Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware


  • This topic is locked This topic is locked
10 replies to this topic

#1 Rupperto

Rupperto

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 21 March 2015 - 10:42 AM

I have a malware that pop ups ad extensions in chrome. If i disable the extensions eventually pop up again. 

And a process named "svchost" is running and take 70% of my cpu.

 

I ran adwcleaner. This is the log file:

 

# AdwCleaner v4.112 - Logfile created 21/03/2015 at 08:14:08
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Ruben - RUBEN-PC
# Running from : C:\Users\Ruben\Downloads\adwcleaner_4.112.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\2f6758e92e914d8b
Folder Deleted : C:\Program Files (x86)\EnjoyCioupon
Folder Deleted : C:\Program Files (x86)\FUn2SSave
Folder Deleted : C:\Program Files (x86)\SaveeNewaApppz
Folder Deleted : C:\Program Files (x86)\UniDeals
Folder Deleted : C:\Program Files (x86)\UnIDealsi
Folder Deleted : C:\ProgramData\gnjclbbgapkpgkkllmokmkaafgiiipml
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\P2f9da396_5fb9_446f_8d1f_c75e6f6a8976_.P2f9da396_5fb9_446f_8d1f_c75e6f6a8976_
Key Deleted : HKLM\SOFTWARE\Classes\P2f9da396_5fb9_446f_8d1f_c75e6f6a8976_.P2f9da396_5fb9_446f_8d1f_c75e6f6a8976_.9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{1991b13a}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2f9da396-5fb9-446f-8d1f-c75e6f6a8976}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f9da396-5fb9-446f-8d1f-c75e6f6a8976}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2f9da396-5fb9-446f-8d1f-c75e6f6a8976}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2f9da396-5fb9-446f-8d1f-c75e6f6a8976}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2f9da396-5fb9-446f-8d1f-c75e6f6a8976}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2f9da396-5fb9-446f-8d1f-c75e6f6a8976}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f9da396-5fb9-446f-8d1f-c75e6f6a8976}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11F6D5AB-263F-388E-74DE-E3DECD390E3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7304C9D1-98AD-55F0-636E-22D8DD57F176}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v41.0.2272.101
 
 
*************************
 
AdwCleaner[R0].txt - [4449 bytes] - [26/02/2015 09:06:53]
AdwCleaner[R1].txt - [4508 bytes] - [26/02/2015 09:08:58]
AdwCleaner[R2].txt - [2139 bytes] - [03/03/2015 12:07:49]
AdwCleaner[R3].txt - [1056 bytes] - [07/03/2015 12:38:41]
AdwCleaner[R4].txt - [4452 bytes] - [21/03/2015 08:13:07]
AdwCleaner[S0].txt - [3658 bytes] - [26/02/2015 09:09:59]
AdwCleaner[S1].txt - [2235 bytes] - [03/03/2015 12:09:01]
AdwCleaner[S2].txt - [1123 bytes] - [07/03/2015 12:39:47]
AdwCleaner[S3].txt - [4332 bytes] - [21/03/2015 08:14:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [4391  bytes] ##########
 
Please help. 


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:32 PM

Posted 21 March 2015 - 10:52 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Rupperto

Rupperto
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 21 March 2015 - 11:02 AM

Ok. Here are the log files.

