Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Steam *32 process appears in task manager, not really running steam.


  • This topic is locked This topic is locked
16 replies to this topic

#1 handakes

handakes

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 27 March 2015 - 06:25 AM

hey there,
for a good while now i've been occasionally seeing a spike in my CPU usage, when i opened the performance monitor, it showed that "Xboxstat" is the process that's causes the extra load, after googling, it's a legit process but it's only used to run the Xbox controller for windows and should not under any circumstances hog 25% of my cpu load! (i have i5 3570k quad core process Running @4.4 GHz!)

lately this spike started happening again, but this time the process shows up as "Steam" in the performance monitor, and sure, i do have it installed, but it's not running at the time, and i didn't even set it to run when windows start!
the problem now is p[retty much identical to this thread:
"http://www.bleepingcomputer.com/forums/t/562628/steam-32-process-appears-in-task-manager/"

a while back now, my PC was infected with a VBS script that turns every thing into shortcuts on any removable driver, the original script was on my C partition and it was not detected by any antivirus at all! i had to track it down and remove it manually, but i found a program called USBfix that's supposed to remove this particular script,
http://www.en.usbfix.net/

well, it worked, i guess..but i have already removed the original script manually like i said, and this program looks a bit dodgy too, so i thought i would state this as past history of infection, maybe it's related..

went ahead and did a FRST scan, i killed the process manually now, if you want a scan while it's still running i can always reboot and do a new scan when it shows up, let me know what you guys think..

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by MOI (administrator) on MOI-PC on 27-03-2015 13:23:57
Running from C:\Users\MOI\Desktop
Loaded Profiles: MOI (Available profiles: MOI & FL2-MAN)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files (x86)\BitdefenderBandwidthFix\BitdefenderBandwidthFix.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
() E:\Programs\CPU-Z\Core Temp.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(SeriousBit) C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
() C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
() E:\Programs\RBTray\64bit\RBTray.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad Muncher] => C:\Program Files (x86)\Ad Muncher\AdMunch.exe [560760 2015-03-14] (Murray Hurps Software Pty Ltd)
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\\OscarEditor.exe [3536896 2010-12-24] ()
HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\Run: [OscarKeyboard] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe [3536896 2010-12-24] ()
HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [928656 2011-04-14] (Samsung)
HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3373968 2011-04-14] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [19872 2011-04-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
Startup: C:\Users\FL2-MAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
Startup: C:\Users\MOI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RBTray.exe - Shortcut.lnk
ShortcutTarget: RBTray.exe - Shortcut.lnk -> E:\Programs\RBTray\64bit\RBTray.exe ()
Startup: C:\Users\MOI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-630149823-2377076548-582725754-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-08-20] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-07] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-07] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-08-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10] (Adobe Systems Incorporated)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\..\Interfaces\{961F65A3-8AA1-4202-8669-69DA03F45BC1}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\MOI\AppData\Roaming\Mozilla\Firefox\Profiles\sgambccf.default
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-17] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-07] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-630149823-2377076548-582725754-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MOI\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\MOI\AppData\Roaming\Mozilla\Firefox\Profiles\sgambccf.default\Extensions\abs@avira.com [2015-03-13]
FF Extension: Test Pilot - C:\Users\MOI\AppData\Roaming\Mozilla\Firefox\Profiles\sgambccf.default\Extensions\testpilot@labs.mozilla.com.xpi [2014-08-09]
FF HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\MOI\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\MOI\AppData\Roaming\IDM\idmmzcc5 [2014-08-31]
FF HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\MOI\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://www.google.com/"
CHR Profile: C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-08-07]
CHR Extension: (Entanglement Web App) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-08-07]
CHR Extension: (Google Drive) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-07]
CHR Extension: (Web Developer) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-08-07]
CHR Extension: (YouTube) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-07]
CHR Extension: (History 2) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp [2014-08-07]
CHR Extension: (Adblock Plus) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-07]
CHR Extension: (Google Search) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-07]
CHR Extension: (Tampermonkey) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-08-07]
CHR Extension: (Simple Facebook) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\fehonfajapnkdlogkffeemjoninangkk [2014-08-07]
CHR Extension: (IDM Integration Module) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-08-31]
CHR Extension: (Hangouts) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2014-11-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Better Youtube History) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleajdkalfbohpinoaekajagdefaeckd [2014-08-07]
CHR Extension: (Poppit!) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-07]
CHR Extension: (Hangouts) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-10-10]
CHR Extension: (Your Quality for YouTube™) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfcilgimggemnogfigihdkmapdhhlbph [2014-12-15]
CHR Extension: (Google Wallet) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-08-28]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-08-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
S3 EvoSvc; C:\Program Files (x86)\Evolve\EvoSvc.exe [1581440 2015-03-08] (Echobit LLC)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-11-25] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MUTESV_SERVICE; C:\Program Files\ASTER-V7\mutesv.exe [8704 2010-09-01] () [File not signed]
R2 NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [128776 2015-01-29] (SeriousBit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-07-01] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-18] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 ASUSstpt; C:\Windows\System32\DRIVERS\ASUSstpt.sys [24648 2011-09-15] (MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\DRIVERS\ASUSumsc.sys [141896 2011-09-15] (MCCI Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2015-03-20] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2009-02-10] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-08] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 MUTENX_SERVICE; C:\Windows\System32\DRIVERS\mutenx.sys [67728 2010-09-02] () [File not signed]
R1 nbdrv; C:\Windows\System32\DRIVERS\nbdrv.sys [41392 2013-11-25] (SeriousBit)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [202560 2011-02-18] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [25592 2015-01-13] (Windows (R) Win 7 DDK provider)
R3 ALSysIO; \??\C:\Users\MOI\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-27 13:23 - 2015-03-27 13:24 - 00023573 _____ () C:\Users\MOI\Desktop\FRST.txt
2015-03-27 13:13 - 2015-03-27 13:13 - 02095616 _____ (Farbar) C:\Users\MOI\Desktop\FRST64.exe
2015-03-27 12:16 - 2015-03-27 12:16 - 00000000 ___RD () C:\Users\MOI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-27 11:03 - 2015-03-27 11:03 - 00000930 _____ () C:\Users\Public\Desktop\DS3 Tool.lnk
2015-03-27 11:03 - 2015-03-27 11:03 - 00000000 ____D () C:\Users\MOI\AppData\Roaming\MotioninJoy
2015-03-27 11:03 - 2015-03-27 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2015-03-27 11:03 - 2015-03-27 11:03 - 00000000 ____D () C:\Program Files\MotioninJoy
2015-03-27 11:03 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2015-03-27 11:03 - 2011-12-07 19:42 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys
2015-03-27 10:23 - 2015-03-27 11:35 - 00000000 ____D () C:\Users\MOI\AppData\Local\Ori and the Blind Forest
2015-03-27 10:10 - 2015-03-27 10:10 - 00000804 _____ () C:\Users\MOI\Desktop\Ori and the Blind Forest.lnk
2015-03-27 10:10 - 2015-03-27 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ori and the Blind Forest
2015-03-26 11:54 - 2015-03-26 11:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-25 17:43 - 2015-03-26 09:22 - 207731387 _____ () C:\Users\MOI\Desktop\Final.psd
2015-03-20 15:19 - 2015-03-22 09:51 - 00000000 ____D () C:\Users\MOI\Documents\FIFA 15
2015-03-20 15:13 - 2015-03-20 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15 Ultimate Team Edition
2015-03-20 14:49 - 2015-03-20 14:49 - 00000000 ____D () C:\ProgramData\bdch
2015-03-20 06:13 - 2015-03-20 06:13 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-03-18 19:47 - 2015-03-18 19:47 - 00000000 ___RD () C:\Users\FL2-MAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-14 19:54 - 2015-03-14 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad Muncher
2015-03-14 19:54 - 2015-03-14 19:54 - 00000000 ____D () C:\ProgramData\Ad Muncher
2015-03-14 19:54 - 2015-03-14 19:54 - 00000000 ____D () C:\Program Files (x86)\Ad Muncher
2015-03-12 16:58 - 2015-03-12 16:58 - 00000000 ____D () C:\ProgramData\Origin
2015-03-12 16:46 - 2015-03-20 15:13 - 00000974 _____ () C:\Users\Public\Desktop\FIFA 15.lnk
2015-03-12 16:38 - 2015-03-12 16:38 - 00003208 _____ () C:\Windows\System32\Tasks\Steam_x64-S-2-106-91
2015-03-08 02:36 - 2015-03-14 20:05 - 00000000 ____D () C:\Users\MOI\AppData\Roaming\Tunngle
2015-03-08 02:36 - 2015-03-14 20:05 - 00000000 ____D () C:\ProgramData\Tunngle
2015-03-08 02:36 - 2015-03-08 02:36 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2015-03-08 02:36 - 2015-03-08 02:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2015-03-08 02:36 - 2015-03-08 02:36 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2015-03-08 02:05 - 2015-03-08 02:06 - 00002900 _____ () C:\Windows\system32\lic2.xml3476
2015-03-08 01:18 - 2015-03-08 01:18 - 00001942 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2015-03-08 01:11 - 2015-03-08 01:23 - 00000000 ____D () C:\Program Files (x86)\Evolve
2015-03-08 01:09 - 2015-03-08 01:09 - 00000000 ____D () C:\Users\MOI\AppData\Local\Echobit
2015-03-08 01:09 - 2015-03-08 01:09 - 00000000 ____D () C:\ProgramData\Echobit
2015-03-03 09:03 - 2015-03-03 09:03 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-03-03 09:03 - 2015-03-03 09:03 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-03-03 09:03 - 2015-03-03 09:03 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-03-03 09:03 - 2015-03-03 09:03 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-03-03 09:03 - 2015-03-03 09:03 - 00000000 ____D () C:\Program Files (x86)\OpenAL
2015-03-03 08:57 - 2015-03-03 09:03 - 00000000 ____D () C:\Users\MOI\AppData\Roaming\NationRed
2015-03-03 08:40 - 2015-03-03 08:57 - 00000867 _____ () C:\Users\MOI\Desktop\Nation Red.lnk
2015-03-03 08:40 - 2015-03-03 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nation Red
2015-03-02 16:41 - 2015-03-02 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
2015-03-02 16:41 - 2015-03-02 16:41 - 00000000 ____D () C:\Program Files (x86)\Combined Community Codec Pack
2015-03-01 01:10 - 2015-03-01 01:10 - 00000778 _____ () C:\Users\MOI\Desktop\Dying Light.lnk
2015-03-01 01:10 - 2015-03-01 01:10 - 00000000 ____D () C:\Users\MOI\AppData\Roaming\Dying Light
2015-03-01 00:23 - 2015-03-01 00:23 - 00000000 ____D () C:\Users\MOI\AppData\Local\Personal_use_only_(Darean
2015-03-01 00:01 - 2015-03-01 00:01 - 00000000 ____D () C:\Users\FL2-MAN\Documents\DyingLight
2015-02-28 10:43 - 2015-02-28 10:43 - 00000000 ____D () C:\Users\FL2-MAN\AppData\Roaming\TeraCopy
2015-02-28 10:36 - 2015-02-28 10:36 - 00000965 _____ () C:\Users\FL2-MAN\Desktop\asternx - Shortcut.lnk
2015-02-28 09:38 - 2015-02-28 09:38 - 00000965 _____ () C:\Users\MOI\Desktop\Aster V7.lnk
2015-02-28 08:37 - 2015-03-01 00:37 - 00000000 ____D () C:\Program Files (x86)\ExKode
2015-02-28 08:37 - 2015-02-28 11:24 - 00000000 ____D () C:\Users\MOI\AppData\Local\Dxtory Software
2015-02-28 06:48 - 2015-02-28 17:06 - 00000000 ____D () C:\Users\MOI\Documents\DyingLight
2015-02-27 19:00 - 2015-02-27 19:00 - 00000000 ____D () C:\Users\MOI\AppData\Local\Steam
2015-02-27 02:25 - 2015-02-27 02:25 - 00000000 ____D () C:\Users\MOI\Documents\Wondershare
2015-02-27 02:25 - 2015-02-27 02:25 - 00000000 ____D () C:\Users\MOI\AppData\Roaming\HMYGSetting
2015-02-27 02:04 - 2015-02-27 02:24 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2015-02-27 01:11 - 2015-02-27 02:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-02-27 00:55 - 2015-02-27 02:43 - 00000000 ____D () C:\Users\MOI\AppData\Roaming\Wondershare
2015-02-27 00:55 - 2015-02-27 02:43 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-02-27 00:55 - 2015-02-27 02:25 - 00000000 ____D () C:\ProgramData\Wondershare
2015-02-27 00:55 - 2015-02-27 01:11 - 00000000 ___HD () C:\Program Files (x86)\DrFoneAndroid_Temp
2015-02-27 00:55 - 2015-02-27 01:11 - 00000000 ____D () C:\Users\MOI\.android
2015-02-27 00:55 - 2015-02-27 00:55 - 00000000 ____D () C:\Users\MOI\AppData\Local\Wondershare
2015-02-26 13:37 - 2015-02-26 13:37 - 00000785 _____ () C:\Users\MOI\Desktop\KOFXIII.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-27 13:23 - 2014-10-31 19:41 - 00000000 ____D () C:\FRST
2015-03-27 12:55 - 2015-02-06 09:50 - 00000842 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d041e18e76e6c1.job
2015-03-27 12:49 - 2014-08-07 20:45 - 00000842 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-27 12:22 - 2009-07-14 06:45 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 12:22 - 2009-07-14 06:45 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-27 12:19 - 2014-08-07 18:01 - 01159682 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 12:16 - 2015-02-06 09:50 - 00000838 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d041e18d451906.job
2015-03-27 12:16 - 2014-09-01 07:28 - 00099239 _____ () C:\Windows\setupact.log
2015-03-27 12:15 - 2014-08-07 21:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-27 12:15 - 2014-08-07 20:45 - 00000838 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-27 12:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-27 12:12 - 2014-11-02 18:56 - 00007606 _____ () C:\Users\MOI\AppData\Local\Resmon.ResmonCfg
2015-03-27 12:11 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-27 11:02 - 2015-02-16 18:30 - 00000000 ____D () C:\Windows\USB Vibration
2015-03-27 11:02 - 2014-08-07 20:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-27 10:53 - 2014-08-07 21:30 - 00000000 ____D () C:\Users\MOI\AppData\Roaming\BitComet
2015-03-26 19:25 - 2014-08-23 18:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-26 17:50 - 2014-08-08 09:08 - 00000000 ____D () C:\Users\MOI\AppData\Local\CrashDumps
2015-03-25 20:30 - 2009-07-14 06:45 - 04990752 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-25 17:52 - 2014-08-07 20:43 - 00121096 _____ () C:\Users\MOI\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-24 23:12 - 2014-08-08 09:30 - 00686794 _____ () C:\Windows\system32\perfh00C.dat
2015-03-24 23:12 - 2014-08-08 09:30 - 00483214 _____ () C:\Windows\system32\perfh001.dat
2015-03-24 23:12 - 2014-08-08 09:30 - 00131424 _____ () C:\Windows\system32\perfc00C.dat
2015-03-24 23:12 - 2014-08-08 09:30 - 00096148 _____ () C:\Windows\system32\perfc001.dat
2015-03-24 23:12 - 2009-07-14 07:13 - 02172350 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-23 20:42 - 2014-11-08 01:45 - 00000132 _____ () C:\Users\MOI\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-03-23 20:06 - 2014-09-03 17:44 - 00184124 _____ () C:\Windows\PFRO.log
2015-03-23 13:45 - 2015-01-28 07:01 - 00357990 _____ () C:\Users\MOI\fightcade.log
2015-03-23 13:45 - 2015-01-28 07:01 - 00001207 _____ () C:\Users\MOI\ggpo-ng.ini
2015-03-23 13:41 - 2015-01-28 07:01 - 00425836 _____ () C:\Users\MOI\fightcade-debug.log
2015-03-23 13:36 - 2015-01-28 07:11 - 00006588 _____ () C:\Users\MOI\ggpofba-ng.bkp.ini
2015-03-20 14:25 - 2014-10-01 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
2015-03-20 06:04 - 2014-11-08 06:27 - 00000000 ____D () C:\Users\MOI\Screenshots
2015-03-20 06:04 - 2014-10-08 07:36 - 00000000 ____D () C:\Users\MOI\Movies
2015-03-20 05:57 - 2014-11-01 04:35 - 00000000 ____D () C:\Users\MOI\AppData\Roaming\abgx360
2015-03-18 19:52 - 2009-07-14 09:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-18 19:47 - 2014-11-29 03:50 - 00003418 _____ () C:\Windows\Sandboxie.ini
2015-03-17 14:18 - 2014-08-10 15:32 - 00000000 ____D () C:\Users\MOI\AppData\Local\Adobe
2015-03-17 13:54 - 2014-08-10 01:08 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-17 13:54 - 2014-08-10 01:08 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-17 05:28 - 2014-08-29 05:17 - 00000000 ____D () C:\Users\MOI\AppData\Roaming\DMCache
2015-03-16 00:44 - 2014-08-29 05:17 - 00000000 ____D () C:\Users\MOI\Downloads\Compressed
2015-03-14 19:53 - 2009-07-14 04:34 - 00518637 _____ () C:\Windows\system32\Drivers\etc\hosts-adblock
2015-03-12 16:38 - 2014-11-05 21:39 - 00000000 ____D () C:\Users\MOI\AppData\Roaming\Unity
2015-03-10 22:46 - 2014-11-28 19:23 - 00000000 ____D () C:\Users\MOI\Desktop\Nora 2.0
2015-03-08 02:47 - 2014-08-08 06:39 - 00000000 ____D () C:\ProgramData\Steam
2015-03-08 02:37 - 2014-09-27 03:16 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2015-03-08 01:19 - 2014-09-07 13:14 - 00144571 _____ () C:\Windows\DirectX.log
2015-03-01 01:10 - 2015-02-04 01:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-03-01 00:38 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-02-28 18:25 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-02-28 15:33 - 2014-09-27 22:18 - 00114464 _____ () C:\Users\FL2-MAN\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-27 00:55 - 2014-08-07 18:02 - 00000000 ____D () C:\Users\MOI

