 12:20:22 Run:1
Running from C:\Users\Raymond Chin\Desktop
Loaded Profiles: Raymond Chin (Available profiles: Raymond Chin & DefaultAppPool)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
cmd: type "C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt"
cmd: type "C:\ComboFix.txt"
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Raymond Chin\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Raymond Chin\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx [Not Found]
File: "C:\Users\Raymond Chin\Downloads\acrobatpro11_0XdXXwweRWWWjCCP1iQw7Q0409.exe"
*****************
 
 
=========  type "C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt" =========
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=211f6f235995f74090469e9ceb8b7fbf
# engine=22632
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=false
# utc_time=2015-02-25 01:23:52
# local_time=2015-02-24 08:23:52 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 271419 118054642 0 0
# scanned=207139
# found=8
# cleaned=8
# scan_time=4018
sh=FB2BCD5A889DB9658B02E8ED3A95043BAA0094E1 ft=1 fh=f6a034ccf475a4f7 vn="Win32/Toolbar.Conduit.AC potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Conduit\CT3289663\plugins\TBVerifier.dll"
sh=25CF9B7BB46B581ED8DE03DDC56E1574087CACAA ft=1 fh=10c5a1651be6049d vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Raymond Chin\AppData\Local\Temp\95A8_ccsetup326.exe"
sh=25CF9B7BB46B581ED8DE03DDC56E1574087CACAA ft=1 fh=10c5a1651be6049d vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Raymond Chin\AppData\Local\Temp\airCCDE.exe"
sh=5B95236E51B2831C57BC4790B9B150BF3D22C62E ft=1 fh=389f1828336c4cf4 vn="Win32/MyPCBackup.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Raymond Chin\AppData\Local\Temp\airFDE0.exe"
sh=51D112238463CAD077ACE49A556137D66F51248D ft=1 fh=c1e1b96e40bd8aaa vn="MSIL/MyPCBackup.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Raymond Chin\AppData\Local\Temp\BackupSetup.exe"
sh=A54B27FD7BD7B1EC1F3101502836C620D6F11639 ft=1 fh=c01b70bae45c3c6e vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Raymond Chin\AppData\Local\Temp\tbInte.dll"
sh=E55C4E852CDD245AD1A1741FEE3AEE21E326ECAA ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2013-0422.CF trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Raymond Chin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6ee7768c-24a8d7e2"
sh=62F53C06EF54E9D56F2293C84C9AEEACFC17793E ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Raymond Chin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\272d5f8-2cf682be"
 
========= End of CMD: =========
 
 
=========  type "C:\ComboFix.txt" =========
 
ComboFix 12-09-18.07 - Raymond Chin 09/20/2012   6:35.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8169.6644 [GMT -4:00]
Running from: c:\users\Raymond Chin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0BSWREIF\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ras_0oed.pad
c:\programdata\Roaming
c:\users\Raymond Chin\AppData\Local\Microsoft\Deployment\ofnbob.dll
.
.
(((((((((((((((((((((((((   Files Created from 2012-08-20 to 2012-09-20  )))))))))))))))))))))))))))))))
.
.
2012-09-20 10:38 . 2012-09-20 10:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-20 09:59 . 2012-09-20 10:03 -------- d-----w- c:\programdata\HitmanPro
2012-09-20 02:31 . 2012-04-20 20:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-09-20 02:30 . 2012-06-22 11:37 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-09-20 02:30 . 2012-09-20 02:31 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-09-20 02:30 . 2012-06-22 11:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-09-20 02:30 . 2012-06-22 11:36 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-09-20 02:30 . 2012-06-22 11:35 513456 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-09-20 02:30 . 2012-06-22 11:34 300392 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-09-20 02:30 . 2012-09-20 02:31 -------- d-----w- c:\program files\Common Files\McAfee
2012-09-20 02:30 . 2012-09-20 02:31 -------- d-----w- c:\program files\McAfee
2012-09-20 02:30 . 2012-09-20 02:56 -------- d-----w- c:\program files (x86)\McAfee
2012-09-20 02:22 . 2012-06-22 11:38 177144 ----a-w- c:\windows\system32\mfevtps.exe
2012-09-20 01:42 . 2012-09-20 01:42 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-20 01:42 . 2012-09-20 01:42 -------- d-----w- c:\program files (x86)\Java
2012-09-20 01:42 . 2012-09-20 09:55 -------- d-----w- c:\programdata\McAfee
2012-09-20 01:17 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C23B0C2-AF60-4FC7-B59A-DDFEE46968BF}\mpengine.dll
2012-09-18 23:44 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-11 23:13 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 23:13 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 23:13 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 23:13 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 23:13 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 23:13 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 23:13 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-08-28 07:29 . 2012-08-28 07:29 -------- d-----w- c:\program files\Google
2012-08-28 07:29 . 2012-08-28 07:29 -------- d-----w- c:\program files (x86)\Google
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 01:42 . 2012-03-22 06:20 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-12 02:45 . 2012-03-22 06:42 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-28 07:29 . 2012-04-08 00:07 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-28 07:29 . 2012-04-08 00:07 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15 . 2012-08-15 21:09 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 21:09 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 21:09 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 21:09 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 21:09 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 21:44 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 21:44 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 21:44 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 21:44 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 21:44 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 21:44 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 21:44 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 21:44 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 21:44 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 21:44 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 21:44 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 21:44 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 21:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 21:44 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 21:44 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 21:44 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 21:44 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 21:44 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 21:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-22 11:38 . 2012-06-22 11:38 335784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-06-22 11:36 . 2012-06-22 11:36 752672 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-06-22 11:34 . 2012-06-22 11:34 169320 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-06-22 1527896]
.
c:\users\Raymond Chin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Raymond Chin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-1-17 2946560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AMPPALR3;Intel� Centrino� Wireless Bluetooth� 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-12 661504]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-13 135952]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 136176]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-29 2656280]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 250568]
R3 AMPPALP;Intel� Centrino� Wireless Bluetooth� 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-12-12 195072]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [2009-08-10 47104]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-23 12032]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-02 130976]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 136176]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-22 106112]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-01-04 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VKbms;Razer Gaming Device;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-22 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 235520]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-06-22 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
S2 PowerBiosServer;PowerBiosServer;c:\program files (x86)\Hotkey\PowerBiosServer.exe [2011-01-17 33280]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
S3 AMPPAL;Intel� Centrino� Wireless Bluetooth� 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-12-12 195072]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-06-22 69672]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-06-23 174680]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2011-01-14 132624]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-06-22 513456]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-12-12 8616448]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 07:29]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 07:29]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-28 07:29]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2545825420-1453635624-3343084205-1000Core.job
- c:\users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-22 05:01]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2545825420-1453635624-3343084205-1000UA.job
- c:\users\Raymond Chin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-22 05:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Raymond Chin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-01-04 1935120]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=25672dd7-e970-4674-a5b1-b4222b756ad6&searchtype=ds&q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Raymond Chin\AppData\Roaming\Mozilla\Firefox\Profiles\w9v90qh6.default\
FF - prefs.js: browser.startup.homepage - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=25672dd7-e970-4674-a5b1-b4222b756ad6&searchtype=hp
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=25672dd7-e970-4674-a5b1-b4222b756ad6&searchtype=ds&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Deployment - c:\users\Raymond Chin\AppData\Local\Microsoft\Deployment\ofnbob.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-09-20  06:41:25 - machine was rebooted
ComboFix-quarantined-files.txt  2012-09-20 10:41
.
Pre-Run: 58,480,222,208 bytes free
Post-Run: 58,203,471,872 bytes free
.
- - End Of File - - 124F36B2173B794E54A5FA5FB3E82FE3
 