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Ruben (administrator) on RUBEN-PC on 21-03-2015 08:18:14
Running from C:\Users\Ruben\Downloads
Loaded Profiles: Ruben (Available profiles: Ruben)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
() C:\Windows\SysWOW64\ASGT.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
() C:\ProgramData\{40c499aa-0f11-3f4b-40c4-499aa0f166a8}\Harry Potter - Akabur Witch Trainer [Save game].exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\Temp\svchost.exe
() C:\Windows\Temp\lsass.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-4070754025-105426592-751506032-1000\...\Run: [uTorrent] => C:\Users\Ruben\AppData\Roaming\uTorrent\uTorrent.exe [1374032 2015-01-22] (BitTorrent Inc.)
HKU\S-1-5-21-4070754025-105426592-751506032-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4070754025-105426592-751506032-1000\...\MountPoints2: {18ae9fd0-2703-11e4-976b-806e6f6e6963} - D:\Bin\ASSETUP.exe
HKU\S-1-5-21-4070754025-105426592-751506032-1000\...\MountPoints2: {62f80e19-2739-11e4-a19e-40167e70e29a} - F:\setup.exe
Startup: C:\Users\Ruben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Harry Potter - Akabur Witch Trainer [Save game].lnk
ShortcutTarget: Harry Potter - Akabur Witch Trainer [Save game].lnk -> C:\ProgramData\{40c499aa-0f11-3f4b-40c4-499aa0f166a8}\Harry Potter - Akabur Witch Trainer [Save game].exe ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-03-10] (IObit)
BHO: youtubeadblocker -> {a330ba2a-2227-42a2-a8e7-0ef81bb1ea3b} -> C:\Program Files (x86)\youtubeadblocker\QAZpkRRR3kYr0L.x64.dll No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.52.160.17 200.52.160.200
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Ruben\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1416846704&from=amt&uid=ST1000DM003-1CH162_W1D3QX11XXXXW1D3QX11
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1416846704&from=amt&uid=ST1000DM003-1CH162_W1D3QX11XXXXW1D3QX11"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.0.0.72_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Profile: C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18]
CHR Extension: (Google Search) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18]
CHR Extension: (Google Wallet) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-19]
CHR Extension: (Gmail) - C:\Users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 1991b13a; c:\Program Files (x86)\SystemBoost\SystemBoost.dll [1574400 2015-03-12] () [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [116224 2014-11-20] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2820424 2014-10-15] (CybelSoft)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-03] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [294600 2014-11-20] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-01-16] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-18] (Disc Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-07-02] (ASUSTeK Computer Inc.)
S3 ma-config_amd64; C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [17568 2014-02-24] (CybelSoft)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 atillk64; \??\C:\Users\Ruben\AppData\Local\Temp\RarSFX0\atillk64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-21 08:18 - 2015-03-21 08:18 - 00018508 _____ () C:\Users\Ruben\Downloads\FRST.txt
2015-03-21 08:18 - 2015-03-21 08:18 - 00000000 ____D () C:\FRST
2015-03-21 08:17 - 2015-03-21 08:17 - 02095616 _____ (Farbar) C:\Users\Ruben\Downloads\FRST64.exe
2015-03-21 08:12 - 2015-03-21 08:12 - 02171392 _____ () C:\Users\Ruben\Downloads\adwcleaner_4.112.exe
2015-03-20 07:19 - 2015-03-20 07:20 - 00000000 ____D () C:\Users\Ruben\Documents\FIFA 15
2015-03-20 07:17 - 2015-03-20 07:17 - 00002766 _____ () C:\Users\Ruben\Downloads\[kickass.to]fifa.15.crack.only.v.2.3dm.torrent
2015-03-20 07:04 - 2015-03-20 07:04 - 00003088 _____ () C:\Windows\System32\Tasks\Origin
2015-03-20 07:03 - 2015-03-20 07:03 - 00061516 _____ () C:\Users\Ruben\AppData\Local\temp023423.vbe
2015-03-20 07:03 - 2015-03-20 07:03 - 00001303 _____ () C:\Users\Ruben\Desktop\FIFA 15 Ultimate Team Edition.lnk
2015-03-19 19:38 - 2015-03-20 07:18 - 00000000 ____D () C:\Users\Ruben\Documents\Fifa15
2015-03-19 19:37 - 2015-03-19 19:37 - 00018501 _____ () C:\Users\Ruben\Downloads\[kickass.to]fifa.15.ultimate.team.edition.dlc.multi15.sg.torrent
2015-03-19 19:28 - 2015-03-19 19:28 - 00000000 ____D () C:\Program Files (x86)\memeticon
2015-03-17 23:22 - 2015-03-17 23:22 - 00000000 ____D () C:\ProgramData\Extreme Blocker
2015-03-16 12:48 - 2015-03-16 12:48 - 42568093 _____ () C:\Users\Ruben\Downloads\Morrissey - (1994) Vauxhall And I (Blog Indie Rock N Roll).rar
2015-03-12 18:51 - 2015-03-19 19:28 - 00000000 ____D () C:\ProgramData\3415796600915709323
2015-03-12 18:51 - 2015-03-12 18:51 - 00000000 ____D () C:\Program Files (x86)\SystemBoost
2015-03-12 18:50 - 2015-03-15 09:30 - 00000000 ____D () C:\ProgramData\{40c499aa-0f11-3f4b-40c4-499aa0f166a8}
2015-03-11 16:13 - 2015-03-12 20:05 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\RenPy
2015-03-11 09:57 - 2015-03-21 08:06 - 00002580 _____ () C:\Windows\PFRO.log
2015-03-10 19:54 - 2015-03-21 08:14 - 00000930 _____ () C:\Windows\setupact.log
2015-03-10 19:54 - 2015-03-10 19:54 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-10 14:47 - 2015-03-10 14:47 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-10 14:47 - 2015-03-10 14:47 - 00419992 _____ () C:\Windows\system32\locale.nls
2015-03-10 14:47 - 2015-03-10 14:47 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-03-10 14:47 - 2015-03-10 14:47 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-03-10 14:47 - 2015-03-10 14:47 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-03-10 14:47 - 2015-03-10 14:47 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-03-10 14:47 - 2015-03-10 14:47 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-03-10 14:47 - 2015-03-10 14:47 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-03-10 14:47 - 2015-03-10 14:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-03-10 14:47 - 2015-03-10 14:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-03-10 14:47 - 2015-03-10 14:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-03-10 14:47 - 2015-03-10 14:47 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-03-10 14:46 - 2015-03-10 14:46 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-03-10 14:46 - 2015-03-10 14:46 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-03-10 14:46 - 2015-03-10 14:46 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-03-10 14:46 - 2015-03-10 14:46 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-03-10 14:46 - 2015-03-10 14:46 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-03-10 14:46 - 2015-03-10 14:46 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-03-10 14:46 - 2015-03-10 14:46 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-03-10 14:46 - 2015-03-10 14:46 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-03-10 14:46 - 2015-03-10 14:46 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-03-10 14:46 - 2015-03-10 14:46 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-03-10 14:45 - 2015-03-10 14:45 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-03-10 14:45 - 2015-03-10 14:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-03-10 14:45 - 2015-03-10 14:45 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-03-10 14:45 - 2015-03-10 14:45 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2015-03-10 14:45 - 2015-03-10 14:45 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2015-03-10 14:44 - 2015-03-10 14:44 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-03-10 14:44 - 2015-03-10 14:44 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2015-03-10 14:44 - 2015-03-10 14:44 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2015-03-10 14:44 - 2015-03-10 14:44 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2015-03-10 14:44 - 2015-03-10 14:44 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-03-10 14:44 - 2015-03-10 14:44 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2015-03-10 14:44 - 2015-03-10 14:44 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2015-03-10 14:44 - 2015-03-10 14:44 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2015-03-10 14:43 - 2015-03-10 14:43 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-03-10 14:43 - 2015-03-10 14:43 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-03-10 14:43 - 2015-03-10 14:43 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-03-10 14:43 - 2015-03-10 14:43 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-03-10 14:43 - 2015-03-10 14:43 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-03-10 14:43 - 2015-03-10 14:43 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-03-10 14:43 - 2015-03-10 14:43 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-03-10 14:43 - 2015-03-10 14:43 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-03-10 14:43 - 2015-03-10 14:43 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-03-10 14:43 - 2015-03-10 14:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-03-10 14:43 - 2015-03-10 14:43 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-03-10 14:43 - 2015-03-10 14:43 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-03-10 14:43 - 2015-03-10 14:43 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2015-03-10 14:43 - 2015-03-10 14:43 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-03-10 14:43 - 2015-03-10 14:43 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2015-03-10 14:43 - 2015-03-10 14:43 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2015-03-10 14:43 - 2015-03-10 14:43 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2015-03-10 14:43 - 2015-03-10 14:43 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2015-03-10 14:43 - 2015-03-10 14:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2015-03-10 14:43 - 2015-03-10 14:43 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2015-03-10 14:42 - 2015-03-10 14:42 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-03-10 14:42 - 2015-03-10 14:42 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2015-03-10 14:41 - 2015-03-10 14:41 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-03-10 14:41 - 2015-03-10 14:41 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-03-10 14:41 - 2015-03-10 14:41 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-03-10 14:41 - 2015-03-10 14:41 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-03-10 14:41 - 2015-03-10 14:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-03-10 14:41 - 2015-03-10 14:41 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-03-10 14:41 - 2015-03-10 14:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-03-10 14:41 - 2015-03-10 14:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-03-10 14:40 - 2015-03-10 14:40 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-03-10 14:40 - 2015-03-10 14:40 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-03-10 14:40 - 2015-03-10 14:40 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-03-10 14:40 - 2015-03-10 14:40 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-03-10 14:40 - 2015-03-10 14:40 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-03-10 14:40 - 2015-03-10 14:40 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-03-10 14:40 - 2015-03-10 14:40 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-03-10 14:40 - 2015-03-10 14:40 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-03-10 14:40 - 2015-03-10 14:40 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-03-10 14:39 - 2015-03-10 14:39 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-03-10 14:39 - 2015-03-10 14:39 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-03-10 14:39 - 2015-03-10 14:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-03-10 14:39 - 2015-03-10 14:39 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-03-10 14:39 - 2015-03-10 14:39 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-03-10 14:39 - 2015-03-10 14:39 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-03-10 14:39 - 2015-03-10 14:39 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-10 14:39 - 2015-03-10 14:39 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-03-10 14:39 - 2015-03-10 14:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-03-10 14:39 - 2015-03-10 14:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-03-10 14:39 - 2015-03-10 14:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-03-10 14:38 - 2015-03-10 14:38 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-03-10 14:38 - 2015-03-10 14:38 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-03-10 14:38 - 2015-03-10 14:38 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-10 14:38 - 2015-03-10 14:38 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-03-10 14:38 - 2015-03-10 14:38 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-03-10 14:38 - 2015-03-10 14:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\terminpt.sys
2015-03-10 14:38 - 2015-03-10 14:38 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-10 14:38 - 2015-03-10 14:38 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-03-10 14:38 - 2015-03-10 14:38 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-03-10 14:30 - 2015-03-10 14:30 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-10 14:30 - 2015-03-10 14:30 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-03-10 14:30 - 2015-03-10 14:30 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-10 14:30 - 2015-03-10 14:30 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2015-03-10 14:30 - 2015-03-10 14:30 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2015-03-10 14:30 - 2015-03-10 14:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2015-03-10 14:30 - 2015-03-10 14:30 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-03-10 14:30 - 2015-03-10 14:30 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2015-03-10 14:30 - 2015-03-10 14:30 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2015-03-10 14:30 - 2015-03-10 14:30 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-03-10 14:30 - 2015-03-10 14:30 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-03-10 14:30 - 2015-03-10 14:30 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2015-03-10 14:30 - 2015-03-10 14:30 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-03-10 14:30 - 2015-03-10 14:30 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-03-10 14:30 - 2015-03-10 14:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2015-03-10 14:30 - 2015-03-10 14:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2015-03-10 14:30 - 2015-03-10 14:30 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2015-03-10 14:30 - 2015-03-10 14:30 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2015-03-10 14:29 - 2015-03-10 14:29 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-03-10 14:29 - 2015-03-10 14:29 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-03-10 14:29 - 2015-03-10 14:29 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2015-03-10 14:29 - 2015-03-10 14:29 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2015-03-10 14:29 - 2015-03-10 14:29 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2015-03-10 14:29 - 2015-03-10 14:29 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2015-03-10 14:29 - 2015-03-10 14:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2015-03-10 14:29 - 2015-03-10 14:29 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-03-10 14:29 - 2015-03-10 14:29 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2015-03-10 14:29 - 2015-03-10 14:29 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2015-03-10 14:23 - 2015-03-10 14:23 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-03-10 14:22 - 2015-03-10 14:22 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\Apple Computer
2015-03-10 14:22 - 2015-03-10 14:22 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-03-10 14:20 - 2015-03-21 08:06 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-03-10 14:20 - 2015-03-21 08:01 - 00002886 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Ruben
2015-03-10 14:20 - 2015-03-18 08:13 - 00000000 ____D () C:\ProgramData\ProductData
2015-03-10 14:20 - 2015-03-10 14:22 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\IObit
2015-03-10 14:20 - 2015-03-10 14:22 - 00000000 ____D () C:\ProgramData\IObit
2015-03-10 14:20 - 2015-03-10 14:20 - 00001252 _____ () C:\Users\Ruben\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-03-10 14:20 - 2015-03-10 14:20 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\ProductData
2015-03-10 14:20 - 2015-03-10 14:20 - 00000000 ____D () C:\Users\Ruben\AppData\IObit
2015-03-10 14:03 - 2015-03-10 14:04 - 46627408 _____ () C:\Users\Ruben\Downloads\BDPUARLauncher.exe
2015-03-10 12:38 - 2015-03-10 12:38 - 00000000 _____ () C:\autoexec.bat
2015-03-10 12:36 - 2015-03-10 12:36 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Ruben\Downloads\SpyHunter-Installer.exe
2015-03-07 12:39 - 2015-03-07 12:39 - 01388333 _____ (Thisisu) C:\Users\Ruben\Downloads\JRT.exe
2015-03-07 12:35 - 2015-03-07 12:35 - 00000502 _____ () C:\ProgramData\1425756931.bdinstall.bin
2015-03-07 12:35 - 2015-03-07 12:35 - 00000000 ____D () C:\Program Files\Common Files\MYAntivirus
2015-03-03 06:21 - 2015-03-03 10:21 - 00000000 ____D () C:\Users\Ruben\AppData\Local\AVG Web TuneUp
2015-03-03 06:21 - 2015-03-03 06:21 - 00000075 _____ () C:\Windows\SysWOW64\debug.log
2015-03-03 06:20 - 2015-03-03 06:21 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2015-03-03 06:20 - 2015-03-03 06:20 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2015-02-26 09:44 - 2015-02-26 09:44 - 00081436 _____ () C:\Users\Ruben\Documents\cc_20150226_094400.reg
2015-02-26 09:32 - 2015-02-26 09:32 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-26 09:32 - 2015-02-26 09:32 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-26 09:13 - 2015-03-12 07:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-26 09:13 - 2015-02-26 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-26 09:13 - 2015-02-26 09:13 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-26 09:13 - 2015-02-26 09:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-26 09:13 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-26 09:13 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-26 09:13 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-26 09:06 - 2015-03-21 08:14 - 00000000 ____D () C:\AdwCleaner
2015-02-25 00:02 - 2015-03-21 08:15 - 00000020 _____ () C:\Users\Ruben\AppData\Roaming\appdataFr3.bin
2015-02-24 13:31 - 2015-02-24 13:31 - 00000050 _____ () C:\Users\Ruben\Desktop\YouTube.url
2015-02-21 19:14 - 2015-02-21 19:14 - 00000000 ____D () C:\Users\Ruben\AppData\Local\Steam
2015-02-20 15:33 - 2015-02-20 18:24 - 00000000 ____D () C:\Program Files (x86)\Stormcloud
2015-02-20 14:51 - 2015-02-20 15:35 - 00000000 ____D () C:\ProgramData\{ee6fab04-5296-8391-ee6f-fab04529ac11}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-21 08:17 - 2014-08-18 13:17 - 01082521 _____ () C:\Windows\WindowsUpdate.log
2015-03-21 08:15 - 2014-09-09 08:02 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\uTorrent
2015-03-21 08:15 - 2014-08-18 13:21 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-21 08:14 - 2014-08-18 14:36 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2015-03-21 08:14 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-21 08:00 - 2014-08-18 17:56 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-21 07:52 - 2014-08-18 13:21 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-20 23:50 - 2014-10-07 20:56 - 00000000 ____D () C:\Users\Ruben\AppData\Local\Adobe
2015-03-20 12:54 - 2014-08-18 13:21 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 07:09 - 2014-09-01 12:35 - 00000000 ___HD () C:\ProgramData\Origin
2015-03-20 06:58 - 2014-09-01 12:37 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2015-03-20 06:58 - 2014-08-18 18:24 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\DAEMON Tools Lite
2015-03-19 17:37 - 2014-08-19 12:56 - 00000000 ____D () C:\Users\Ruben\AppData\Local\CrashDumps
2015-03-19 16:30 - 2014-08-18 17:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-18 20:29 - 2014-09-14 19:28 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\XBMC
2015-03-17 14:08 - 2015-01-20 13:32 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\TS3Client
2015-03-17 09:24 - 2009-07-13 21:45 - 00006064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 09:24 - 2009-07-13 21:45 - 00006064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 09:34 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 13:20 - 2014-09-23 11:57 - 00000000 ____D () C:\ArcheAge
2015-03-11 10:04 - 2011-04-12 02:10 - 00752032 _____ () C:\Windows\system32\perfh00A.dat
2015-03-11 10:04 - 2011-04-12 02:10 - 00160572 _____ () C:\Windows\system32\perfc00A.dat
2015-03-11 10:04 - 2009-07-13 22:13 - 01689158 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 09:59 - 2014-10-24 12:44 - 00000000 ___RD () C:\Users\Ruben\Dropbox
2015-03-11 09:59 - 2014-10-24 12:41 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\Dropbox
2015-03-11 09:59 - 2014-08-18 13:40 - 00109296 _____ () C:\Users\Ruben\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-11 09:58 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 09:57 - 2009-07-13 21:45 - 00410416 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 00:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 00:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 00:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-10 14:35 - 2014-08-18 13:40 - 01662716 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-10 14:28 - 2014-12-28 19:46 - 00000000 ____D () C:\Users\Ruben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-03-10 14:28 - 2014-08-18 05:11 - 00000000 ____D () C:\Windows\Panther
2015-03-10 14:24 - 2015-01-19 21:05 - 00000000 ____D () C:\ProgramData\HappyCloud
2015-03-10 12:37 - 2014-08-18 13:17 - 00000000 ___HD () C:\Users\Ruben
2015-03-08 19:04 - 2014-11-30 07:16 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2015-03-08 12:02 - 2014-08-18 14:27 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-07 12:40 - 2014-10-18 17:57 - 00000000 ____D () C:\ProgramData\AVG2015
2015-03-07 12:31 - 2014-08-18 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-07 00:32 - 2014-11-17 11:20 - 00000000 ____D () C:\Users\Ruben\AppData\Local\Battle.net
2015-03-06 13:24 - 2014-11-17 11:21 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-03-06 13:22 - 2014-11-17 11:19 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-03-03 12:16 - 2015-02-16 11:19 - 00000000 ____D () C:\Program Files (x86)\Tibia
2015-02-27 11:23 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-02-26 09:43 - 2014-09-02 15:21 - 00000000 ____D () C:\Windows\Minidump
2015-02-25 12:54 - 2014-10-18 17:58 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-02-22 09:12 - 2009-07-13 22:08 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2015-02-25 00:02 - 2015-03-21 08:15 - 0000020 _____ () C:\Users\Ruben\AppData\Roaming\appdataFr3.bin
2015-03-20 07:03 - 2015-03-20 07:03 - 0061516 _____ () C:\Users\Ruben\AppData\Local\temp023423.vbe
2015-03-07 12:35 - 2015-03-07 12:35 - 0000502 _____ () C:\ProgramData\1425756931.bdinstall.bin
2014-11-30 08:30 - 2014-11-30 08:30 - 0000020 _____ () C:\ProgramData\bc.ini
2014-08-18 13:31 - 2014-08-18 13:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some content of TEMP:
====================
C:\Users\Ruben\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuhwgmn.dll
C:\Users\Ruben\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Ruben\AppData\Local\Temp\Quarantine.exe
C:\Users\Ruben\AppData\Local\Temp\sqlite3.dll
C:\Users\Ruben\AppData\Local\Temp\svchost.exe
C:\Users\Ruben\AppData\Local\Temp\update.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!
 
 
nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!
 