==================== Files in the root of some directories =======

2014-11-08 01:45 - 2015-03-23 20:42 - 0000132 _____ () C:\Users\MOI\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-08-10 16:21 - 2014-08-27 19:27 - 0007168 _____ () C:\Users\MOI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-17 07:15 - 2015-02-19 13:46 - 1065984 _____ () C:\Users\MOI\AppData\Local\file__0.localstorage
2014-11-02 18:56 - 2015-03-27 12:12 - 0007606 _____ () C:\Users\MOI\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\MOI\AppData\Local\setup.txt
2014-08-08 05:12 - 2014-08-08 05:12 - 0047340 _____ () C:\ProgramData\1407467490.bdinstall.bin
2014-08-08 05:37 - 2014-08-08 05:37 - 0048455 _____ () C:\ProgramData\1407469028.bdinstall.bin
2014-08-08 05:49 - 2014-08-08 05:49 - 0300981 _____ () C:\ProgramData\1407469293.bdinstall.bin
2014-08-08 12:56 - 2014-08-08 12:56 - 0037634 _____ () C:\ProgramData\1407495365.bdinstall.bin
2014-08-08 12:58 - 2014-08-08 12:58 - 0097504 _____ () C:\ProgramData\1407495366.bdinstall.bin
2014-10-31 07:13 - 2014-10-31 07:13 - 0044403 _____ () C:\ProgramData\1414732410.bdinstall.bin
2014-10-31 07:14 - 2014-10-31 07:14 - 0040626 _____ () C:\ProgramData\1414732454.2776.bin
2014-10-31 07:14 - 2014-10-31 07:14 - 0002151 _____ () C:\ProgramData\1414732454.5280.bin
2014-10-31 07:17 - 2014-10-31 07:18 - 0004736 _____ () C:\ProgramData\1414732634.4140.bin
2014-10-31 07:17 - 2014-10-31 07:19 - 0009054 _____ () C:\ProgramData\1414732634.4360.bin
2014-10-31 07:17 - 2014-10-31 07:18 - 0013698 _____ () C:\ProgramData\1414732634.4624.bin
2014-10-31 07:17 - 2014-10-31 07:18 - 0047648 _____ () C:\ProgramData\1414732634.5076.bin
2014-10-31 07:18 - 2014-10-31 07:18 - 0009193 _____ () C:\ProgramData\1414732634.5276.bin
2014-10-31 07:18 - 2014-10-31 07:18 - 0002152 _____ () C:\ProgramData\1414732634.5280.bin
2014-10-31 07:18 - 2014-10-31 07:18 - 0004486 _____ () C:\ProgramData\1414732634.5288.bin
2014-10-31 07:21 - 2014-10-31 07:21 - 0103251 _____ () C:\ProgramData\1414732886.bdinstall.bin
2014-10-31 07:21 - 2014-10-31 07:21 - 0104246 _____ () C:\ProgramData\1414732904.bdinstall.bin
2014-11-01 16:56 - 2014-11-01 16:56 - 0169432 _____ () C:\ProgramData\1414853740.bdinstall.bin