========= End of CMD: =========
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\SOFTWARE\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim" => Key deleted successfully.
 
========================= File: "C:\Users\Raymond Chin\Downloads\acrobatpro11_0XdXXwweRWWWjCCP1iQw7Q0409.exe" ========================
 
MD5: 63F922AC7A47DA9CBC03D7A72195E032
Creation and modification date: 2015-02-07 18:26 - 2015-02-07 18:26
Size: 1711896
Attributes: ----A
Company Name: Adobe
Internal Name: host.exe
Original Name: host.exe
Product Name: Adobe Acrobat Installer
Description: Adobe Acrobat Installer
File Version: 3.6.1.4
Product Version: 1.2.2.18
Copyright: Copyright © Adobe Systems Incorporated
 
====== End Of File: ======
 
 
==== End of Fixlog 12:20:23 ====


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:06 AM

Posted 28 February 2015 - 12:35 PM

I don't see any indication for active malware in your logs. However, let's do a final checkup:
 
Step 1
 
(Upgrade)
Please download and install mbam.pngMalwarebytes Anti-Malware

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

mbameng.gif
 
 
Step 2


Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.

hitman.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 rcjiang

rcjiang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 28 February 2015 - 01:04 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/28/2015
Scan Time: 12:51:20 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.28.04
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Raymond Chin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 430402
Time Elapsed: 11 min, 32 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 rcjiang

rcjiang
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 28 February 2015 - 01:08 PM

HitmanPro 3.7.9.238
www.hitmanpro.com
 
   Computer name . . . . : CHIN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Chin-PC\Raymond Chin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2015-02-28 13:06:06
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 35s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 25
 
   Objects scanned . . . : 1,563,924
   Files scanned . . . . : 44,117
   Remnants scanned  . . : 351,948 files / 1,167,859 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\Raymond Chin\Desktop\FRST64.exe
      Size . . . . . . . : 2,087,936 bytes
      Age  . . . . . . . : 0.1 days (2015-02-28 10:47:03)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 552DE6F30FD0E9BEF5519659E35FD23FD20645DE092DBA24F8551CCEBE000FD1
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player)
   HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\Software\AppDataLow\Software\SmartBar\ (Conduit)
   HKU\S-1-5-21-2545825420-1453635624-3343084205-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe (FLV Player)
 
Cookies _____________________________________________________________________
 
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:data.coremetrics.com
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:idgenterprise.112.2o7.net
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:myroitracking.com
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:pcworldcommunication.122.2o7.net
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:wileypublishing.112.2o7.net
   C:\Users\Raymond Chin\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
 
 


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:06 AM

Posted 28 February 2015 - 01:24 PM

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or appreciate the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.
Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:


Java 7 Update 25 (64-bit)
Java 7 Update 55


Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

Edited by deeprybka, 28 February 2015 - 01:25 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:06 AM

Posted 03 March 2015 - 03:12 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users