 
LastRegBack: 2015-03-15 12:44
 
==================== End Of Log ============================
 
 
Adittion.txt:
 
dditional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Ruben at 2015-03-21 08:18:59
Running from C:\Users\Ruben\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-4070754025-105426592-751506032-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
ACP Application (Version: 2.15.10.0003 - Advanced Micro Devices, Inc.) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Afterfall InSanity Extended Edition (HKLM-x32\...\Steam App 224420) (Version:  - Intoxicate Studios)
Age of Mythology: Extended Edition (HKLM-x32\...\Steam App 266840) (Version:  - SkyBox Labs)
AirDroid 3.0.3.1 (HKLM-x32\...\AirDroid) (Version: 3.0.3.1 - Sand Studio)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.5.4.2 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.5.4.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.020 - ASUSTek Computer Inc.)
AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5143 - CDBurnerXP)
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dropbox (HKU\S-1-5-21-4070754025-105426592-751506032-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EA SPORTS™ FIFA 15 Demo (HKLM-x32\...\{108C0C19-6316-4944-A62F-C744488F8639}) (Version: 1.0.0.0 - Electronic Arts)
Gauntlet (HKLM-x32\...\Gauntlet_is1) (Version:  - )
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.62.5207 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GPUTweakStreaming (HKLM-x32\...\InstallShield_{D2A41AA7-4313-43D5-AA39-7E3FBBE0556D}) (Version: 1.0.3.5 - ASUS)
GPUTweakStreaming (x32 Version: 1.0.3.5 - ASUS) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Ma-Config.com (64 bits) (HKLM\...\{914DEF20-C55F-429E-ADC8-9B33237804B6}) (Version: 7.1.5.0 - Cybelsoft)
Malwarebytes Anti-Malware versión 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\Steam App 17460) (Version:  - BioWare)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
Nosgoth (HKLM-x32\...\Steam App 200110) (Version: 150227.103129 - Square Enix Ltd)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Pid  (HKLM-x32\...\Steam App 218740) (Version:  - Might and Delight)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Pox Nora (HKLM-x32\...\Steam App 201210) (Version:  - Desert Owl Games LLC)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12952.91 - raidcall.com)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
RIFT (HKLM-x32\...\Glyph RIFT) (Version:  - Trion Worlds, Inc.)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
Setup - FIFA 15 Ultimate Team Edition © EA Sports ... (HKLM-x32\...\Setup - FIFA 15 Ultimate Team Edition © EA Sports ...) (Version: ... - EA)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TERA (HKU\S-1-5-21-4070754025-105426592-751506032-1000\...\teraenmasse) (Version:  - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.75 - CipSoft GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
XBMC (HKU\S-1-5-21-4070754025-105426592-751506032-1000\...\XBMC) (Version:  - Team XBMC)
XSplit Gamecaster (HKLM-x32\...\{62B69310-277E-4FCC-8AE1-55D428A6175E}) (Version: 2.1.1412.1625 - SplitmediaLabs)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4070754025-105426592-751506032-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4070754025-105426592-751506032-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4070754025-105426592-751506032-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4070754025-105426592-751506032-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4070754025-105426592-751506032-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4070754025-105426592-751506032-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4070754025-105426592-751506032-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4070754025-105426592-751506032-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4070754025-105426592-751506032-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4070754025-105426592-751506032-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
13-03-2015 07:33:48 Punto de control programado
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2014-12-28 19:47 - 00000331 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 adblockplus.org
127.0.0.1 easylist.adblockplus.org
192.254.249.59 googleads.g.doubleclick.net
192.254.249.59 ad.doubleclick.net
192.254.249.59 google-analytics.com
192.254.249.59 www.google-analytics.com
192.254.249.59 pubads.g.doubleclick.net
192.254.249.59 ad.doubleclick.net
192.254.249.59 ads.adsfirefly.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1CB2F951-8D54-4349-A7AD-563A12FEC8E7} - System32\Tasks\0614aUpdateInfo => C:\ProgramData\Avg_Update_0614a\0614a_AVG-Secure-Search-Update.exe [2014-06-19] ()
Task: {3C8F819A-4C6F-4827-9A2E-3F560885E6E0} - System32\Tasks\1114avUpdateInfo => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe [2014-10-08] ()
Task: {3F501E01-98CF-4471-8766-908B9C207C1A} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Task: {5013C1CC-939E-4C4F-997C-CD8B7CC724D6} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {5623604B-AA0F-48B2-94E0-8B9E07A086EF} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-01-25] (ASUSTek Computer Inc.)
Task: {68F699AE-D865-4B0D-B33A-CA2519EADFF8} - System32\Tasks\Uninstaller_SkipUac_Ruben => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-03-10] (IObit)
Task: {8D69ED9C-909C-422C-87A3-36CDF56412AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: {99AF5E52-A910-42A5-842D-71D21128A787} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9C5BAE5A-AC51-47E6-B185-650536856589} - System32\Tasks\{FF1A9280-DAE8-47B7-8EEA-346504304B3C} => pcalua.exe -a C:\Users\Ruben\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=amt
Task: {C28B9655-0C09-4F0E-BC6D-045B5F53FED4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: {DFF127C6-0C08-45AA-B90F-BD25ECEDB1AF} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-03-20] () <==== ATTENTION
Task: {E5141052-DB5E-4A59-B53E-51A478CD6176} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: C:\Windows\Tasks\0614aUpdateInfo.job => C:\ProgramData\Avg_Update_0614a\0614a_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1114avUpdateInfo.job => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-03-03 06:20 - 2015-03-03 06:20 - 00620056 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2014-08-18 13:22 - 2013-05-07 00:45 - 00936728 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-03-12 18:50 - 2015-03-12 18:50 - 00841216 _____ () C:\ProgramData\{40c499aa-0f11-3f4b-40c4-499aa0f166a8}\Harry Potter - Akabur Witch Trainer [Save game].exe
2015-03-21 08:07 - 2015-03-21 08:15 - 01605120 _____ () C:\Windows\Temp\svchost.exe
2015-03-21 08:07 - 2015-03-21 08:15 - 01594368 _____ () C:\Windows\Temp\lsass.exe
2014-08-18 13:22 - 2015-03-21 08:14 - 00027136 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-08-18 13:22 - 2013-05-07 00:45 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2013-12-13 09:39 - 2013-12-13 09:39 - 00278528 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll
2013-12-19 16:27 - 2013-12-19 16:27 - 00053248 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll
2015-03-03 06:20 - 2015-03-03 06:20 - 01711128 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2015-03-20 12:54 - 2015-03-14 03:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-20 12:54 - 2015-03-14 03:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-20 12:54 - 2015-03-14 03:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2014-08-18 13:39 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-03-20 12:54 - 2015-03-14 03:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4070754025-105426592-751506032-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruben\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.52.160.17 - 200.52.160.200
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Ruben^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Advanced SystemCare 8 => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
MSCONFIG\startupreg: AirDroid 3 => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: uTorrent => "C:\Users\Ruben\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-4070754025-105426592-751506032-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-4070754025-105426592-751506032-1002 - Limited - Enabled)
Invitado (S-1-5-21-4070754025-105426592-751506032-501 - Limited - Disabled)
Ruben (S-1-5-21-4070754025-105426592-751506032-1000 - Administrator - Enabled) => C:\Users\Ruben
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/21/2015 08:16:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/21/2015 08:14:52 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x80070005.
 
Error: (03/21/2015 08:08:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/21/2015 08:07:06 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x80070005.
 
Error: (03/21/2015 07:50:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/21/2015 07:49:13 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x80070005.
 
Error: (03/20/2015 11:51:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/20/2015 11:50:39 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Error de activación de la licencia de Windows. Error 0x80070005.
 
Error: (03/19/2015 07:57:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" en la línea C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (03/19/2015 05:36:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: LolClient.exe, versión: 0.0.0.0, marca de tiempo: 0x515663e0
Nombre del módulo con errores: unknown, versión: 0.0.0.0, marca de tiempo: 0x00000000
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x01000600
Id. del proceso con errores: 0x1164
Hora de inicio de la aplicación con errores: 0xLolClient.exe0
Ruta de acceso de la aplicación con errores: LolClient.exe1
Ruta de acceso del módulo con errores: LolClient.exe2
Id. del informe: LolClient.exe3
 
 
System errors:
=============
Error: (03/21/2015 08:14:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: establecido de forma predeterminada en el equipoLocalActivación{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}{BC50CF2A-E12C-4F18-90CE-714CC8600CEE}NT AUTHORITYSERVICIO LOCALS-1-5-19LocalHost (con LRPC)
 
Error: (03/21/2015 08:14:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio Windows Live ID Sign-in Assistant no pudo iniciarse debido al siguiente error: 
%%109
 
Error: (03/21/2015 08:14:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Instalador de módulos de Windows terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Reiniciar el servicio.
 
Error: (03/21/2015 08:14:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel® Dynamic Application Loader Host Interface Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (03/21/2015 08:14:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel® Rapid Storage Technology se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (03/21/2015 08:14:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio de uso compartido de red del Reproductor de Windows Media terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.
 
Error: (03/21/2015 08:14:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Search terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 30000 milisegundos: Reiniciar el servicio.
 
Error: (03/21/2015 08:14:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Live ID Sign-in Assistant terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.
 
Error: (03/21/2015 08:14:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Ma-Config Agent terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Reiniciar el servicio.
 
Error: (03/21/2015 08:14:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Intel® Capability Licensing Service Interface terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 0 milisegundos: Reiniciar el servicio.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 23%
Total physical RAM: 8130.67 MB
Available physical RAM: 6260.03 MB
Total Pagefile: 16259.52 MB
Available Pagefile: 13130.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:559.69 GB) NTFS
Drive f: (FIFA 15 UTE) (CDROM) (Total:13.83 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 81282D0E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:32 PM

Posted 21 March 2015 - 11:21 AM

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.
tdss.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Rupperto

Rupperto
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 21 March 2015 - 11:43 AM