Files to move or delete:
====================
C:\Users\MOI\fraps.exe
C:\Users\MOI\fraps32.dll
C:\Users\MOI\fraps64.dat
C:\Users\MOI\fraps64.dll
C:\Users\MOI\frapslcd.dll
C:\Users\MOI\uninstall.exe


Some content of TEMP:
====================
C:\Users\MOI\AppData\Local\Temp\20cncwie.dll
C:\Users\MOI\AppData\Local\Temp\AcDeltree.exe
C:\Users\MOI\AppData\Local\Temp\bassmod.dll
C:\Users\MOI\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\MOI\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\MOI\AppData\Local\Temp\nvStInst.exe
C:\Users\MOI\AppData\Local\Temp\SandboxieInstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-03-26 22:18

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by MOI at 2015-03-27 13:24:22
Running from C:\Users\MOI\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"FORCED" (HKLM-x32\...\{73EB236C-65E8-4F85-A391-CEC85B1C478E}_is1) (Version: 4.2.1.11687 - )
"Transistor" (HKLM-x32\...\{28562D01-4A0D-403C-A1BE-4135AA8D8F30}_is1) (Version: 1.25992.0.0 (Update 3) - )
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.4 - )
3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark)
3DMark (Version: 1.4.828.0 - Futuremark) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
Acoustica Mixcraft 6 (HKLM-x32\...\Acoustica Mixcraft 6) (Version: b216 - Acoustica)
Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
Ad Muncher v4.94.34121 (Free)  (HKLM-x32\...\Ad Muncher) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AnatronicaFree (HKLM-x32\...\AnatronicaFree) (Version:  - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)
ASTER-V7 (HKLM\...\{FAE1618B-B66C-48B4-B183-7553B9FB0B38}) (Version: 1.0.0 - IBIK)
AutoHotkey 1.1.09.04 (HKLM\...\AutoHotkey) (Version: 1.1.09.04 - Lexikos)
BitComet 1.36 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.36 - CometNetwork)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
BitdefenderBandwidthFix version 0.1 (HKLM-x32\...\{5148D5C8-FDA4-4F30-809C-787E029BCC24}_is1) (Version: 0.1 - JoshY and The Bitdefender Community)
Blender (HKLM\...\Blender) (Version: 2.63-release - Blender Foundation)
BloodRayne Betrayal (HKLM-x32\...\BloodRayne Betrayal_is1) (Version:  - )
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Blur(TM) (HKLM-x32\...\InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}) (Version: 1.00.0000 - Activision)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
COWON Media Center - jetAudio Basic VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.14 - COWON)
CPUID CPU-Z 1.61.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectVobSub 2.41.6609 (HKLM-x32\...\vsfilter_is1) (Version: 2.41.6609 - MPC-HC Team)
Dying Light (HKLM-x32\...\Dying Light_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
Dying Light Update v1.5.0 (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
EVGA PrecisionX 16 (HKLM-x32\...\{D99289E6-A66A-4D27-A3E0-EC726A7BC82D}) (Version: 5.3.0 - EVGA Corporation)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.11 - Echobit, LLC)
FIFA 15 Ultimate Team Edition (HKLM-x32\...\FIFA 15 Ultimate Team Edition_is1) (Version: 1.4.0.0 - Релиз от R.G. Steamgames)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{03856D3F-DDDC-4C9A-9202-36529D21D94C}) (Version: 4.32.483.0 - Futuremark)
Gauntlet (HKLM-x32\...\Gauntlet_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Geeks3D FurMark 1.15.1.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Horizon v2.7.9.0 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.0 - Daring Development Inc.)
Hotline Miami (HKLM-x32\...\GOGPACKHOTLINEMIAMI_is1) (Version: 2.0.0.4 - GOG.com)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iWisoft Free Video Converter 1.2 (HKLM-x32\...\iWisoft Free Video Converter_is1) (Version: 1.2 - www.easy-video-converter.com)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Lethal League v1.0.0.0 (HKLM-x32\...\Lethal League_is1) (Version: v1.0.0.0 - )
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.5.1 - Hermann Schinagl)
Lone Survivor - The Director's Cut (HKLM-x32\...\GOGPACKLONESURVIVORDC_is1) (Version: 2.0.0.2 - GOG.com)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
MegaDownloader 0.92 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 0.92 - Andres_age)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60830 (HKLM\...\{122B909F-9DCF-360E-91E7-0679E033FBE1}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60830 (HKLM\...\{083808D6-6235-37A8-82C1-98D226EB681F}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830 (HKLM-x32\...\{F68B404C-0E04-337F-A132-796508EE337A}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830 (HKLM-x32\...\{50AF8559-F490-381F-A6E7-06A07DE227DC}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0 (x86 en-US)) (Version: 37.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Nation Red (HKLM-x32\...\Nation Red_is1) (Version:  - )
NetBalancer (HKLM\...\NetBalancer_is1) (Version:  - SeriousBit)
Nidhogg v1.004 (HKLM-x32\...\TmlkaG9nZ3YxMDA0_is1) (Version: 1 - )
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN 2.2.1 (HKLM-x32\...\OpenVPN) (Version: 2.2.1 - )
Orcs Must Die 2 (HKLM-x32\...\Orcs Must Die 2) (Version: 1.0.0.362 - Jimbo)
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_is1) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pocket Tanks Deluxe version 1.6 (HKLM-x32\...\{392A7927-CD80-4C42-9368-EC69313F1CB1}_is1) (Version: 1.6 - BlitWise Productions LLC)
QuickSFV (HKLM\...\{89B56CFC-0270-4ACF-8BF1-048251FD9E08}) (Version: 3.0.0 - Totally Useful Software, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11042_28 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11042_28 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2250.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Shadow Of Mordor version Shadow Of Mordor (HKLM-x32\...\Shadow Of Mordor_is1) (Version: Shadow Of Mordor - )
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spec Ops The Line (HKLM-x32\...\Spec Ops The Line_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Super Street Fighter IV: Arcade Edition (HKLM-x32\...\GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}) (Version: 1.0.0000.129 - CAPCOM U.S.A., INC)
Super Street Fighter IV: Arcade Edition (x32 Version: 1.0.0000.129 - CAPCOM U.S.A., INC) Hidden
SUPER STREET FIGHTER IV: ARCADE EDITION (x32 Version: 1.0.0004.129 - CAPCOM U.S.A., INC) Hidden
Team Fortress 2 (HKLM-x32\...\Team Fortress 2_is1) (Version: 1.1.5.8 - Valve Corporation)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Evil Within version The Evil Within (HKLM-x32\...\The Evil Within_is1) (Version: The Evil Within - )
The King Of Fighters XIII (HKLM-x32\...\VGhlS2luZ09mRmlnaHRlcnNYSUlJ_is1) (Version: 1 - )
The King of Fighters XIII Update v1.1c (HKLM-x32\...\VGhlS2luZ29mRmlnaHRlcnNYSUlJ_is1) (Version: 1 - )
TriDef 3D (AOC Monitor) 1.2.1 (HKLM-x32\...\experience-aoc-mon-bundle) (Version: 1.2.1 - Dynamic Digital Depth Australia Pty Ltd)
Tunngle version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Twin USB Gamepad (HKLM-x32\...\{0AD1F05D-15F6-476D-A3BE-E3D5E3E0E023}) (Version: 1.00.0000 - yanglx)
UltraISO Premium V9.33 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.1 - Unified Intents AB)
Unity Web Player (HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
X7 Oscar Keyboard Editor (HKLM-x32\...\InstallShield_{705D6406-AA83-4BBD-8036-EEB4A1F69B5B}) (Version: 10.12.0004 - A4TECH)
X7 Oscar Keyboard Editor (x32 Version: 10.12.0004 - A4TECH) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-630149823-2377076548-582725754-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Restore Points  =========================

27-03-2015 11:02:27 Removed USB Vibration Joystick
27-03-2015 11:05:31 Device Driver Package Install: www.MotioninJoy.com Microsoft Common Controller For Windows Class

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-02-05 03:09 - 00000904 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {503DA1FC-C5E6-4FED-8CDA-4AFE2E23A96F} - System32\Tasks\{6FDCE03E-1120-4E17-8424-9D1C6BC91CD1} => pcalua.exe -a "E:\GAMES\Sources\Fighting\Guilty Gear X2 - PC Rip by Freeman G Ripper\setup.exe" -d "E:\GAMES\Sources\Fighting\Guilty Gear X2 - PC Rip by Freeman G Ripper"
Task: {512F41BB-A142-4196-BC8E-1721C0CB14D1} - System32\Tasks\EVGAPrecisionX => C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe [2015-02-03] (EVGA Corp.)
Task: {63B85BDC-B6AC-4C79-AE3F-6E00531D36C4} - System32\Tasks\Games\UpdateCheck_S-1-5-21-630149823-2377076548-582725754-1000
Task: {7151FF44-5C6F-4F29-84FE-D2B7A1EB01F5} - System32\Tasks\BitdefenderBandwidthFix => C:\Program Files (x86)\BitdefenderBandwidthFix\BitdefenderBandwidthFix.exe [2013-03-29] ()
Task: {73C2583E-0A81-42AA-BE14-35A6E6554162} - System32\Tasks\AdobeAAMUpdater-1.0-MOI-PC-MOI => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {856F5CBB-3796-47F8-9A81-C9C38B021AB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {86D18315-6738-44A7-8300-782CC2FE1061} - System32\Tasks\GoogleUpdateTaskMachineCore1d041e18d451906 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {95817E62-EAA6-4FE1-B4E3-3E8C3E7DC71D} - System32\Tasks\Core Temp Autostart MOI => E:\Programs\CPU-Z\Core Temp.exe [2010-08-29] ()
Task: {B478E1B6-D38B-4014-B2AC-14262D99A054} - System32\Tasks\{563AA775-A7E6-4104-9F2A-6E4D8264F9EC} => pcalua.exe -a "E:\Programs\Clean Sweep!\Bitdefender free 14\Bitdefender_Installer\install\setuplauncher.exe" -d "E:\Programs\Clean Sweep!\Bitdefender free 14\Bitdefender_Installer\install"
Task: {BB4AD7ED-C007-47E9-96E2-C65257C23AFF} - System32\Tasks\GoogleUpdateTaskMachineUA1d041e18e76e6c1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {C34A95E9-CDC7-4636-980E-5392283E2A1F} - System32\Tasks\{93673D05-C7EA-4248-A6BE-D4A2ADF5357C} => pcalua.exe -a "J:\Container\PC\Dead Rising 3 - Apocalypse Edition (2014)_RePack by XLASER\Redist\DirectX.exe" -d "J:\Container\PC\Dead Rising 3 - Apocalypse Edition (2014)_RePack by XLASER\Redist"
Task: {D7CDE1D4-D24F-4BD4-B856-DCE47FCF5979} - System32\Tasks\{1F00B167-CF5C-4DB1-9392-D57E2303CFDA} => pcalua.exe -a "C:\Program Files (x86)\Samsung\Kies\KiesDriverInstaller.exe" -d "C:\Program Files (x86)\Samsung\Kies"
Task: {DAE11010-3DEB-46C3-9862-A2C0BC08217D} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\MOI\AppData\Roaming\Unity\CODEXi\Steam [2015-03-12] () <==== ATTENTION
Task: {FA67FDEA-9DB6-4B9F-9B8B-B52EA4039A46} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d041e18d451906.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d041e18e76e6c1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-01 16:55 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-11-01 16:55 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-11-14 01:54 - 2013-03-29 20:48 - 00009216 _____ () C:\Program Files (x86)\BitdefenderBandwidthFix\BitdefenderBandwidthFix.exe
2011-06-13 10:36 - 2011-06-13 10:36 - 00922240 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
2014-08-07 21:26 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-02 04:56 - 2011-10-30 15:02 - 00038912 _____ () E:\Programs\RBTray\64bit\RBHook.dll
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2015-02-13 08:37 - 2015-02-13 08:37 - 00217864 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\SeriousBit.NetBalancer.DeskBand\v4.0_1.0.0.0__ce1333cc798c13ee\SeriousBit.NetBalancer.DeskBand.dll
2010-09-07 08:37 - 2010-08-29 15:06 - 00538640 _____ () E:\Programs\CPU-Z\Core Temp.exe
2010-12-02 04:15 - 2010-12-02 04:15 - 00915584 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
2014-08-07 21:45 - 2010-10-21 11:52 - 00586880 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2015-02-13 08:37 - 2015-01-29 15:32 - 00115712 _____ () C:\Program Files\NetBalancer\Events.dll
2015-02-13 08:37 - 2015-01-29 15:33 - 00217352 _____ () C:\Program Files\NetBalancer\PacketDotNet.dll
2015-02-13 08:37 - 2015-01-29 15:33 - 00031744 _____ () C:\Program Files\NetBalancer\BugReporting.dll
2014-09-18 05:15 - 2014-09-18 05:15 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-12-24 12:15 - 2010-12-24 12:15 - 03536896 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe
2011-04-14 19:57 - 2011-04-14 19:57 - 00019872 _____ () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
2015-01-02 04:56 - 2011-10-30 15:02 - 00045568 _____ () E:\Programs\RBTray\64bit\RBTray.exe
2014-08-07 21:38 - 2015-03-27 12:15 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.14\PEbiosinterface32.dll
2014-08-07 21:38 - 2010-06-29 04:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.14\ATKEX.dll
2010-12-02 16:56 - 2010-12-02 16:56 - 00815104 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\OSD_Text\OSD_Text.dll
2010-10-11 09:13 - 2010-10-11 09:13 - 00087040 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_MouseDeviceManager.dll
2010-12-02 19:01 - 2010-12-02 19:01 - 00994304 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2010-12-28 09:25 - 2010-12-28 09:25 - 00900608 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\ProfileHint\ProfileHint.dll
2010-12-03 13:43 - 2010-12-03 13:43 - 00943104 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\KeySettingRemind\KeySettingRemind.dll
2010-09-20 13:18 - 2010-09-20 13:18 - 00085504 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_ZoomControl.dll
2010-09-20 13:18 - 2010-09-20 13:18 - 00054272 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_ScrollbarControl.dll
2010-09-20 13:19 - 2010-09-20 13:19 - 00062976 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-11-01 19:16 - 2010-11-01 19:16 - 00062976 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2015-02-01 06:12 - 2015-02-01 06:12 - 00055816 _____ () C:\Users\MOI\AppData\Local\Temp\d0d94490-af44-4ddb-bc13-e620b29d93f9\CliSecureRT.dll
2004-09-30 19:09 - 2004-09-30 19:09 - 00155648 _____ () C:\Program Files\LinkShellExtension\32\RockallDLL.dll
2015-03-21 18:06 - 2015-03-14 12:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-21 18:06 - 2015-03-14 12:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-21 18:06 - 2015-03-14 12:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-21 18:06 - 2015-03-14 12:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\FL2-MAN\Downloads\UnityWebPlayer.exe:BDU
AlternateDataStreams: C:\Users\MOI\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\MOI\Downloads\install_flashplayer16x32_mssa_aaa_aih.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-630149823-2377076548-582725754-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MOI\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ASUS AiChargerPlus Execute => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
MSCONFIG\startupreg: EvolveClient => "C:\Program Files (x86)\Evolve\EvolveClient.exe" -autorun
MSCONFIG\startupreg: NetBalancer => C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-630149823-2377076548-582725754-500 - Administrator - Disabled)
FL2-MAN (S-1-5-21-630149823-2377076548-582725754-1002 - Administrator - Enabled) => C:\Users\FL2-MAN
Guest (S-1-5-21-630149823-2377076548-582725754-501 - Limited - Enabled)
MOI (S-1-5-21-630149823-2377076548-582725754-1000 - Administrator - Enabled) => C:\Users\MOI

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: {8ecc055d-047f-11d1-a537-0000f8753ed1}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2015 00:07:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: msi.dll, version: 5.0.7601.17807, time stamp: 0x4f80321a
Exception code: 0xc0000005
Fault offset: 0x000000000021fd97
Faulting process id: 0x4bc
Faulting application start time: 0xsvchost.exe_wuauserv0
Faulting application path: svchost.exe_wuauserv1
Faulting module path: svchost.exe_wuauserv2
Report Id: svchost.exe_wuauserv3

Error: (03/26/2015 05:48:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fifa15.exe, version: 1.4.0.0, time stamp: 0x545d6637
Faulting module name: XINPUT9_1_0.dll, version: 3.4.0.848, time stamp: 0x52a5bf41
Exception code: 0xc0000005
Fault offset: 0x0000000000003d05
Faulting process id: 0x141c
Faulting application start time: 0xfifa15.exe0
Faulting application path: fifa15.exe1
Faulting module path: fifa15.exe2
Report Id: fifa15.exe3

Error: (03/20/2015 02:12:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c32144ef-9368-4af5-b500-c9a4927fd7a7}

Error: (03/20/2015 00:15:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_shell32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x17e0
Faulting application start time: 0xrundll32.exe_shell32.dll0
Faulting application path: rundll32.exe_shell32.dll1
Faulting module path: rundll32.exe_shell32.dll2
Report Id: rundll32.exe_shell32.dll3

Error: (03/20/2015 07:38:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ggx2.exe, version: 1.0.0.1, time stamp: 0x4406b707
Faulting module name: ggx2.exe, version: 1.0.0.1, time stamp: 0x4406b707
Exception code: 0xc0000005
Fault offset: 0x000bf4b8
Faulting process id: 0x1118
Faulting application start time: 0xggx2.exe0
Faulting application path: ggx2.exe1
Faulting module path: ggx2.exe2
Report Id: ggx2.exe3

Error: (03/19/2015 07:10:20 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18331 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6296.  Message ID: [0x2509].

Error: (03/19/2015 03:46:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KiesPDLR.exe, version: 1.0.0.0, time stamp: 0x4da596cc
Faulting module name: CliSecureRT.dll, version: 5.2.0.2, time stamp: 0x4c492bfd
Exception code: 0xc0000005
Fault offset: 0x00001296
Faulting process id: 0x1090
Faulting application start time: 0xKiesPDLR.exe0
Faulting application path: KiesPDLR.exe1
Faulting module path: KiesPDLR.exe2
Report Id: KiesPDLR.exe3

Error: (03/19/2015 03:46:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: KiesPDLR.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 00461296

Error: (03/18/2015 07:51:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ggx2.exe, version: 1.0.0.1, time stamp: 0x4406b707
Faulting module name: ggx2.exe, version: 1.0.0.1, time stamp: 0x4406b707
Exception code: 0xc0000005
Fault offset: 0x000bf4b8
Faulting process id: 0x163c
Faulting application start time: 0xggx2.exe0
Faulting application path: ggx2.exe1
Faulting module path: ggx2.exe2
Report Id: ggx2.exe3

Error: (03/18/2015 05:24:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EvilWithin.exe, version: 1.0.0.0, time stamp: 0x548512ee
Faulting module name: EvilWithin.exe, version: 1.0.0.0, time stamp: 0x548512ee
Exception code: 0xc0000005
Fault offset: 0x0000000000ae3655
Faulting process id: 0xde0
Faulting application start time: 0xEvilWithin.exe0
Faulting application path: EvilWithin.exe1
Faulting module path: EvilWithin.exe2
Report Id: EvilWithin.exe3


System errors:
=============
Error: (03/27/2015 00:12:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
%%1062

Error: (03/27/2015 00:12:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error: 
%%1115

Error: (03/27/2015 00:12:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Themes service failed to start due to the following error: 
%%1115

Error: (03/27/2015 00:12:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bitdefender Antivirus Free Edition service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (03/27/2015 00:11:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 2 time(s).

Error: (03/27/2015 00:11:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (03/27/2015 00:11:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/27/2015 00:11:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/27/2015 00:11:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (03/27/2015 00:11:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-28 09:12:01.150
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mutenx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-28 09:12:01.087
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mutenx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-28 09:07:26.747
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mutenx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-28 09:07:26.684
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mutenx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-20 17:08:34.465
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\xusb21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-20 17:08:34.425
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\xusb21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-20 16:40:11.636
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\xusb21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-20 16:40:11.596
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\xusb21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-05 23:56:56.506
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mutenx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-05 23:56:56.440
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mutenx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 33%
Total physical RAM: 8159.14 MB
Available physical RAM: 5449.22 MB
Total Pagefile: 16316.46 MB
Available Pagefile: 12951.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:100 GB) (Free:37.83 GB) NTFS
Drive d: (CDROM) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive e: (My Stuff) (Fixed) (Total:931.51 GB) (Free:294.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Games) (Fixed) (Total:365.66 GB) (Free:32.2 GB) NTFS
Drive m: (Media) (Fixed) (Total:931.51 GB) (Free:487.93 GB) NTFS
Drive s: (Series) (Fixed) (Total:149.05 GB) (Free:30.61 GB) NTFS
Drive x: (Xbox) (Fixed) (Total:149.05 GB) (Free:58.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00095A37)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 14E814E8)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DEB00AFA)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 2B2C2B2C)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 92D6DDF0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 PM

Posted 28 March 2015 - 09:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Poppit!) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
R3 ALSysIO; \??\C:\Users\MOI\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\Users\FL2-MAN\Downloads\UnityWebPlayer.exe:BDU
AlternateDataStreams: C:\Users\MOI\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\MOI\Downloads\install_flashplayer16x32_mssa_aaa_aih.exe:BDU
C:\Users\MOI\AppData\Local\Temp\20cncwie.dll
C:\Users\MOI\AppData\Local\Temp\AcDeltree.exe
C:\Users\MOI\AppData\Local\Temp\bassmod.dll
C:\Users\MOI\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\MOI\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\MOI\AppData\Local\Temp\nvStInst.exe
C:\Users\MOI\AppData\Local\Temp\SandboxieInstall.exe
Task: {DAE11010-3DEB-46C3-9862-A2C0BC08217D} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\MOI\AppData\Roaming\Unity\CODEXi\Steam [2015-03-12] () <==== ATTENTION

Place the fix here...