09:40:28.0205 0x169c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
09:40:32.0174 0x169c  ============================================================
09:40:32.0174 0x169c  Current date / time: 2015/03/21 09:40:32.0174
09:40:32.0174 0x169c  SystemInfo:
09:40:32.0174 0x169c  
09:40:32.0174 0x169c  OS Version: 6.1.7601 ServicePack: 1.0
09:40:32.0174 0x169c  Product type: Workstation
09:40:32.0174 0x169c  ComputerName: RUBEN-PC
09:40:32.0174 0x169c  UserName: Ruben
09:40:32.0174 0x169c  Windows directory: C:\Windows
09:40:32.0174 0x169c  System windows directory: C:\Windows
09:40:32.0174 0x169c  Running under WOW64
09:40:32.0174 0x169c  Processor architecture: Intel x64
09:40:32.0174 0x169c  Number of processors: 4
09:40:32.0174 0x169c  Page size: 0x1000
09:40:32.0174 0x169c  Boot type: Normal boot
09:40:32.0174 0x169c  ============================================================
09:40:34.0128 0x169c  KLMD registered as C:\Windows\system32\drivers\73789539.sys
09:40:34.0292 0x169c  System UUID: {A19D3C55-F8BC-DD78-99AC-AB6731D348B0}
09:40:34.0652 0x169c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:40:34.0665 0x169c  ============================================================
09:40:34.0665 0x169c  \Device\Harddisk0\DR0:
09:40:34.0665 0x169c  MBR partitions:
09:40:34.0665 0x169c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:40:34.0665 0x169c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
09:40:34.0665 0x169c  ============================================================
09:40:34.0683 0x169c  C: <-> \Device\Harddisk0\DR0\Partition2
09:40:34.0683 0x169c  ============================================================
09:40:34.0683 0x169c  Initialize success
09:40:34.0683 0x169c  ============================================================
09:40:51.0765 0x12c0  ============================================================
09:40:51.0765 0x12c0  Scan started
09:40:51.0765 0x12c0  Mode: Manual; SigCheck; TDLFS; 
09:40:51.0765 0x12c0  ============================================================
09:40:51.0765 0x12c0  KSN ping started
09:40:54.0658 0x12c0  KSN ping finished: true
09:40:55.0835 0x12c0  ================ Scan system memory ========================
09:40:55.0835 0x12c0  System memory - ok
09:40:55.0835 0x12c0  ================ Scan services =============================
09:40:55.0971 0x12c0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:40:56.0066 0x12c0  1394ohci - ok
09:40:56.0105 0x12c0  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] 1991b13a        C:\Windows\system32\rundll32.exe
09:40:56.0157 0x12c0  1991b13a - ok
09:40:56.0187 0x12c0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:40:56.0205 0x12c0  ACPI - ok
09:40:56.0228 0x12c0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:40:56.0243 0x12c0  AcpiPmi - ok
09:40:56.0347 0x12c0  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:40:56.0370 0x12c0  AdobeARMservice - ok
09:40:56.0404 0x12c0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:40:56.0431 0x12c0  adp94xx - ok
09:40:56.0445 0x12c0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:40:56.0456 0x12c0  adpahci - ok
09:40:56.0473 0x12c0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:40:56.0473 0x12c0  adpu320 - ok
09:40:56.0489 0x12c0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:40:56.0520 0x12c0  AeLookupSvc - ok
09:40:56.0567 0x12c0  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
09:40:56.0685 0x12c0  AFD - ok
09:40:56.0716 0x12c0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
09:40:56.0731 0x12c0  agp440 - ok
09:40:56.0747 0x12c0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
09:40:56.0767 0x12c0  ALG - ok
09:40:56.0789 0x12c0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:40:56.0790 0x12c0  aliide - ok
09:40:56.0836 0x12c0  [ 2998362D1E550F0C990D77E34415BEB6, 36BBC575DFE0CBD5BC4AF9AD8B54DCEF950E93AF48884D6523457071296514CC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:40:56.0874 0x12c0  AMD External Events Utility - ok
09:40:56.0920 0x12c0  [ A2737AA6B6EC398987CFBE7D79BE36A3, 45C9AB45C854D0A3FC358B5DCD6FE8C93DD25AE6A1BBE008F8416F78FF57B8A5 ] amdacpksd       C:\Windows\system32\drivers\amdacpksd.sys
09:40:56.0936 0x12c0  amdacpksd - ok
09:40:57.0021 0x12c0  [ 11ECEAF7EE4FDD61A0CC6645707DB2BB, 8DB09296411AEC8F06900FA0EFBE817339EE79424584BAC5A174D478850379F1 ] amdacpusrsvc    C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
09:40:57.0036 0x12c0  amdacpusrsvc - detected UnsignedFile.Multi.Generic ( 1 )
09:41:00.0064 0x12c0  Detect skipped due to KSN trusted
09:41:00.0064 0x12c0  amdacpusrsvc - ok
09:41:00.0073 0x12c0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:41:00.0088 0x12c0  amdide - ok
09:41:00.0104 0x12c0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:41:00.0135 0x12c0  AmdK8 - ok
09:41:00.0546 0x12c0  [ A87FC6E3670DB55788184FE3A3808712, 2366E7423B4EBC6E12F0C172246E4D2D3BDD702193FA6955A08180FFFCB217B9 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
09:41:01.0035 0x12c0  amdkmdag - ok
09:41:01.0099 0x12c0  [ 971F3B12C24BB83B48F8CCA2ED019906, E4757480DFF2678E3C7897F6E720EEFF76D452707FC87401B209FE533BFC3210 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
09:41:01.0131 0x12c0  amdkmdap - ok
09:41:01.0146 0x12c0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
09:41:01.0164 0x12c0  AmdPPM - ok
09:41:01.0179 0x12c0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:41:01.0179 0x12c0  amdsata - ok
09:41:01.0195 0x12c0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
09:41:01.0211 0x12c0  amdsbs - ok
09:41:01.0211 0x12c0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:41:01.0226 0x12c0  amdxata - ok
09:41:01.0257 0x12c0  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
09:41:01.0275 0x12c0  AppID - ok
09:41:01.0291 0x12c0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:41:01.0306 0x12c0  AppIDSvc - ok
09:41:01.0323 0x12c0  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
09:41:01.0338 0x12c0  Appinfo - ok
09:41:01.0374 0x12c0  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
09:41:01.0389 0x12c0  AppMgmt - ok
09:41:01.0389 0x12c0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
09:41:01.0405 0x12c0  arc - ok
09:41:01.0405 0x12c0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:41:01.0420 0x12c0  arcsas - ok
09:41:01.0514 0x12c0  [ BBF8F831C7720DD5135D8C4C8325187A, 2630C68200D7BD49A5772830D6B369C0EC337C2558A9562DD564DF042249ECC0 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
09:41:01.0545 0x12c0  asComSvc - ok
09:41:01.0594 0x12c0  [ E536856E96A7605EBF580D62A868E5FE, 70D0F6ECB05E923C1B274605CB3320091D35D7622003FF7E4806645519C70F01 ] ASGT            C:\Windows\SysWOW64\ASGT.exe
09:41:01.0610 0x12c0  ASGT - detected UnsignedFile.Multi.Generic ( 1 )
09:41:05.0957 0x12c0  Detect skipped due to KSN trusted
09:41:05.0957 0x12c0  ASGT - ok
09:41:05.0973 0x12c0  [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
09:41:05.0989 0x12c0  AsIO - ok
09:41:06.0061 0x12c0  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:41:06.0073 0x12c0  aspnet_state - ok
09:41:06.0104 0x12c0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:41:06.0151 0x12c0  AsyncMac - ok
09:41:06.0183 0x12c0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:41:06.0183 0x12c0  atapi - ok
09:41:06.0247 0x12c0  [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
09:41:06.0272 0x12c0  AtiHDAudioService - ok
09:41:06.0321 0x12c0  atillk64 - ok
09:41:06.0359 0x12c0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:41:06.0400 0x12c0  AudioEndpointBuilder - ok
09:41:06.0414 0x12c0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:41:06.0445 0x12c0  AudioSrv - ok
09:41:06.0490 0x12c0  [ 68070AEEE757ACC6EC5BC291B1E8EA1A, 8A4902CE6F4696F33CD6CF98F96FDA7895B99A676916F3137CF34192AF3C25A4 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
09:41:06.0513 0x12c0  AVGIDSHA - ok
09:41:06.0540 0x12c0  [ 179835151F9B3FCC2FCB5E633D4F1A2B, 0520CF4C897BD74601CB887E583A7F45AC78B8420293CDE0F8107FB05CD2AA70 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
09:41:06.0556 0x12c0  Avgloga - ok
09:41:06.0572 0x12c0  [ EB79091306A5D692DA28306D7070C57D, 2C713484E2E59B330F27DA78C9FFA8ADEE6A96731F9F77B17842FBC29B7C94E6 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
09:41:06.0588 0x12c0  Avgtdia - ok
09:41:06.0673 0x12c0  [ 8BF64DFDA90D32F485381F9AE41016E4, 36E92DDCCA0AE4A1A5476BC2E13B36C66B0794221FD621F13CB95C1E9F8513AD ] avgwd           C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
09:41:06.0704 0x12c0  avgwd - ok
09:41:06.0736 0x12c0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:41:06.0752 0x12c0  AxInstSV - ok
09:41:06.0803 0x12c0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
09:41:06.0873 0x12c0  b06bdrv - ok
09:41:06.0905 0x12c0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:41:06.0936 0x12c0  b57nd60a - ok
09:41:06.0951 0x12c0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:41:06.0972 0x12c0  BDESVC - ok
09:41:07.0004 0x12c0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:41:07.0051 0x12c0  Beep - ok
09:41:07.0115 0x12c0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
09:41:07.0164 0x12c0  BFE - ok
09:41:07.0195 0x12c0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
09:41:07.0229 0x12c0  BITS - ok
09:41:07.0244 0x12c0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:41:07.0277 0x12c0  blbdrive - ok
09:41:07.0309 0x12c0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:41:07.0324 0x12c0  bowser - ok
09:41:07.0355 0x12c0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
09:41:07.0373 0x12c0  BrFiltLo - ok
09:41:07.0404 0x12c0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
09:41:07.0447 0x12c0  BrFiltUp - ok
09:41:07.0483 0x12c0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
09:41:07.0545 0x12c0  Browser - ok
09:41:07.0569 0x12c0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:41:07.0585 0x12c0  Brserid - ok
09:41:07.0596 0x12c0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:41:07.0606 0x12c0  BrSerWdm - ok
09:41:07.0606 0x12c0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:41:07.0622 0x12c0  BrUsbMdm - ok
09:41:07.0622 0x12c0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:41:07.0658 0x12c0  BrUsbSer - ok
09:41:07.0663 0x12c0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:41:07.0673 0x12c0  BTHMODEM - ok
09:41:07.0688 0x12c0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
09:41:07.0755 0x12c0  bthserv - ok
09:41:07.0789 0x12c0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:41:07.0805 0x12c0  cdfs - ok
09:41:07.0836 0x12c0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:41:07.0851 0x12c0  cdrom - ok
09:41:07.0851 0x12c0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:41:07.0889 0x12c0  CertPropSvc - ok
09:41:07.0920 0x12c0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
09:41:07.0951 0x12c0  circlass - ok
09:41:07.0971 0x12c0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
09:41:07.0975 0x12c0  CLFS - ok
09:41:08.0021 0x12c0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:41:08.0053 0x12c0  clr_optimization_v2.0.50727_32 - ok
09:41:08.0088 0x12c0  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:41:08.0088 0x12c0  clr_optimization_v2.0.50727_64 - ok
09:41:08.0150 0x12c0  [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:41:08.0173 0x12c0  clr_optimization_v4.0.30319_32 - ok
09:41:08.0188 0x12c0  [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:41:08.0204 0x12c0  clr_optimization_v4.0.30319_64 - ok
09:41:08.0220 0x12c0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
09:41:08.0235 0x12c0  CmBatt - ok
09:41:08.0267 0x12c0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:41:08.0272 0x12c0  cmdide - ok
09:41:08.0304 0x12c0  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
09:41:08.0319 0x12c0  CNG - ok
09:41:08.0335 0x12c0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:41:08.0335 0x12c0  Compbatt - ok
09:41:08.0567 0x12c0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
09:41:08.0614 0x12c0  CompositeBus - ok
09:41:08.0630 0x12c0  COMSysApp - ok
09:41:08.0725 0x12c0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:41:08.0774 0x12c0  crcdisk - ok
09:41:08.0805 0x12c0  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:41:08.0836 0x12c0  CryptSvc - ok
09:41:08.0873 0x12c0  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
09:41:08.0919 0x12c0  CSC - ok
09:41:08.0935 0x12c0  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
09:41:08.0951 0x12c0  CscService - ok
09:41:08.0984 0x12c0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:41:09.0017 0x12c0  DcomLaunch - ok
09:41:09.0048 0x12c0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:41:09.0073 0x12c0  defragsvc - ok
09:41:09.0088 0x12c0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:41:09.0104 0x12c0  DfsC - ok
09:41:09.0135 0x12c0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:41:09.0151 0x12c0  Dhcp - ok
09:41:09.0174 0x12c0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
09:41:09.0189 0x12c0  discache - ok
09:41:09.0189 0x12c0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
09:41:09.0205 0x12c0  Disk - ok
09:41:09.0221 0x12c0  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
09:41:09.0236 0x12c0  dmvsc - ok
09:41:09.0272 0x12c0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:41:09.0288 0x12c0  Dnscache - ok
09:41:09.0319 0x12c0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:41:09.0350 0x12c0  dot3svc - ok
09:41:09.0366 0x12c0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
09:41:09.0399 0x12c0  DPS - ok
09:41:09.0430 0x12c0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:41:09.0446 0x12c0  drmkaud - ok
09:41:09.0479 0x12c0  [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
09:41:09.0495 0x12c0  dtsoftbus01 - ok
09:41:09.0543 0x12c0  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:41:09.0582 0x12c0  DXGKrnl - ok
09:41:09.0583 0x12c0  EagleX64 - ok
09:41:09.0598 0x12c0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
09:41:09.0630 0x12c0  EapHost - ok
09:41:09.0711 0x12c0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
09:41:09.0793 0x12c0  ebdrv - ok
09:41:09.0808 0x12c0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