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===
 

testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!

Lets check further on this.


--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

How is the computer running now.

Edited by nasdaq, 28 March 2015 - 09:09 AM.


#3 handakes

handakes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 28 March 2015 - 09:42 PM

first of all, thanks for all the help..
second of all, the process re-runs it self after i kill it so i tried something, i disconnected the internet connection, and the process stopped using the CPU instantly, which makes me pretty sure now that i am part of a botnet, since killing the process just re-runs it a bit after, i resorted to suspending it.
anyway, ran the fix,have the log...it's interesting though, the folder "C:\Users\MOI\AppData\Roaming\wusofuvir" is the one that i had to deleted manually back when i was infected with that vbs script! i thought it was gone forever!
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by MOI at 2015-03-29 04:24:21 Run:1
Running from C:\Users\MOI\Desktop
Loaded Profiles: MOI (Available profiles: MOI & FL2-MAN)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Poppit!) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-07]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
R3 ALSysIO; \??\C:\Users\MOI\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz138; \??\C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\Users\FL2-MAN\Downloads\UnityWebPlayer.exe:BDU
AlternateDataStreams: C:\Users\MOI\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\MOI\Downloads\install_flashplayer16x32_mssa_aaa_aih.exe:BDU
C:\Users\MOI\AppData\Local\Temp\20cncwie.dll
C:\Users\MOI\AppData\Local\Temp\AcDeltree.exe
C:\Users\MOI\AppData\Local\Temp\bassmod.dll
C:\Users\MOI\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\MOI\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\MOI\AppData\Local\Temp\nvStInst.exe
C:\Users\MOI\AppData\Local\Temp\SandboxieInstall.exe
Task: {DAE11010-3DEB-46C3-9862-A2C0BC08217D} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\MOI\AppData\Roaming\Unity\CODEXi\Steam [2015-03-12] () <==== ATTENTION

Place the fix here...

End
*****************

C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe not found.
C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe not found.
C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
ALSysIO => Service stopped successfully.
ALSysIO => Service deleted successfully.
cpuz138 => Service deleted successfully.
GPUZ => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\FL2-MAN\Downloads\UnityWebPlayer.exe => ":BDU" ADS removed successfully.
C:\Users\MOI\Desktop\FRST64.exe => ":BDU" ADS removed successfully.
C:\Users\MOI\Downloads\install_flashplayer16x32_mssa_aaa_aih.exe => ":BDU" ADS removed successfully.
C:\Users\MOI\AppData\Local\Temp\20cncwie.dll => Moved successfully.
C:\Users\MOI\AppData\Local\Temp\AcDeltree.exe => Moved successfully.
C:\Users\MOI\AppData\Local\Temp\bassmod.dll => Moved successfully.
C:\Users\MOI\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\MOI\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.
C:\Users\MOI\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\MOI\AppData\Local\Temp\SandboxieInstall.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DAE11010-3DEB-46C3-9862-A2C0BC08217D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAE11010-3DEB-46C3-9862-A2C0BC08217D}" => Key deleted successfully.
C:\Windows\System32\Tasks\Steam_x64-S-2-106-91 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Steam_x64-S-2-106-91" => Key deleted successfully.
Place the fix here... => Error: No automatic fix found for this entry.

==== End of Fixlog 04:24:21 ====

i just applied the fix and restarted the PC, the process didn't come up again since that (like 5 mins now) but i will still need further testing to say it's definitely not there anymore, i will keep you updated.

as for "Test Signature mode", i enabled that manually myself, i am using a program called "ASTER V7) for workstations on my PC, it requires this action to work, unfortunately..
knowing this, do i still have to run "RogueKill"?

 once again, thanks for the help, i really appreciate it.


Edited by handakes, 28 March 2015 - 09:45 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 PM

Posted 29 March 2015 - 08:19 AM

as for "Test Signature mode", i enabled that manually myself, i am using a program called "ASTER V7) for workstations on my PC, it requires this action to work, unfortunately..
knowing this, do i still have to run "RogueKill"?

No not required.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 handakes

handakes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 29 March 2015 - 10:53 PM

well, everything seems fine for now.
again, thanks a lot for doing this..



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 PM

Posted 30 March 2015 - 09:19 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 PM

Posted 13 April 2015 - 07:33 AM

This topic has been re-opened at the request of the person who originally posted.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 PM

Posted 13 April 2015 - 07:34 AM

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please run the Farbar tool and post a fresh FRST log for my review.

Wait for further instructions.

#9 handakes

handakes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 14 April 2015 - 06:35 PM

first off, thanks again for re-opening my topic, and for the continued support.
now, to get to business..
TDSSkiller didn't find anything, here's the log:
 