09:41:09.0824 0x12c0  EFS - ok
09:41:09.0904 0x12c0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:41:09.0935 0x12c0  ehRecvr - ok
09:41:09.0935 0x12c0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
09:41:09.0951 0x12c0  ehSched - ok
09:41:09.0972 0x12c0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:41:09.0988 0x12c0  elxstor - ok
09:41:10.0003 0x12c0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:41:10.0003 0x12c0  ErrDev - ok
09:41:10.0068 0x12c0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
09:41:10.0099 0x12c0  EventSystem - ok
09:41:10.0130 0x12c0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:41:10.0146 0x12c0  exfat - ok
09:41:10.0161 0x12c0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:41:10.0195 0x12c0  fastfat - ok
09:41:10.0210 0x12c0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
09:41:10.0241 0x12c0  Fax - ok
09:41:10.0257 0x12c0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
09:41:10.0274 0x12c0  fdc - ok
09:41:10.0275 0x12c0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
09:41:10.0290 0x12c0  fdPHost - ok
09:41:10.0322 0x12c0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:41:10.0373 0x12c0  FDResPub - ok
09:41:10.0373 0x12c0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:41:10.0389 0x12c0  FileInfo - ok
09:41:10.0389 0x12c0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:41:10.0404 0x12c0  Filetrace - ok
09:41:10.0420 0x12c0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
09:41:10.0420 0x12c0  flpydisk - ok
09:41:10.0451 0x12c0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:41:10.0451 0x12c0  FltMgr - ok
09:41:10.0498 0x12c0  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
09:41:10.0529 0x12c0  FontCache - ok
09:41:10.0589 0x12c0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:41:10.0605 0x12c0  FontCache3.0.0.0 - ok
09:41:10.0620 0x12c0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:41:10.0636 0x12c0  FsDepends - ok
09:41:10.0669 0x12c0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:41:10.0672 0x12c0  Fs_Rec - ok
09:41:10.0703 0x12c0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:41:10.0721 0x12c0  fvevol - ok
09:41:10.0736 0x12c0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:41:10.0752 0x12c0  gagp30kx - ok
09:41:10.0801 0x12c0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:41:10.0847 0x12c0  gpsvc - ok
09:41:10.0881 0x12c0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:41:10.0881 0x12c0  gupdate - ok
09:41:10.0881 0x12c0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:41:10.0896 0x12c0  gupdatem - ok
09:41:10.0896 0x12c0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:41:10.0912 0x12c0  hcw85cir - ok
09:41:10.0943 0x12c0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:41:10.0959 0x12c0  HdAudAddService - ok
09:41:10.0978 0x12c0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:41:10.0994 0x12c0  HDAudBus - ok
09:41:10.0994 0x12c0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
09:41:11.0009 0x12c0  HidBatt - ok
09:41:11.0025 0x12c0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:41:11.0025 0x12c0  HidBth - ok
09:41:11.0041 0x12c0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:41:11.0041 0x12c0  HidIr - ok
09:41:11.0056 0x12c0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
09:41:11.0074 0x12c0  hidserv - ok
09:41:11.0089 0x12c0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:41:11.0089 0x12c0  HidUsb - ok
09:41:11.0105 0x12c0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:41:11.0136 0x12c0  hkmsvc - ok
09:41:11.0152 0x12c0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:41:11.0172 0x12c0  HomeGroupListener - ok
09:41:11.0204 0x12c0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:41:11.0204 0x12c0  HomeGroupProvider - ok
09:41:11.0219 0x12c0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:41:11.0219 0x12c0  HpSAMD - ok
09:41:11.0250 0x12c0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:41:11.0288 0x12c0  HTTP - ok
09:41:11.0288 0x12c0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:41:11.0303 0x12c0  hwpolicy - ok
09:41:11.0303 0x12c0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:41:11.0319 0x12c0  i8042prt - ok
09:41:11.0353 0x12c0  [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA         C:\Windows\system32\DRIVERS\iaStorA.sys
09:41:11.0372 0x12c0  iaStorA - ok
09:41:11.0434 0x12c0  [ 20E83F4632E15A5E9E716FF2E8AC7FAE, 7CA1A4924F432AD30ED7FA6247C6513DA173EE31132AE115E85C0ED7E5971029 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:41:11.0456 0x12c0  IAStorDataMgrSvc - ok
09:41:11.0471 0x12c0  [ CE5CD8CBE940965867D507AB8EA2795A, 1CC2C23A1436E4C911DD3B942D8F6DABB7249AB04426F9AB6B6045034226DD25 ] iaStorF         C:\Windows\system32\DRIVERS\iaStorF.sys
09:41:11.0471 0x12c0  iaStorF - ok
09:41:11.0502 0x12c0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:41:11.0518 0x12c0  iaStorV - ok
09:41:11.0580 0x12c0  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:41:11.0612 0x12c0  idsvc - ok
09:41:11.0627 0x12c0  IEEtwCollectorService - ok
09:41:11.0643 0x12c0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:41:11.0643 0x12c0  iirsp - ok
09:41:11.0676 0x12c0  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
09:41:11.0707 0x12c0  IKEEXT - ok
09:41:11.0819 0x12c0  [ 8CAA2A543155675D09B0D5239E31EC99, 033CF96E110136A59E01C4D26FE3681862C0993938959059A37A34DC1C0E1D49 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:41:11.0888 0x12c0  IntcAzAudAddService - ok
09:41:11.0950 0x12c0  [ DAE6C3099D291EED8922A65C29ABCF52, AD0A932345382824122F84AF97A8609BAE1B916A3B9FD608779A1411E37D3643 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
09:41:11.0968 0x12c0  Intel® Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 )
09:41:14.0988 0x12c0  Detect skipped due to KSN trusted
09:41:14.0988 0x12c0  Intel® Capability Licensing Service Interface - ok
09:41:15.0050 0x12c0  [ D45226E3E7A25F1E7CE8DF8FD0A2A098, 7BD74E9E3CB0A83D26BA3FD8177C6B9BA46A8695B6569CF7887FDC87947DA2D6 ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
09:41:15.0089 0x12c0  Intel® Capability Licensing Service TCP IP Interface - ok
09:41:15.0121 0x12c0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:41:15.0136 0x12c0  intelide - ok
09:41:15.0172 0x12c0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:41:15.0172 0x12c0  intelppm - ok
09:41:15.0219 0x12c0  [ EBBB161339CC7D5FFC0749EB6BE8A126, 7FADF69EDE37BCB73FD869A60D95E1C454EBE93A0469E34EAE676BEE672EB440 ] IOMap           C:\Windows\system32\drivers\IOMap64.sys
09:41:15.0235 0x12c0  IOMap - ok
09:41:15.0272 0x12c0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:41:15.0334 0x12c0  IPBusEnum - ok
09:41:15.0350 0x12c0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:41:15.0376 0x12c0  IpFilterDriver - ok
09:41:15.0439 0x12c0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:41:15.0489 0x12c0  iphlpsvc - ok
09:41:15.0504 0x12c0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:41:15.0504 0x12c0  IPMIDRV - ok
09:41:15.0520 0x12c0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:41:15.0551 0x12c0  IPNAT - ok
09:41:15.0573 0x12c0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:41:15.0573 0x12c0  IRENUM - ok
09:41:15.0604 0x12c0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:41:15.0620 0x12c0  isapnp - ok
09:41:15.0635 0x12c0  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:41:15.0651 0x12c0  iScsiPrt - ok
09:41:15.0672 0x12c0  [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
09:41:15.0688 0x12c0  iusb3hcs - ok
09:41:15.0688 0x12c0  [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
09:41:15.0704 0x12c0  iusb3hub - ok
09:41:15.0719 0x12c0  [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
09:41:15.0750 0x12c0  iusb3xhc - ok
09:41:15.0850 0x12c0  [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
09:41:15.0866 0x12c0  jhi_service - ok
09:41:15.0873 0x12c0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:41:15.0873 0x12c0  kbdclass - ok
09:41:15.0888 0x12c0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:41:15.0888 0x12c0  kbdhid - ok
09:41:15.0919 0x12c0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
09:41:15.0919 0x12c0  KeyIso - ok
09:41:15.0951 0x12c0  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:41:15.0967 0x12c0  KSecDD - ok
09:41:15.0968 0x12c0  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:41:15.0984 0x12c0  KSecPkg - ok
09:41:15.0984 0x12c0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:41:16.0015 0x12c0  ksthunk - ok
09:41:16.0031 0x12c0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:41:16.0064 0x12c0  KtmRm - ok
09:41:16.0095 0x12c0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:41:16.0111 0x12c0  LanmanServer - ok
09:41:16.0142 0x12c0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:41:16.0172 0x12c0  LanmanWorkstation - ok
09:41:16.0350 0x12c0  [ D9BC2278A381A8F8465596CB84D33320, 13E5CE3FD84604077B06E0B111F0345FA300FE4CBFCFCDAFFFAC6D838BB43E3A ] LiveUpdateSvc   C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
09:41:16.0404 0x12c0  LiveUpdateSvc - ok
09:41:16.0435 0x12c0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:41:16.0451 0x12c0  lltdio - ok
09:41:16.0482 0x12c0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:41:16.0500 0x12c0  lltdsvc - ok
09:41:16.0515 0x12c0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:41:16.0531 0x12c0  lmhosts - ok
09:41:16.0580 0x12c0  [ 3DE66F47365AA8CEB18B1EE272F4FEBA, 8DDD6AB4AEDE3B2FEA0D3B63DD24E3F3422D6ADE067756A3919FCED53C349167 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:41:16.0595 0x12c0  LMS - ok
09:41:16.0611 0x12c0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:41:16.0627 0x12c0  LSI_FC - ok
09:41:16.0658 0x12c0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:41:16.0658 0x12c0  LSI_SAS - ok
09:41:16.0675 0x12c0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
09:41:16.0675 0x12c0  LSI_SAS2 - ok
09:41:16.0691 0x12c0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:41:16.0707 0x12c0  LSI_SCSI - ok
09:41:16.0726 0x12c0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
09:41:16.0757 0x12c0  luafv - ok
09:41:16.0806 0x12c0  [ 6A7970E5DEE9DE6E8C4C08856B31C099, AB4AAEC9298D0AAB1B3E5EC02631ABF50124DF70C5678E15DD8545BABFDBC6E3 ] ma-config_amd64 C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys
09:41:16.0822 0x12c0  ma-config_amd64 - ok
09:41:16.0968 0x12c0  [ DF4BCFFB97625D6B44E8554BF83FCCA6, 89932D16F31627E204FF58D9B3E3F41C337FE6035102E81B88836B60BBA3C119 ] MaConfigAgent   C:\Program Files\ma-config.com\MaConfigAgent.exe
09:41:17.0032 0x12c0  MaConfigAgent - ok
09:41:17.0073 0x12c0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:41:17.0104 0x12c0  Mcx2Svc - ok
09:41:17.0104 0x12c0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:41:17.0120 0x12c0  megasas - ok
09:41:17.0135 0x12c0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
09:41:17.0151 0x12c0  MegaSR - ok
09:41:17.0168 0x12c0  [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
09:41:17.0184 0x12c0  MEIx64 - ok
09:41:17.0215 0x12c0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
09:41:17.0231 0x12c0  MMCSS - ok
09:41:17.0249 0x12c0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
09:41:17.0271 0x12c0  Modem - ok
09:41:17.0271 0x12c0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:41:17.0287 0x12c0  monitor - ok
09:41:17.0302 0x12c0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:41:17.0302 0x12c0  mouclass - ok
09:41:17.0318 0x12c0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:41:17.0318 0x12c0  mouhid - ok
09:41:17.0333 0x12c0  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:41:17.0349 0x12c0  mountmgr - ok
09:41:17.0367 0x12c0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:41:17.0382 0x12c0  mpio - ok
09:41:17.0413 0x12c0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:41:17.0429 0x12c0  mpsdrv - ok
09:41:17.0460 0x12c0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:41:17.0493 0x12c0  MpsSvc - ok
09:41:17.0509 0x12c0  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:41:17.0525 0x12c0  MRxDAV - ok
09:41:17.0572 0x12c0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:41:17.0604 0x12c0  mrxsmb - ok
09:41:17.0619 0x12c0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:41:17.0635 0x12c0  mrxsmb10 - ok
09:41:17.0650 0x12c0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:41:17.0669 0x12c0  mrxsmb20 - ok
09:41:17.0685 0x12c0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:41:17.0700 0x12c0  msahci - ok
09:41:17.0731 0x12c0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:41:17.0782 0x12c0  msdsm - ok
09:41:17.0813 0x12c0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
09:41:17.0845 0x12c0  MSDTC - ok
09:41:17.0877 0x12c0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:41:17.0909 0x12c0  Msfs - ok
09:41:17.0940 0x12c0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:41:17.0956 0x12c0  mshidkmdf - ok
09:41:17.0973 0x12c0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:41:17.0973 0x12c0  msisadrv - ok
09:41:17.0989 0x12c0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:41:18.0020 0x12c0  MSiSCSI - ok
09:41:18.0020 0x12c0  msiserver - ok
09:41:18.0036 0x12c0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:41:18.0070 0x12c0  MSKSSRV - ok
09:41:18.0072 0x12c0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:41:18.0088 0x12c0  MSPCLOCK - ok
09:41:18.0104 0x12c0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:41:18.0119 0x12c0  MSPQM - ok
09:41:18.0135 0x12c0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:41:18.0150 0x12c0  MsRPC - ok
09:41:18.0168 0x12c0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:41:18.0168 0x12c0  mssmbios - ok
09:41:18.0184 0x12c0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:41:18.0199 0x12c0  MSTEE - ok
09:41:18.0215 0x12c0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
09:41:18.0215 0x12c0  MTConfig - ok
09:41:18.0230 0x12c0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
09:41:18.0230 0x12c0  Mup - ok
09:41:18.0262 0x12c0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
09:41:18.0297 0x12c0  napagent - ok