23:57:07.0834 0x0e90  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
23:57:13.0507 0x0e90  ============================================================
23:57:13.0507 0x0e90  Current date / time: 2015/04/14 23:57:13.0507
23:57:13.0507 0x0e90  SystemInfo:
23:57:13.0508 0x0e90  
23:57:13.0508 0x0e90  OS Version: 6.1.7601 ServicePack: 1.0
23:57:13.0508 0x0e90  Product type: Workstation
23:57:13.0508 0x0e90  ComputerName: MOI-PC
23:57:13.0508 0x0e90  UserName: MOI
23:57:13.0508 0x0e90  Windows directory: C:\Windows
23:57:13.0508 0x0e90  System windows directory: C:\Windows
23:57:13.0508 0x0e90  Running under WOW64
23:57:13.0508 0x0e90  Processor architecture: Intel x64
23:57:13.0508 0x0e90  Number of processors: 4
23:57:13.0508 0x0e90  Page size: 0x1000
23:57:13.0508 0x0e90  Boot type: Normal boot
23:57:13.0508 0x0e90  ============================================================
23:57:15.0270 0x0e90  KLMD registered as C:\Windows\system32\drivers\42459080.sys
23:57:15.0496 0x0e90  System UUID: {A6211428-EB06-1D01-FB92-592925ED9A57}
23:57:15.0764 0x0e90  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:57:15.0765 0x0e90  Drive \Device\Harddisk4\DR4 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:57:16.0225 0x0e90  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0CADE00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
23:57:16.0251 0x0e90  Drive \Device\Harddisk3\DR3 - Size: 0x25432CDE00 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:57:16.0267 0x0e90  Drive \Device\Harddisk1\DR1 - Size: 0x25432CDE00 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:57:16.0272 0x0e90  Drive \Device\Harddisk5\DR5 - Size: 0xA7000000 ( 2.61 Gb ), SectorSize: 0x200, Cylinders: 0x154, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:57:16.0274 0x0e90  ============================================================
23:57:16.0274 0x0e90  \Device\Harddisk0\DR0:
23:57:16.0274 0x0e90  MBR partitions:
23:57:16.0274 0x0e90  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:57:16.0274 0x0e90  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC800000
23:57:16.0274 0x0e90  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC832800, BlocksNum 0x2DB53000
23:57:16.0274 0x0e90  \Device\Harddisk4\DR4:
23:57:16.0274 0x0e90  MBR partitions:
23:57:16.0274 0x0e90  \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
23:57:16.0274 0x0e90  \Device\Harddisk2\DR2:
23:57:16.0274 0x0e90  MBR partitions:
23:57:16.0274 0x0e90  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
23:57:16.0274 0x0e90  \Device\Harddisk3\DR3:
23:57:16.0274 0x0e90  MBR partitions:
23:57:16.0274 0x0e90  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18000
23:57:16.0274 0x0e90  \Device\Harddisk1\DR1:
23:57:16.0274 0x0e90  MBR partitions:
23:57:16.0274 0x0e90  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
23:57:16.0275 0x0e90  \Device\Harddisk5\DR5:
23:57:16.0275 0x0e90  MBR partitions:
23:57:16.0275 0x0e90  ============================================================
23:57:16.0304 0x0e90  C: <-> \Device\Harddisk0\DR0\Partition2
23:57:16.0330 0x0e90  E: <-> \Device\Harddisk2\DR2\Partition1
23:57:16.0397 0x0e90  G: <-> \Device\Harddisk0\DR0\Partition3
23:57:16.0427 0x0e90  M: <-> \Device\Harddisk4\DR4\Partition1
23:57:16.0448 0x0e90  S: <-> \Device\Harddisk1\DR1\Partition1
23:57:16.0478 0x0e90  X: <-> \Device\Harddisk3\DR3\Partition1
23:57:16.0478 0x0e90  ============================================================
23:57:16.0478 0x0e90  Initialize success
23:57:16.0478 0x0e90  ============================================================
23:57:31.0976 0x1050  ============================================================
23:57:31.0976 0x1050  Scan started
23:57:31.0976 0x1050  Mode: Manual; 
23:57:31.0976 0x1050  ============================================================
23:57:31.0976 0x1050  KSN ping started
23:57:55.0458 0x1050  KSN ping finished: true
23:57:56.0394 0x1050  ================ Scan system memory ========================
23:57:56.0394 0x1050  System memory - ok
23:57:56.0394 0x1050  ================ Scan services =============================
23:57:56.0535 0x1050  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:57:56.0550 0x1050  1394ohci - ok
23:57:56.0582 0x1050  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:57:56.0597 0x1050  ACPI - ok
23:57:56.0613 0x1050  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:57:56.0613 0x1050  AcpiPmi - ok
23:57:56.0660 0x1050  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:57:56.0660 0x1050  adp94xx - ok
23:57:56.0675 0x1050  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:57:56.0675 0x1050  adpahci - ok
23:57:56.0691 0x1050  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:57:56.0691 0x1050  adpu320 - ok
23:57:56.0722 0x1050  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:57:56.0722 0x1050  AeLookupSvc - ok
23:57:56.0769 0x1050  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
23:57:56.0784 0x1050  AFD - ok
23:57:56.0816 0x1050  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
23:57:56.0831 0x1050  agp440 - ok
23:57:56.0831 0x1050  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:57:56.0831 0x1050  ALG - ok
23:57:56.0878 0x1050  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:57:56.0878 0x1050  aliide - ok
23:57:56.0956 0x1050  ALSysIO - ok
23:57:56.0987 0x1050  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:57:56.0987 0x1050  amdide - ok
23:57:57.0018 0x1050  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:57:57.0018 0x1050  AmdK8 - ok
23:57:57.0034 0x1050  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:57:57.0034 0x1050  AmdPPM - ok
23:57:57.0065 0x1050  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:57:57.0065 0x1050  amdsata - ok
23:57:57.0096 0x1050  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:57:57.0096 0x1050  amdsbs - ok
23:57:57.0112 0x1050  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:57:57.0112 0x1050  amdxata - ok
23:57:57.0159 0x1050  [ 4DE0D5D747A73797C95A97DCCE5018B5, 17EC669675C2E43515EFE2D8BCC9DDFFBE64F99EBFB9A6DAB429F65A2B504560 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
23:57:57.0174 0x1050  androidusb - ok
23:57:57.0206 0x1050  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
23:57:57.0206 0x1050  AppID - ok
23:57:57.0237 0x1050  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:57:57.0237 0x1050  AppIDSvc - ok
23:57:57.0252 0x1050  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
23:57:57.0252 0x1050  Appinfo - ok
23:57:57.0284 0x1050  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
23:57:57.0284 0x1050  AppMgmt - ok
23:57:57.0299 0x1050  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:57:57.0299 0x1050  arc - ok
23:57:57.0315 0x1050  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:57:57.0315 0x1050  arcsas - ok
23:57:57.0377 0x1050  [ 6E3F4538B33BC19259E99BE1826286A3, 90B85FB8CD90451F4B09082EDEC835652A46030CC33C587F502C27342FEE7454 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
23:57:57.0377 0x1050  asComSvc - ok
23:57:57.0393 0x1050  [ A63173897EA1A73A75D0E65036DE5B15, 07A83172B525DFC895056612F542420F4DF3C6192624C5B3141C726501163912 ] asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
23:57:57.0408 0x1050  asHmComSvc - ok
23:57:57.0471 0x1050  [ FEF9DD9EA587F8886ADE43C1BEFBDAFE, DDE6F28B3F7F2ABBEE59D4864435108791631E9CB4CDFB1F178E5AA9859956D8 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
23:57:57.0471 0x1050  AsIO - ok
23:57:57.0518 0x1050  [ 6D9C024AA8F24065A6DBEAB1F431D854, 1A3CA36F7321130924171967228F304E8B5FCAD624B6078877A44616BE186E9A ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
23:57:57.0518 0x1050  asmthub3 - ok
23:57:57.0611 0x1050  [ ECAD22F15D8F17CC04F24E9A6FB00F2F, DAE3042C7C0DC96D3EEF6AC763B57C729CE3557D740A3D2952B6EB7964F4AA45 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
23:57:57.0627 0x1050  asmtxhci - ok
23:57:57.0689 0x1050  [ 041672BAC20B34EAEDEB033129655DD8, 14264732F0CACF5732C7652C411F0A1C3B4A4417C31DD289C8AFF170BE683E5A ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:57:57.0689 0x1050  aspnet_state - ok
23:57:57.0720 0x1050  [ 5C31DFB196CB3A488A041881634D86D2, 419ABEED7FB7CEBBA264802D2F727D18F999CEDA566A0830C38A69AC1680F3EA ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
23:57:57.0736 0x1050  AsSysCtrlService - ok
23:57:57.0752 0x1050  [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
23:57:57.0767 0x1050  AsUpIO - ok
23:57:57.0783 0x1050  [ A5E4CDB420540095D1293C874B5F89AA, EBC082FF94872537649F00D91AF22E0AFB4D538ACDB4731C9A95D209C7B144FD ] ASUSFILTER      C:\Windows\syswow64\drivers\ASUSFILTER.sys
23:57:57.0783 0x1050  ASUSFILTER - ok
23:57:57.0814 0x1050  [ 7882BB401553008C3D17251D98474412, 6F09D494C6244D5A0B6738C64D2E43BECB7FC222FE4D433BF26397F1AFEF03AB ] ASUSstpt        C:\Windows\system32\DRIVERS\ASUSstpt.sys
23:57:57.0814 0x1050  ASUSstpt - ok
23:57:57.0845 0x1050  [ 23041D6FADF1287457E12CDBE2466554, DC77E1881D36F93BFD8E4BE50CA61511ECF8F3421424DD7A94C60DC2DF24D3F4 ] ASUSumsc        C:\Windows\system32\DRIVERS\ASUSumsc.sys
23:57:57.0845 0x1050  ASUSumsc - ok
23:57:57.0861 0x1050  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:57:57.0861 0x1050  AsyncMac - ok
23:57:57.0892 0x1050  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:57:57.0892 0x1050  atapi - ok
23:57:57.0923 0x1050  [ CBE61B4494165F458BD87E37181EE934, E95654DCC0F977A3604B6BE435BEE109AC8F9F7494FD3A132F5FB477BBF7B105 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
23:57:57.0923 0x1050  AthBTPort - ok
23:57:57.0954 0x1050  [ 4119870B90E1B5E7797D6433D21F9216, 5CDA3748A6C89B1046173F20D857D164F4170A5028370B5BB9843212CEA86C8F ] ATHDFU          C:\Windows\system32\Drivers\AthDfu.sys
23:57:57.0954 0x1050  ATHDFU - ok
23:57:58.0017 0x1050  [ 21753130331188C4B474E1D3B396E629, F0FBE5F3281121DEF634F8273A2F43C5ADE538D9F280D6C9560D212B8B027A38 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
23:57:58.0017 0x1050  AtherosSvc - ok
23:57:58.0048 0x1050  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:57:58.0064 0x1050  AudioEndpointBuilder - ok
23:57:58.0079 0x1050  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:57:58.0079 0x1050  AudioSrv - ok
23:57:58.0126 0x1050  [ AAE1DAE483DD57D0E267FCA42FCB5133, CB0A2DE350E975015C4601F66294B54DEFA9708082272DCB57E1BBB288ACE280 ] avc3            C:\Windows\system32\DRIVERS\avc3.sys
23:57:58.0142 0x1050  avc3 - ok
23:57:58.0173 0x1050  [ 8183B715BD56561C27BEBB68B1192B7A, 19C65D0684D24956CDB3A3369AFFF4ECAC3FB7D2AA38ED41AD75AF3DDDFE882B ] avckf           C:\Windows\system32\DRIVERS\avckf.sys
23:57:58.0173 0x1050  avckf - ok
23:57:58.0204 0x1050  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:57:58.0204 0x1050  AxInstSV - ok
23:57:58.0251 0x1050  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:57:58.0251 0x1050  b06bdrv - ok
23:57:58.0282 0x1050  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:57:58.0282 0x1050  b57nd60a - ok
23:57:58.0313 0x1050  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:57:58.0313 0x1050  BDESVC - ok
23:57:58.0391 0x1050  [ C0247341C1BCD7FF2742821D0AD7AFBC, EC2B246F3233302DB540394AC0F11F294CA16FB9E44110126CC9807BAC20EA35 ] bdfwfpf         C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys
23:57:58.0391 0x1050  bdfwfpf - ok
23:57:58.0422 0x1050  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:57:58.0422 0x1050  Beep - ok
23:57:58.0469 0x1050  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
23:57:58.0485 0x1050  BFE - ok
23:57:58.0532 0x1050  BITCOMET_HELPER_SERVICE - ok
23:57:58.0563 0x1050  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
23:57:58.0563 0x1050  BITS - ok
23:57:58.0594 0x1050  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:57:58.0594 0x1050  blbdrive - ok