09:41:18.0312 0x12c0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:41:18.0328 0x12c0  NativeWifiP - ok
09:41:18.0359 0x12c0  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:41:18.0377 0x12c0  NDIS - ok
09:41:18.0392 0x12c0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:41:18.0426 0x12c0  NdisCap - ok
09:41:18.0448 0x12c0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:41:18.0456 0x12c0  NdisTapi - ok
09:41:18.0471 0x12c0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:41:18.0487 0x12c0  Ndisuio - ok
09:41:18.0502 0x12c0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:41:18.0518 0x12c0  NdisWan - ok
09:41:18.0534 0x12c0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:41:18.0567 0x12c0  NDProxy - ok
09:41:18.0582 0x12c0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:41:18.0614 0x12c0  NetBIOS - ok
09:41:18.0614 0x12c0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:41:18.0649 0x12c0  NetBT - ok
09:41:18.0668 0x12c0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
09:41:18.0673 0x12c0  Netlogon - ok
09:41:18.0704 0x12c0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
09:41:18.0735 0x12c0  Netman - ok
09:41:18.0772 0x12c0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:41:18.0788 0x12c0  NetMsmqActivator - ok
09:41:18.0788 0x12c0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:41:18.0788 0x12c0  NetPipeActivator - ok
09:41:18.0820 0x12c0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
09:41:18.0851 0x12c0  netprofm - ok
09:41:18.0851 0x12c0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:41:18.0851 0x12c0  NetTcpActivator - ok
09:41:18.0870 0x12c0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:41:18.0872 0x12c0  NetTcpPortSharing - ok
09:41:18.0888 0x12c0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:41:18.0903 0x12c0  nfrd960 - ok
09:41:18.0950 0x12c0  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:41:18.0967 0x12c0  NlaSvc - ok
09:41:18.0982 0x12c0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:41:19.0013 0x12c0  Npfs - ok
09:41:19.0029 0x12c0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
09:41:19.0060 0x12c0  nsi - ok
09:41:19.0060 0x12c0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:41:19.0078 0x12c0  nsiproxy - ok
09:41:19.0125 0x12c0  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:41:19.0172 0x12c0  Ntfs - ok
09:41:19.0172 0x12c0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
09:41:19.0203 0x12c0  Null - ok
09:41:19.0203 0x12c0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:41:19.0219 0x12c0  nvraid - ok
09:41:19.0235 0x12c0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:41:19.0250 0x12c0  nvstor - ok
09:41:19.0250 0x12c0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:41:19.0268 0x12c0  nv_agp - ok
09:41:19.0353 0x12c0  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:41:19.0355 0x12c0  odserv - ok
09:41:19.0371 0x12c0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:41:19.0386 0x12c0  ohci1394 - ok
09:41:19.0402 0x12c0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:41:19.0418 0x12c0  ose - ok
09:41:19.0433 0x12c0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:41:19.0464 0x12c0  p2pimsvc - ok
09:41:19.0480 0x12c0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
09:41:19.0496 0x12c0  p2psvc - ok
09:41:19.0496 0x12c0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
09:41:19.0511 0x12c0  Parport - ok
09:41:19.0527 0x12c0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:41:19.0542 0x12c0  partmgr - ok
09:41:19.0576 0x12c0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:41:19.0591 0x12c0  PcaSvc - ok
09:41:19.0607 0x12c0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
09:41:19.0622 0x12c0  pci - ok
09:41:19.0638 0x12c0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:41:19.0638 0x12c0  pciide - ok
09:41:19.0654 0x12c0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:41:19.0654 0x12c0  pcmcia - ok
09:41:19.0673 0x12c0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:41:19.0673 0x12c0  pcw - ok
09:41:19.0689 0x12c0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:41:19.0736 0x12c0  PEAUTH - ok
09:41:19.0779 0x12c0  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
09:41:19.0815 0x12c0  PeerDistSvc - ok
09:41:19.0864 0x12c0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:41:19.0884 0x12c0  PerfHost - ok
09:41:19.0955 0x12c0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
09:41:20.0020 0x12c0  pla - ok
09:41:20.0105 0x12c0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:41:20.0140 0x12c0  PlugPlay - ok
09:41:20.0171 0x12c0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:41:20.0180 0x12c0  PNRPAutoReg - ok
09:41:20.0195 0x12c0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:41:20.0209 0x12c0  PNRPsvc - ok
09:41:20.0247 0x12c0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:41:20.0271 0x12c0  PolicyAgent - ok
09:41:20.0308 0x12c0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
09:41:20.0331 0x12c0  Power - ok
09:41:20.0354 0x12c0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:41:20.0372 0x12c0  PptpMiniport - ok
09:41:20.0387 0x12c0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
09:41:20.0387 0x12c0  Processor - ok
09:41:20.0418 0x12c0  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll
09:41:20.0446 0x12c0  ProfSvc - ok
09:41:20.0452 0x12c0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:41:20.0458 0x12c0  ProtectedStorage - ok
09:41:20.0472 0x12c0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:41:20.0488 0x12c0  Psched - ok
09:41:20.0534 0x12c0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:41:20.0566 0x12c0  ql2300 - ok
09:41:20.0583 0x12c0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:41:20.0599 0x12c0  ql40xx - ok
09:41:20.0599 0x12c0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
09:41:20.0614 0x12c0  QWAVE - ok
09:41:20.0630 0x12c0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:41:20.0646 0x12c0  QWAVEdrv - ok
09:41:20.0661 0x12c0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:41:20.0679 0x12c0  RasAcd - ok
09:41:20.0679 0x12c0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:41:20.0710 0x12c0  RasAgileVpn - ok
09:41:20.0710 0x12c0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
09:41:20.0741 0x12c0  RasAuto - ok
09:41:20.0741 0x12c0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:41:20.0757 0x12c0  Rasl2tp - ok
09:41:20.0775 0x12c0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
09:41:20.0807 0x12c0  RasMan - ok
09:41:20.0807 0x12c0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:41:20.0844 0x12c0  RasPppoe - ok
09:41:20.0851 0x12c0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:41:20.0874 0x12c0  RasSstp - ok
09:41:20.0892 0x12c0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:41:20.0918 0x12c0  rdbss - ok
09:41:20.0928 0x12c0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:41:20.0936 0x12c0  rdpbus - ok
09:41:20.0945 0x12c0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:41:20.0965 0x12c0  RDPCDD - ok
09:41:20.0985 0x12c0  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
09:41:21.0007 0x12c0  RDPDR - ok
09:41:21.0009 0x12c0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:41:21.0030 0x12c0  RDPENCDD - ok
09:41:21.0033 0x12c0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:41:21.0054 0x12c0  RDPREFMP - ok
09:41:21.0095 0x12c0  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:41:21.0124 0x12c0  RdpVideoMiniport - ok
09:41:21.0149 0x12c0  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:41:21.0155 0x12c0  RDPWD - ok
09:41:21.0186 0x12c0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:41:21.0202 0x12c0  rdyboost - ok
09:41:21.0233 0x12c0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:41:21.0266 0x12c0  RemoteAccess - ok
09:41:21.0282 0x12c0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:41:21.0313 0x12c0  RemoteRegistry - ok
09:41:21.0329 0x12c0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:41:21.0344 0x12c0  RpcEptMapper - ok
09:41:21.0372 0x12c0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
09:41:21.0372 0x12c0  RpcLocator - ok
09:41:21.0388 0x12c0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
09:41:21.0419 0x12c0  RpcSs - ok
09:41:21.0434 0x12c0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:41:21.0450 0x12c0  rspndr - ok
09:41:21.0519 0x12c0  [ 61A04C0C084D560BBEF1D09604608262, 27230BDFB479FBD1B18BB4035059A52F8BE74B19190951EAC95D569E284421B3 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
09:41:21.0535 0x12c0  RTL8167 - ok
09:41:21.0569 0x12c0  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
09:41:21.0573 0x12c0  s3cap - ok
09:41:21.0588 0x12c0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
09:41:21.0604 0x12c0  SamSs - ok
09:41:21.0620 0x12c0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:41:21.0652 0x12c0  sbp2port - ok
09:41:21.0672 0x12c0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:41:21.0735 0x12c0  SCardSvr - ok
09:41:21.0752 0x12c0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:41:21.0775 0x12c0  scfilter - ok
09:41:21.0805 0x12c0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
09:41:21.0852 0x12c0  Schedule - ok
09:41:21.0885 0x12c0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:41:21.0906 0x12c0  SCPolicySvc - ok
09:41:21.0919 0x12c0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:41:21.0933 0x12c0  SDRSVC - ok
09:41:21.0951 0x12c0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:41:21.0972 0x12c0  secdrv - ok
09:41:21.0976 0x12c0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
09:41:21.0997 0x12c0  seclogon - ok
09:41:22.0008 0x12c0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
09:41:22.0031 0x12c0  SENS - ok
09:41:22.0035 0x12c0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:41:22.0046 0x12c0  SensrSvc - ok
09:41:22.0056 0x12c0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
09:41:22.0063 0x12c0  Serenum - ok
09:41:22.0072 0x12c0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
09:41:22.0088 0x12c0  Serial - ok
09:41:22.0104 0x12c0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:41:22.0119 0x12c0  sermouse - ok
09:41:22.0136 0x12c0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
09:41:22.0155 0x12c0  SessionEnv - ok
09:41:22.0171 0x12c0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:41:22.0171 0x12c0  sffdisk - ok
09:41:22.0187 0x12c0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:41:22.0187 0x12c0  sffp_mmc - ok
09:41:22.0202 0x12c0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:41:22.0202 0x12c0  sffp_sd - ok
09:41:22.0202 0x12c0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:41:22.0218 0x12c0  sfloppy - ok
09:41:22.0249 0x12c0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:41:22.0268 0x12c0  SharedAccess - ok
09:41:22.0283 0x12c0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:41:22.0314 0x12c0  ShellHWDetection - ok
09:41:22.0346 0x12c0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
09:41:22.0346 0x12c0  SiSRaid2 - ok
09:41:22.0346 0x12c0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:41:22.0362 0x12c0  SiSRaid4 - ok
09:41:22.0384 0x12c0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:41:22.0433 0x12c0  Smb - ok
09:41:22.0436 0x12c0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:41:22.0451 0x12c0  SNMPTRAP - ok
09:41:22.0451 0x12c0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:41:22.0467 0x12c0  spldr - ok
09:41:22.0482 0x12c0  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
09:41:22.0514 0x12c0  Spooler - ok
09:41:22.0578 0x12c0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
09:41:22.0672 0x12c0  sppsvc - ok
09:41:22.0688 0x12c0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:41:22.0719 0x12c0  sppuinotify - ok
09:41:22.0734 0x12c0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:41:22.0768 0x12c0  srv - ok
09:41:22.0783 0x12c0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:41:22.0799 0x12c0  srv2 - ok
09:41:22.0814 0x12c0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:41:22.0830 0x12c0  srvnet - ok
09:41:22.0846 0x12c0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:41:22.0879 0x12c0  SSDPSRV - ok
09:41:22.0893 0x12c0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:41:22.0913 0x12c0  SstpSvc - ok
09:41:22.0945 0x12c0  [ B5C26A6A92C9A6CD64399D2B06D29464, 6CAF09892D4C516361125AAF5387D5BF306EC26133EE45DBBC35C8B6190BAD24 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
09:41:22.0960 0x12c0  Steam Client Service - ok
09:41:22.0988 0x12c0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
09:41:22.0993 0x12c0  stexstor - ok
09:41:23.0065 0x12c0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
09:41:23.0107 0x12c0  stisvc - ok
09:41:23.0130 0x12c0  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
09:41:23.0138 0x12c0  storflt - ok
09:41:23.0166 0x12c0  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
09:41:23.0174 0x12c0  storvsc - ok
09:41:23.0187 0x12c0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:41:23.0195 0x12c0  swenum - ok
09:41:23.0219 0x12c0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
09:41:23.0254 0x12c0  swprv - ok
09:41:23.0273 0x12c0  [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
09:41:23.0273 0x12c0  Synth3dVsc - ok
09:41:23.0319 0x12c0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
09:41:23.0372 0x12c0  SysMain - ok
09:41:23.0373 0x12c0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:41:23.0389 0x12c0  TabletInputService - ok
09:41:23.0404 0x12c0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:41:23.0437 0x12c0  TapiSrv - ok
09:41:23.0437 0x12c0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
09:41:23.0472 0x12c0  TBS - ok
09:41:23.0519 0x12c0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:41:23.0565 0x12c0  Tcpip - ok
09:41:23.0597 0x12c0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:41:23.0628 0x12c0  TCPIP6 - ok
09:41:23.0672 0x12c0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:41:23.0704 0x12c0  tcpipreg - ok
09:41:23.0719 0x12c0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:41:23.0735 0x12c0  TDPIPE - ok
09:41:23.0755 0x12c0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:41:23.0771 0x12c0  TDTCP - ok
09:41:23.0787 0x12c0  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:41:23.0818 0x12c0  tdx - ok
09:41:23.0833 0x12c0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:41:23.0849 0x12c0  TermDD - ok
09:41:23.0881 0x12c0  [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
09:41:23.0897 0x12c0  terminpt - ok
09:41:23.0945 0x12c0  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
09:41:23.0988 0x12c0  TermService - ok
09:41:24.0003 0x12c0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
09:41:24.0019 0x12c0  Themes - ok
09:41:24.0072 0x12c0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
09:41:24.0119 0x12c0  THREADORDER - ok
09:41:24.0134 0x12c0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
09:41:24.0165 0x12c0  TrkWks - ok
09:41:24.0214 0x12c0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:41:24.0261 0x12c0  TrustedInstaller - ok
09:41:24.0279 0x12c0  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:41:24.0294 0x12c0  tssecsrv - ok
09:41:24.0341 0x12c0  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:41:24.0374 0x12c0  TsUsbFlt - ok
09:41:24.0390 0x12c0  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
09:41:24.0390 0x12c0  TsUsbGD - ok
09:41:24.0421 0x12c0  [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
09:41:24.0458 0x12c0  tsusbhub - ok
09:41:24.0489 0x12c0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:41:24.0520 0x12c0  tunnel - ok
09:41:24.0536 0x12c0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:41:24.0536 0x12c0  uagp35 - ok
09:41:24.0551 0x12c0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:41:24.0572 0x12c0  udfs - ok
09:41:24.0587 0x12c0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:41:24.0603 0x12c0  UI0Detect - ok
09:41:24.0619 0x12c0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:41:24.0619 0x12c0  uliagpkx - ok
09:41:24.0634 0x12c0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:41:24.0650 0x12c0  umbus - ok
09:41:24.0677 0x12c0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
09:41:24.0682 0x12c0  UmPass - ok
09:41:24.0698 0x12c0  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
09:41:24.0698 0x12c0  UmRdpService - ok
09:41:24.0714 0x12c0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
09:41:24.0745 0x12c0  upnphost - ok
09:41:25.0003 0x12c0  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:41:25.0187 0x12c0  usbccgp - ok
09:41:25.0288 0x12c0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:41:25.0319 0x12c0  usbcir - ok
09:41:25.0350 0x12c0  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
09:41:25.0373 0x12c0  usbehci - ok
09:41:25.0435 0x12c0  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:41:25.0483 0x12c0  usbhub - ok
09:41:25.0483 0x12c0  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:41:25.0499 0x12c0  usbohci - ok
09:41:25.0514 0x12c0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
09:41:25.0514 0x12c0  usbprint - ok
09:41:25.0546 0x12c0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
09:41:25.0561 0x12c0  USBSTOR - ok
09:41:25.0561 0x12c0  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:41:25.0579 0x12c0  usbuhci - ok
09:41:25.0594 0x12c0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
09:41:25.0626 0x12c0  UxSms - ok
09:41:25.0641 0x12c0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
09:41:25.0641 0x12c0  VaultSvc - ok
09:41:25.0657 0x12c0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:41:25.0657 0x12c0  vdrvroot - ok
09:41:25.0674 0x12c0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
09:41:25.0706 0x12c0  vds - ok
09:41:25.0706 0x12c0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:41:25.0722 0x12c0  vga - ok
09:41:25.0722 0x12c0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:41:25.0738 0x12c0  VgaSave - ok
09:41:25.0738 0x12c0  VGPU - ok
09:41:25.0753 0x12c0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:41:25.0773 0x12c0  vhdmp - ok
09:41:25.0773 0x12c0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:41:25.0773 0x12c0  viaide - ok
09:41:25.0804 0x12c0  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
09:41:25.0804 0x12c0  vmbus - ok
09:41:25.0820 0x12c0  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
09:41:25.0820 0x12c0  VMBusHID - ok
09:41:25.0851 0x12c0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:41:25.0851 0x12c0  volmgr - ok
09:41:25.0874 0x12c0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:41:25.0886 0x12c0  volmgrx - ok
09:41:25.0951 0x12c0  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:41:25.0970 0x12c0  volsnap - ok
09:41:25.0972 0x12c0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:41:25.0972 0x12c0  vsmraid - ok
09:41:26.0018 0x12c0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
09:41:26.0067 0x12c0  VSS - ok
09:41:26.0083 0x12c0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
09:41:26.0083 0x12c0  vwifibus - ok
09:41:26.0114 0x12c0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
09:41:26.0145 0x12c0  W32Time - ok
09:41:26.0145 0x12c0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:41:26.0161 0x12c0  WacomPen - ok
09:41:26.0161 0x12c0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:41:26.0194 0x12c0  WANARP - ok
09:41:26.0194 0x12c0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:41:26.0210 0x12c0  Wanarpv6 - ok
09:41:26.0272 0x12c0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
09:41:26.0288 0x12c0  WatAdminSvc - ok
09:41:26.0403 0x12c0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
09:41:26.0487 0x12c0  wbengine - ok
09:41:26.0503 0x12c0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:41:26.0503 0x12c0  WbioSrvc - ok
09:41:26.0518 0x12c0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:41:26.0534 0x12c0  wcncsvc - ok
09:41:26.0565 0x12c0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:41:26.0596 0x12c0  WcsPlugInService - ok
09:41:26.0612 0x12c0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
09:41:26.0628 0x12c0  Wd - ok
09:41:26.0672 0x12c0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:41:26.0703 0x12c0  Wdf01000 - ok
09:41:26.0738 0x12c0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:41:26.0754 0x12c0  WdiServiceHost - ok
09:41:26.0754 0x12c0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:41:26.0772 0x12c0  WdiSystemHost - ok
09:41:26.0788 0x12c0  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
09:41:26.0804 0x12c0  WebClient - ok
09:41:26.0819 0x12c0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:41:26.0835 0x12c0  Wecsvc - ok
09:41:26.0850 0x12c0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:41:26.0868 0x12c0  wercplsupport - ok
09:41:26.0884 0x12c0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:41:26.0899 0x12c0  WerSvc - ok
09:41:26.0930 0x12c0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:41:26.0946 0x12c0  WfpLwf - ok
09:41:26.0962 0x12c0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:41:26.0962 0x12c0  WIMMount - ok
09:41:26.0981 0x12c0  WinDefend - ok
09:41:26.0981 0x12c0  WinHttpAutoProxySvc - ok
09:41:27.0028 0x12c0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:41:27.0077 0x12c0  Winmgmt - ok
09:41:27.0108 0x12c0  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:41:27.0172 0x12c0  WinRM - ok
09:41:27.0219 0x12c0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:41:27.0250 0x12c0  WinUsb - ok
09:41:27.0303 0x12c0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:41:27.0370 0x12c0  Wlansvc - ok
09:41:27.0554 0x12c0  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:41:27.0604 0x12c0  wlidsvc - ok
09:41:27.0635 0x12c0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
09:41:27.0635 0x12c0  WmiAcpi - ok
09:41:27.0651 0x12c0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:41:27.0651 0x12c0  wmiApSrv - ok
09:41:27.0670 0x12c0  WMPNetworkSvc - ok
09:41:27.0672 0x12c0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:41:27.0688 0x12c0  WPCSvc - ok
09:41:27.0704 0x12c0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:41:27.0704 0x12c0  WPDBusEnum - ok
09:41:27.0704 0x12c0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:41:27.0735 0x12c0  ws2ifsl - ok
09:41:27.0750 0x12c0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
09:41:27.0750 0x12c0  wscsvc - ok
09:41:27.0750 0x12c0  WSearch - ok
09:41:27.0803 0x12c0  [ FFD80DC0CDA145C3376A5076360162C8, 2DA34929DC416164A001B7C711D7CF1046FAE53F8B31697F3EC4AF75C45163E5 ] WtuSystemSupport C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
09:41:27.0819 0x12c0  WtuSystemSupport - ok
09:41:27.0883 0x12c0  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:41:27.0946 0x12c0  wuauserv - ok
09:41:27.0977 0x12c0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:41:27.0994 0x12c0  WudfPf - ok
09:41:28.0010 0x12c0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:41:28.0041 0x12c0  WUDFRd - ok
09:41:28.0070 0x12c0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:41:28.0085 0x12c0  wudfsvc - ok
09:41:28.0105 0x12c0  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:41:28.0137 0x12c0  WwanSvc - ok
09:41:28.0187 0x12c0  [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
09:41:28.0219 0x12c0  xnacc - ok
09:41:28.0285 0x12c0  [ 377F3E3467A8BFA3CDC921AD6425D513, 699271DA1D63E90FE1F9FE8AF3A8789CA588A0B7A2AFF5899EBA443361E041A5 ] XSplit_Dummy    C:\Windows\system32\drivers\xspltspk.sys
09:41:28.0301 0x12c0  XSplit_Dummy - ok
09:41:28.0316 0x12c0  ================ Scan global ===============================
09:41:28.0332 0x12c0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:41:28.0365 0x12c0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:41:28.0396 0x12c0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:41:28.0427 0x12c0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:41:28.0459 0x12c0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
09:41:28.0478 0x12c0  [ Global ] - ok
09:41:28.0478 0x12c0  ================ Scan MBR ==================================
09:41:28.0478 0x12c0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:41:28.0711 0x12c0  \Device\Harddisk0\DR0 - ok
09:41:28.0712 0x12c0  ================ Scan VBR ==================================
09:41:28.0716 0x12c0  [ 2C1C31505D49D96AB1FC261835F762BC ] \Device\Harddisk0\DR0\Partition1
09:41:28.0757 0x12c0  \Device\Harddisk0\DR0\Partition1 - ok
09:41:28.0762 0x12c0  [ D64221B74211CEB74A3E82D1776C9C77 ] \Device\Harddisk0\DR0\Partition2
09:41:28.0847 0x12c0  \Device\Harddisk0\DR0\Partition2 - ok
09:41:28.0848 0x12c0  ================ Scan generic autorun ======================
09:41:29.0064 0x12c0  [ 559F228C84DD7B5E35D33154CED320B2, 7D6C77613550024825DE7B17249A8B5E822FA54DAC475A849374A89D84993F8F ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
09:41:29.0235 0x12c0  RTHDVCPL - ok
09:41:29.0303 0x12c0  [ 4A0477ADCD07EC9D21257A2E456B16C5, CEF9C81730C12283A7600C3D921D89A62B14D1C46544B493F3AF7520DD2D1F79 ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
09:41:29.0303 0x12c0  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
09:41:32.0849 0x12c0  Detect skipped due to KSN trusted
09:41:32.0849 0x12c0  IAStorIcon - ok
09:41:33.0020 0x12c0  [ E265333FED70984757A2506DE17CF381, B31FE2E6505C182B65FD73127165F4FF84D63C8BF53D644117FE15191E690369 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
09:41:33.0052 0x12c0  AdobeAAMUpdater-1.0 - ok
09:41:33.0119 0x12c0  [ 094E4E76FB9AB960A73F841BC6733F42, 01C1BFF17BEC6588E192EC4D7ACB74FC9B95ECA7CB8BB9585B04FC8EA73C3B43 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
09:41:33.0135 0x12c0  USB3MON - ok
09:41:33.0318 0x12c0  [ 30D591EA7DC36C5657B86785DA2AFE9A, 5E04A8B05BD693BC71E563D7CB269F4C8C7D0D6C6E2017784FF59507929B9705 ] C:\Program Files (x86)\AVG\AVG2015\avgui.exe
09:41:33.0372 0x12c0  AVG_UI - ok
09:41:33.0487 0x12c0  [ 5FC6AD6AE07F8827F954C4C6B73568E2, 6A2C1328BFBFB8D41CE268C2D1C26B1E2FCF2E426A98A740536689FB568ACFE9 ] C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
09:41:33.0518 0x12c0  StartCCC - ok
09:41:33.0588 0x12c0  [ EDAD056653FF43873BCC2521F29A5430, CD43F5649BB4E79501FE87C0617382A623ECCB50BD928026A88FDD25723101CE ] C:\PROGRA~2\Raptr\raptrstub.exe
09:41:33.0603 0x12c0  Raptr - ok
09:41:33.0698 0x12c0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:41:33.0747 0x12c0  Sidebar - ok
09:41:33.0780 0x12c0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:41:33.0811 0x12c0  mctadmin - ok
09:41:33.0827 0x12c0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:41:33.0858 0x12c0  Sidebar - ok
09:41:33.0858 0x12c0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:41:33.0875 0x12c0  mctadmin - ok
09:41:33.0891 0x12c0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\sidebar.exe
09:41:33.0922 0x12c0  Sidebar - ok
09:41:34.0021 0x12c0  [ FA18A83CD2D176C72692F149C549E247, C845C47CF894FE312E1CC4C2667AFBAFABFCFFD0F8425D9ED34324AA9E491BD3 ] C:\Users\Ruben\AppData\Roaming\uTorrent\uTorrent.exe
09:41:34.0052 0x12c0  uTorrent - ok
09:41:34.0149 0x12c0  [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
09:41:34.0247 0x12c0  DAEMON Tools Lite - ok
09:41:34.0247 0x12c0  Waiting for KSN requests completion. In queue: 290
09:41:35.0251 0x12c0  Waiting for KSN requests completion. In queue: 290
09:41:36.0252 0x12c0  Waiting for KSN requests completion. In queue: 12
09:41:37.0253 0x12c0  Waiting for KSN requests completion. In queue: 12
09:41:38.0253 0x12c0  Waiting for KSN requests completion. In queue: 12
09:41:39.0265 0x12c0  Waiting for KSN requests completion. In queue: 12
09:41:40.0265 0x12c0  Waiting for KSN requests completion. In queue: 12
09:41:41.0266 0x12c0  Waiting for KSN requests completion. In queue: 12
09:41:42.0302 0x12c0  AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files (x86)\AVG\AVG2015\avgwsc.exe ( 15.0.0.5751 ), 0x40000 ( disabled : updated )
09:41:42.0318 0x12c0  Win FW state via NFP2: enabled
09:41:45.0220 0x12c0  ============================================================
09:41:45.0220 0x12c0  Scan finished
09:41:45.0220 0x12c0  ============================================================
09:41:45.0237 0x0cd0  Detected object count: 0
09:41:45.0237 0x0cd0  Actual detected object count: 0