23:57:58.0625 0x1050  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:57:58.0625 0x1050  bowser - ok
23:57:58.0656 0x1050  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:57:58.0656 0x1050  BrFiltLo - ok
23:57:58.0656 0x1050  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:57:58.0656 0x1050  BrFiltUp - ok
23:57:58.0688 0x1050  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
23:57:58.0688 0x1050  Browser - ok
23:57:58.0703 0x1050  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:57:58.0719 0x1050  Brserid - ok
23:57:58.0719 0x1050  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:57:58.0719 0x1050  BrSerWdm - ok
23:57:58.0719 0x1050  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:57:58.0719 0x1050  BrUsbMdm - ok
23:57:58.0734 0x1050  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:57:58.0734 0x1050  BrUsbSer - ok
23:57:58.0766 0x1050  [ FE70889A85C57A9268101B2DB0474509, 9E957390A52BE4E5642724FEC06A201682F93DD1C6F2C00A5F57351460CF5AE0 ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
23:57:58.0766 0x1050  BTATH_A2DP - ok
23:57:58.0797 0x1050  [ A83A91D07D1FE6BBE7A9DB46CA00434B, 9EF851047189E13954C0F6A325E4843914C423C0D1EDAE21A34AB3A962BBD5AC ] BTATH_BUS       C:\Windows\system32\DRIVERS\btath_bus.sys
23:57:58.0797 0x1050  BTATH_BUS - ok
23:57:58.0812 0x1050  [ C864FF85EE16D61C2BDD5EF76824625F, 6D2FE57688D9E8B4277BF6DA9C219DEB367274364FBE17EFC353CEDB2D7EA35D ] BTATH_HCRP      C:\Windows\system32\DRIVERS\btath_hcrp.sys
23:57:58.0812 0x1050  BTATH_HCRP - ok
23:57:58.0844 0x1050  [ 0DEA505EFB5D771826D177EF8B8A208F, FD8027DA791F04077490749AC5A08F73CCBA1731462579AA9008CD8DD82FBBBC ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
23:57:58.0844 0x1050  BTATH_LWFLT - ok
23:57:58.0844 0x1050  [ 724C8088C96EFE7A3E63FEC21D4681C0, 4F9B258BE0FEA634A0D93B3892F2F039A7CAD184C9A81DFC2B67B0D4B39C5035 ] BTATH_RCP       C:\Windows\system32\DRIVERS\btath_rcp.sys
23:57:58.0844 0x1050  BTATH_RCP - ok
23:57:58.0875 0x1050  [ AA0F5AFCF077C5246589B32ECEEAE566, 158C44C53B054890574B32F7D10E507902CCFB006323A850A2E6F78B2565E518 ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
23:57:58.0875 0x1050  BtFilter - ok
23:57:58.0922 0x1050  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
23:57:58.0922 0x1050  BthEnum - ok
23:57:58.0937 0x1050  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:57:58.0953 0x1050  BTHMODEM - ok
23:57:58.0953 0x1050  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:57:58.0953 0x1050  BthPan - ok
23:57:58.0968 0x1050  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
23:57:58.0984 0x1050  BTHPORT - ok
23:57:59.0015 0x1050  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:57:59.0015 0x1050  bthserv - ok
23:57:59.0031 0x1050  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
23:57:59.0031 0x1050  BTHUSB - ok
23:57:59.0047 0x1050  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:57:59.0047 0x1050  cdfs - ok
23:57:59.0079 0x1050  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
23:57:59.0079 0x1050  cdrom - ok
23:57:59.0110 0x1050  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:57:59.0110 0x1050  CertPropSvc - ok
23:57:59.0141 0x1050  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:57:59.0141 0x1050  circlass - ok
23:57:59.0172 0x1050  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
23:57:59.0172 0x1050  CLFS - ok
23:57:59.0235 0x1050  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:57:59.0235 0x1050  clr_optimization_v2.0.50727_32 - ok
23:57:59.0266 0x1050  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:57:59.0266 0x1050  clr_optimization_v2.0.50727_64 - ok
23:57:59.0344 0x1050  [ 397C2677C25CBE213F3270245A401624, 8121E37108DE7A0402DC5111EBF452F91893B63EECE3AAD9EACF61C40D3FC182 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:57:59.0391 0x1050  clr_optimization_v4.0.30319_32 - ok
23:57:59.0422 0x1050  [ 29139759FCC4E4E0531ABE2EA82CE646, CFF7B2F4A9B37D343BE18DC40161DC03FA9DB308CAE9E0B3DF1FCDC3EBAC0C08 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:57:59.0437 0x1050  clr_optimization_v4.0.30319_64 - ok
23:57:59.0469 0x1050  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:57:59.0469 0x1050  CmBatt - ok
23:57:59.0484 0x1050  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:57:59.0484 0x1050  cmdide - ok
23:57:59.0515 0x1050  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
23:57:59.0531 0x1050  CNG - ok
23:57:59.0547 0x1050  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:57:59.0547 0x1050  Compbatt - ok
23:57:59.0593 0x1050  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:57:59.0593 0x1050  CompositeBus - ok
23:57:59.0609 0x1050  COMSysApp - ok
23:57:59.0609 0x1050  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:57:59.0609 0x1050  crcdisk - ok
23:57:59.0640 0x1050  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:57:59.0640 0x1050  CryptSvc - ok
23:57:59.0687 0x1050  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
23:57:59.0687 0x1050  CSC - ok
23:57:59.0718 0x1050  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
23:57:59.0734 0x1050  CscService - ok
23:57:59.0765 0x1050  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:57:59.0765 0x1050  DcomLaunch - ok
23:57:59.0796 0x1050  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:57:59.0796 0x1050  defragsvc - ok
23:57:59.0843 0x1050  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:57:59.0843 0x1050  DfsC - ok
23:57:59.0874 0x1050  [ A64CC0B5D93F25BF5D052A1FEBE71E68, 839EC10F08397F8DC0BB7CEB170A84A85865E4ABB7B11A4CEE63275B6F5AA517 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
23:57:59.0874 0x1050  dg_ssudbus - ok
23:57:59.0921 0x1050  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:57:59.0921 0x1050  Dhcp - ok
23:57:59.0952 0x1050  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:57:59.0952 0x1050  discache - ok
23:57:59.0983 0x1050  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:57:59.0983 0x1050  Disk - ok
23:58:00.0030 0x1050  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:58:00.0030 0x1050  Dnscache - ok
23:58:00.0061 0x1050  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:58:00.0061 0x1050  dot3svc - ok
23:58:00.0093 0x1050  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
23:58:00.0093 0x1050  DPS - ok
23:58:00.0155 0x1050  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:58:00.0155 0x1050  drmkaud - ok
23:58:00.0186 0x1050  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:58:00.0202 0x1050  DXGKrnl - ok
23:58:00.0249 0x1050  [ 6BAFD9819D9FEC2EDBAEBC8493C711A4, 689A30C9F881D8C49F90A6C75DA816055B43B84776E815C1DE80B3933ADBB174 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
23:58:00.0249 0x1050  e1cexpress - ok
23:58:00.0264 0x1050  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD, 967829CE37158020F6026C588260FCFC6F9852DDDACD622FAF7AB75121DF5B3D ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
23:58:00.0280 0x1050  E1G60 - ok
23:58:00.0311 0x1050  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:58:00.0311 0x1050  EapHost - ok
23:58:00.0373 0x1050  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:58:00.0405 0x1050  ebdrv - ok
23:58:00.0436 0x1050  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
23:58:00.0436 0x1050  EFS - ok
23:58:00.0483 0x1050  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:58:00.0483 0x1050  ehRecvr - ok
23:58:00.0498 0x1050  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:58:00.0514 0x1050  ehSched - ok
23:58:00.0545 0x1050  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:58:00.0545 0x1050  elxstor - ok
23:58:00.0561 0x1050  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:58:00.0576 0x1050  ErrDev - ok
23:58:00.0607 0x1050  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:58:00.0607 0x1050  EventSystem - ok
23:58:00.0717 0x1050  [ 3B022733109DDFFEF2AD4EEDE66306A3, B886DC42DA83D66C4E3CCF52D09661D284906B02E5FA6BB23588C84825C82A13 ] EvoSvc          C:\Program Files (x86)\Evolve\EvoSvc.exe
23:58:00.0732 0x1050  EvoSvc - ok
23:58:00.0763 0x1050  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:58:00.0779 0x1050  exfat - ok
23:58:00.0795 0x1050  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:58:00.0795 0x1050  fastfat - ok
23:58:00.0841 0x1050  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
23:58:00.0857 0x1050  Fax - ok
23:58:00.0873 0x1050  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:58:00.0873 0x1050  fdc - ok
23:58:00.0888 0x1050  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:58:00.0888 0x1050  fdPHost - ok
23:58:00.0904 0x1050  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:58:00.0904 0x1050  FDResPub - ok
23:58:00.0935 0x1050  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:58:00.0935 0x1050  FileInfo - ok
23:58:00.0951 0x1050  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:58:00.0951 0x1050  Filetrace - ok
23:58:00.0966 0x1050  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:58:00.0966 0x1050  flpydisk - ok
23:58:00.0997 0x1050  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:58:00.0997 0x1050  FltMgr - ok
23:58:01.0060 0x1050  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
23:58:01.0075 0x1050  FontCache - ok
23:58:01.0122 0x1050  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:58:01.0122 0x1050  FontCache3.0.0.0 - ok
23:58:01.0138 0x1050  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:58:01.0138 0x1050  FsDepends - ok
23:58:01.0153 0x1050  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:58:01.0169 0x1050  Fs_Rec - ok
23:58:01.0216 0x1050  [ B967EC790915209868CC9F004295B620, 45536035124EB6877983AB57C1C008FECF804C54140B05639EBD5CCFF44867EF ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
23:58:01.0231 0x1050  Futuremark SystemInfo Service - ok
23:58:01.0247 0x1050  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:58:01.0263 0x1050  fvevol - ok
23:58:01.0278 0x1050  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:58:01.0278 0x1050  gagp30kx - ok
23:58:01.0372 0x1050  [ 4DF4ABCA09AF1530D712FA589CE3BE9F, 573C04358BBAEAEDFDC4F265627E8029295C31BB17C13B428D5694119AECEDAD ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
23:58:01.0372 0x1050  GfExperienceService - ok
23:58:01.0434 0x1050  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:58:01.0434 0x1050  gpsvc - ok
23:58:01.0481 0x1050  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:58:01.0481 0x1050  gupdate - ok
23:58:01.0481 0x1050  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:58:01.0481 0x1050  gupdatem - ok
23:58:01.0512 0x1050  [ 408B664926675C270D911160F1631D6B, 6BF7E613B708E2E81916DE6C83256F969797B9D039C16A20003541D698055BC7 ] gzflt           C:\Windows\system32\DRIVERS\gzflt.sys
23:58:01.0512 0x1050  gzflt - ok
23:58:01.0543 0x1050  [ B5CBEB9EB25A8230463037A647BC1469, 03643B05F9309ED4EF415CB6455D8B1FC39707745982C31AF0A42398C5A30B52 ] gzserv          C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
23:58:01.0543 0x1050  gzserv - ok
23:58:01.0575 0x1050  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:58:01.0575 0x1050  hcw85cir - ok
23:58:01.0621 0x1050  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:58:01.0621 0x1050  HdAudAddService - ok
23:58:01.0653 0x1050  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:58:01.0653 0x1050  HDAudBus - ok
23:58:01.0668 0x1050  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:58:01.0668 0x1050  HidBatt - ok
23:58:01.0699 0x1050  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:58:01.0699 0x1050  HidBth - ok
23:58:01.0699 0x1050  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:58:01.0699 0x1050  HidIr - ok