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:32 PM

Posted 21 March 2015 - 01:10 PM

Hi,
 
warning.gif P2P warning

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via  hidden2.png > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Step 1

  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Spyhunter 4
    Google Chrome 
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Step 2

Reinstall Google Chrome. Download

Step 3

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    Startup: C:\Users\Ruben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Harry Potter - Akabur Witch Trainer [Save game].lnk
    ShortcutTarget: Harry Potter - Akabur Witch Trainer [Save game].lnk -> C:\ProgramData\{40c499aa-0f11-3f4b-40c4-499aa0f166a8}\Harry Potter - Akabur Witch Trainer [Save game].exe ()
    C:\ProgramData\{40c499aa-0f11-3f4b-40c4-499aa0f166a8}\
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO: youtubeadblocker -> {a330ba2a-2227-42a2-a8e7-0ef81bb1ea3b} -> C:\Program Files (x86)\youtubeadblocker\QAZpkRRR3kYr0L.x64.dll No File
    2015-03-20 07:03 - 2015-03-20 07:03 - 00061516 _____ () C:\Users\Ruben\AppData\Local\temp023423.vbe
    2015-03-10 12:38 - 2015-03-10 12:38 - 00000000 _____ () C:\autoexec.bat
    2015-03-10 12:36 - 2015-03-10 12:36 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Ruben\Downloads\SpyHunter-Installer.exe
    Task: {3F501E01-98CF-4471-8766-908B9C207C1A} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
    Task: {5013C1CC-939E-4C4F-997C-CD8B7CC724D6} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
    Task: {9C5BAE5A-AC51-47E6-B185-650536856589} - System32\Tasks\{FF1A9280-DAE8-47B7-8EEA-346504304B3C} => pcalua.exe -a C:\Users\Ruben\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=amt
    Task: {DFF127C6-0C08-45AA-B90F-BD25ECEDB1AF} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-03-20] () 
    C:\ProgramData\Origin\update.vbe 
    2015-03-21 08:07 - 2015-03-21 08:15 - 01605120 _____ () C:\Windows\Temp\svchost.exe
    2015-03-21 08:07 - 2015-03-21 08:15 - 01594368 _____ () C:\Windows\Temp\lsass.exe
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

 

 


goGMWSt.gifCRACKED SOFTWARE WARNING

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security risk. Were you aware your machine has cracked software installed? I do not approve of nor support illegal software.

Malware authors promote and release cracked software to spread their infections. I strongly recommend you refrain from participating in this activity; your computer will be repeatedly infected otherwise. Simply visiting a cracked software site can result in infection via drive-by exploits of vulnerable software.

Cracked software will make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to reformat your Hard Drive and reinstall your Operating System. Please read the following articles for more information.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Rupperto

Rupperto
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 21 March 2015 - 09:40 PM

When i try to delete the SpyHunter 4 an error pops up.

I tried deleting it from control panel it says that it must have already uninstalled.

Do i move on with the next step?

 

It says that it can be deleted from the list of programs.


Edited by Rupperto, 21 March 2015 - 09:41 PM.


#8 Rupperto

Rupperto
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:32 AM

Posted 21 March 2015 - 10:04 PM

This is the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Ruben at 2015-03-21 19:59:37 Run:1
Running from C:\Users\Ruben\Downloads
Loaded Profiles: Ruben (Available profiles: Ruben)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
Startup: C:\Users\Ruben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Harry Potter - Akabur Witch Trainer [Save game].lnk
ShortcutTarget: Harry Potter - Akabur Witch Trainer [Save game].lnk -> C:\ProgramData\{40c499aa-0f11-3f4b-40c4-499aa0f166a8}\Harry Potter - Akabur Witch Trainer [Save game].exe ()
C:\ProgramData\{40c499aa-0f11-3f4b-40c4-499aa0f166a8}\
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: youtubeadblocker -> {a330ba2a-2227-42a2-a8e7-0ef81bb1ea3b} -> C:\Program Files (x86)\youtubeadblocker\QAZpkRRR3kYr0L.x64.dll No File
2015-03-20 07:03 - 2015-03-20 07:03 - 00061516 _____ () C:\Users\Ruben\AppData\Local\temp023423.vbe
2015-03-10 12:38 - 2015-03-10 12:38 - 00000000 _____ () C:\autoexec.bat
2015-03-10 12:36 - 2015-03-10 12:36 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Ruben\Downloads\SpyHunter-Installer.exe
Task: {3F501E01-98CF-4471-8766-908B9C207C1A} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Task: {5013C1CC-939E-4C4F-997C-CD8B7CC724D6} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {9C5BAE5A-AC51-47E6-B185-650536856589} - System32\Tasks\{FF1A9280-DAE8-47B7-8EEA-346504304B3C} => pcalua.exe -a C:\Users\Ruben\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=amt
Task: {DFF127C6-0C08-45AA-B90F-BD25ECEDB1AF} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-03-20] () 
C:\ProgramData\Origin\update.vbe 
2015-03-21 08:07 - 2015-03-21 08:15 - 01605120 _____ () C:\Windows\Temp\svchost.exe
2015-03-21 08:07 - 2015-03-21 08:15 - 01594368 _____ () C:\Windows\Temp\lsass.exe
*****************
 
Processes closed successfully.
C:\Users\Ruben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Harry Potter - Akabur Witch Trainer [Save game].lnk => Moved successfully.
C:\ProgramData\{40c499aa-0f11-3f4b-40c4-499aa0f166a8}\Harry Potter - Akabur Witch Trainer [Save game].exe => Moved successfully.
C:\ProgramData\{40c499aa-0f11-3f4b-40c4-499aa0f166a8} => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a330ba2a-2227-42a2-a8e7-0ef81bb1ea3b}" => Key deleted successfully.
"HKCR\CLSID\{a330ba2a-2227-42a2-a8e7-0ef81bb1ea3b}" => Key deleted successfully.
C:\Users\Ruben\AppData\Local\temp023423.vbe => Moved successfully.
C:\autoexec.bat => Moved successfully.
C:\Users\Ruben\Downloads\SpyHunter-Installer.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F501E01-98CF-4471-8766-908B9C207C1A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F501E01-98CF-4471-8766-908B9C207C1A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5013C1CC-939E-4C4F-997C-CD8B7CC724D6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5013C1CC-939E-4C4F-997C-CD8B7CC724D6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C5BAE5A-AC51-47E6-B185-650536856589}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C5BAE5A-AC51-47E6-B185-650536856589}" => Key deleted successfully.
C:\Windows\System32\Tasks\{FF1A9280-DAE8-47B7-8EEA-346504304B3C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FF1A9280-DAE8-47B7-8EEA-346504304B3C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DFF127C6-0C08-45AA-B90F-BD25ECEDB1AF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFF127C6-0C08-45AA-B90F-BD25ECEDB1AF}" => Key deleted successfully.
C:\Windows\System32\Tasks\Origin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => Key deleted successfully.
C:\ProgramData\Origin\update.vbe => Moved successfully.
C:\Windows\Temp\svchost.exe => Moved successfully.
C:\Windows\Temp\lsass.exe => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:59:38 ====


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:32 PM

Posted 22 March 2015 - 12:41 PM

Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.

Step 1

v21logo.PNG

Please download and install Malwarebytes Anti-Malware. (NEW VERSION!)

  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].

mbamv21.gif


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 22 March 2015 - 12:42 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:32 PM

Posted 25 March 2015 - 06:16 PM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:32 PM

Posted 29 March 2015 - 07:18 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users