23:58:01.0731 0x1050  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:58:01.0731 0x1050  hidserv - ok
23:58:01.0762 0x1050  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:58:01.0762 0x1050  HidUsb - ok
23:58:01.0793 0x1050  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:58:01.0793 0x1050  hkmsvc - ok
23:58:01.0840 0x1050  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:58:01.0840 0x1050  HomeGroupListener - ok
23:58:01.0871 0x1050  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:58:01.0871 0x1050  HomeGroupProvider - ok
23:58:01.0887 0x1050  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:58:01.0902 0x1050  HpSAMD - ok
23:58:01.0918 0x1050  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:58:01.0933 0x1050  HTTP - ok
23:58:01.0965 0x1050  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:58:01.0965 0x1050  hwpolicy - ok
23:58:01.0996 0x1050  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:58:01.0996 0x1050  i8042prt - ok
23:58:02.0027 0x1050  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:58:02.0043 0x1050  iaStorV - ok
23:58:02.0074 0x1050  [ C1010ADD3DDAE1196ED21057AF7B2AAE, 68196851855AD395008D7F29FCEB28BA4BEB1F062B1844A60813E7DD102ACB1C ] ICCWDT          C:\Windows\system32\DRIVERS\ICCWDT.sys
23:58:02.0074 0x1050  ICCWDT - ok
23:58:02.0136 0x1050  [ B9F719B572D8D440DD8B5401C35B3B6F, 5AFC7F272ACEE118AF26FAD3E3800C56FF423050BD3FD3DA8D6BA8BFE5CB8E74 ] IDMWFP          C:\Windows\system32\DRIVERS\idmwfp.sys
23:58:02.0136 0x1050  IDMWFP - ok
23:58:02.0199 0x1050  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:58:02.0199 0x1050  idsvc - ok
23:58:02.0199 0x1050  IEEtwCollectorService - ok
23:58:02.0230 0x1050  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:58:02.0230 0x1050  iirsp - ok
23:58:02.0261 0x1050  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
23:58:02.0261 0x1050  IKEEXT - ok
23:58:02.0339 0x1050  [ 589B94A9B73A0E819FF873743A480834, 49FA8EC38F1C78F38F818CC28F2734802739247F0B89A971D65FDAF3110041A8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:58:02.0370 0x1050  IntcAzAudAddService - ok
23:58:02.0386 0x1050  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:58:02.0386 0x1050  intelide - ok
23:58:02.0417 0x1050  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:58:02.0417 0x1050  intelppm - ok
23:58:02.0464 0x1050  [ 068EC06F3B6DD7B81B365D8FD2CE27E6, EDAD8F5B3F929C7C6200F38B862B2A03F310ADB55A04007DB6FF5F4F698547A4 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
23:58:02.0464 0x1050  Intel® PROSet Monitoring Service - ok
23:58:02.0495 0x1050  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:58:02.0495 0x1050  IPBusEnum - ok
23:58:02.0526 0x1050  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:58:02.0526 0x1050  IpFilterDriver - ok
23:58:02.0557 0x1050  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:58:02.0573 0x1050  iphlpsvc - ok
23:58:02.0589 0x1050  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:58:02.0589 0x1050  IPMIDRV - ok
23:58:02.0604 0x1050  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:58:02.0604 0x1050  IPNAT - ok
23:58:02.0635 0x1050  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:58:02.0635 0x1050  IRENUM - ok
23:58:02.0651 0x1050  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:58:02.0651 0x1050  isapnp - ok
23:58:02.0698 0x1050  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:58:02.0698 0x1050  iScsiPrt - ok
23:58:02.0745 0x1050  [ 88BB5280137DC9A7E9989C475763CD08, D649CE1A8B8FC734807475E646E5DC1B341226DBC9428F90FB20934517F7E240 ] ISODrive        C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
23:58:02.0745 0x1050  ISODrive - ok
23:58:02.0791 0x1050  [ A577F5DB30F70ECA9708C07C2EACBD9D, F301D6779BE81F3778417EAAE6D950BF95822EC6426FF3F516D383ADE08DF8CA ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
23:58:02.0791 0x1050  JRAID - ok
23:58:02.0823 0x1050  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:58:02.0823 0x1050  kbdclass - ok
23:58:02.0854 0x1050  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:58:02.0854 0x1050  kbdhid - ok
23:58:02.0869 0x1050  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
23:58:02.0869 0x1050  KeyIso - ok
23:58:02.0901 0x1050  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:58:02.0901 0x1050  KSecDD - ok
23:58:02.0916 0x1050  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:58:02.0916 0x1050  KSecPkg - ok
23:58:02.0947 0x1050  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:58:02.0947 0x1050  ksthunk - ok
23:58:02.0979 0x1050  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:58:02.0979 0x1050  KtmRm - ok
23:58:03.0010 0x1050  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:58:03.0010 0x1050  LanmanServer - ok
23:58:03.0041 0x1050  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:58:03.0041 0x1050  LanmanWorkstation - ok
23:58:03.0072 0x1050  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:58:03.0072 0x1050  lltdio - ok
23:58:03.0103 0x1050  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:58:03.0103 0x1050  lltdsvc - ok
23:58:03.0119 0x1050  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:58:03.0119 0x1050  lmhosts - ok
23:58:03.0181 0x1050  [ 9AD4BEE2FE76D4CA39AC969B617E94FB, 1DE5FC59CDA5C7D63C9C60B9FC70A09F755196DFA25E8FAC0FBF262C44731CF0 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:58:03.0181 0x1050  LMS - ok
23:58:03.0213 0x1050  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:58:03.0213 0x1050  LSI_FC - ok
23:58:03.0228 0x1050  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:58:03.0228 0x1050  LSI_SAS - ok
23:58:03.0244 0x1050  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:58:03.0244 0x1050  LSI_SAS2 - ok
23:58:03.0259 0x1050  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:58:03.0259 0x1050  LSI_SCSI - ok
23:58:03.0275 0x1050  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:58:03.0275 0x1050  luafv - ok
23:58:03.0322 0x1050  [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
23:58:03.0337 0x1050  MBAMProtector - ok
23:58:03.0431 0x1050  [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
23:58:03.0447 0x1050  MBAMScheduler - ok
23:58:03.0509 0x1050  [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
23:58:03.0509 0x1050  MBAMService - ok
23:58:03.0540 0x1050  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
23:58:03.0540 0x1050  MBAMSwissArmy - ok
23:58:03.0556 0x1050  [ A646C2DDB8C46E9B20A326FAF566646C, F46E3BF392CB4EB53D323BC8CC41EFBB9C5D7C935FECF255F524EB18583A2A37 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
23:58:03.0571 0x1050  MBAMWebAccessControl - ok
23:58:03.0587 0x1050  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:58:03.0587 0x1050  Mcx2Svc - ok
23:58:03.0618 0x1050  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:58:03.0618 0x1050  megasas - ok
23:58:03.0649 0x1050  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:58:03.0649 0x1050  MegaSR - ok
23:58:03.0681 0x1050  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
23:58:03.0681 0x1050  MEIx64 - ok
23:58:03.0712 0x1050  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:58:03.0712 0x1050  MMCSS - ok
23:58:03.0712 0x1050  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:58:03.0712 0x1050  Modem - ok
23:58:03.0759 0x1050  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:58:03.0759 0x1050  monitor - ok
23:58:03.0790 0x1050  [ C030F9E822A057C1A7A9BB4EA3E8877E, 2CCEC87DEB972B6B0196A08D3781002929E9107137FE3A61F1626D3BEE26630A ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
23:58:03.0790 0x1050  MotioninJoyXFilter - ok
23:58:03.0837 0x1050  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:58:03.0837 0x1050  mouclass - ok
23:58:03.0868 0x1050  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:58:03.0868 0x1050  mouhid - ok
23:58:03.0899 0x1050  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:58:03.0899 0x1050  mountmgr - ok
23:58:03.0946 0x1050  [ CF4A82F6176A06F7B2F7FE98C8490566, 3E882902B269BA80366262C519B1A02E5C5FED67CDB73F5698B25FA540F4B50F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:58:03.0946 0x1050  MozillaMaintenance - ok
23:58:03.0977 0x1050  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:58:03.0977 0x1050  mpio - ok
23:58:03.0993 0x1050  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:58:03.0993 0x1050  mpsdrv - ok
23:58:04.0039 0x1050  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:58:04.0039 0x1050  MpsSvc - ok
23:58:04.0071 0x1050  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:58:04.0071 0x1050  MRxDAV - ok
23:58:04.0086 0x1050  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:58:04.0086 0x1050  mrxsmb - ok
23:58:04.0102 0x1050  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:58:04.0102 0x1050  mrxsmb10 - ok
23:58:04.0133 0x1050  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:58:04.0133 0x1050  mrxsmb20 - ok
23:58:04.0164 0x1050  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:58:04.0164 0x1050  msahci - ok
23:58:04.0180 0x1050  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:58:04.0195 0x1050  msdsm - ok
23:58:04.0211 0x1050  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:58:04.0211 0x1050  MSDTC - ok
23:58:04.0242 0x1050  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:58:04.0242 0x1050  Msfs - ok
23:58:04.0258 0x1050  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:58:04.0258 0x1050  mshidkmdf - ok
23:58:04.0289 0x1050  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:58:04.0289 0x1050  msisadrv - ok
23:58:04.0305 0x1050  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:58:04.0320 0x1050  MSiSCSI - ok
23:58:04.0320 0x1050  msiserver - ok
23:58:04.0336 0x1050  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:58:04.0336 0x1050  MSKSSRV - ok
23:58:04.0367 0x1050  [ 103B3BBE23AB774B009D182276EC6786, 823AF63D5D47B56455078DD20DF000D11A0BD2E094E9002E5B9E8245D7AEAE68 ] msloop          C:\Windows\system32\DRIVERS\loop.sys
23:58:04.0367 0x1050  msloop - ok
23:58:04.0398 0x1050  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:58:04.0398 0x1050  MSPCLOCK - ok
23:58:04.0398 0x1050  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:58:04.0398 0x1050  MSPQM - ok
23:58:04.0429 0x1050  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:58:04.0445 0x1050  MsRPC - ok
23:58:04.0476 0x1050  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:58:04.0476 0x1050  mssmbios - ok
23:58:04.0476 0x1050  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:58:04.0476 0x1050  MSTEE - ok
23:58:04.0492 0x1050  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:58:04.0492 0x1050  MTConfig - ok
23:58:04.0507 0x1050  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:58:04.0507 0x1050  Mup - ok
23:58:04.0570 0x1050  [ 4C639325B8D613D1A575BDFD3EE4F070, 79EE17D44BC8240F10B335534D5D63CADC3937ABAFCA869E8D985436491B6577 ] MUTENX_SERVICE  C:\Windows\system32\DRIVERS\mutenx.sys
23:58:04.0570 0x1050  MUTENX_SERVICE - ok
23:58:04.0632 0x1050  [ 95F1FDE96E91FF9E54DE2846528D6552, 70A19F769376B6A4AF9D99956ABB58E2E0017E93890539FD4B480A9A59C2F8FC ] MUTESV_SERVICE  C:\Program Files\ASTER-V7\mutesv.exe
23:58:04.0632 0x1050  MUTESV_SERVICE - ok
23:58:04.0663 0x1050  [ 34D08C9C64F657D194961E96C47E9C69, FB56083CDF23E1601EC7EC5A74ADFFF1BE304BF4F4B485DE2E9609C5C14FACC4 ] mv91xx          C:\Windows\system32\DRIVERS\mv91xx.sys
23:58:04.0663 0x1050  mv91xx - ok
23:58:04.0710 0x1050  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
23:58:04.0710 0x1050  napagent - ok
23:58:04.0741 0x1050  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:58:04.0757 0x1050  NativeWifiP - ok
23:58:04.0788 0x1050  [ 64899EA9F8E9D23CE990AB86E7C3DB1D, 84F7F58CD01155C1B37CEFFC5E76087718FA9113A0C8778B5E531784848E8D73 ] nbdrv           C:\Windows\system32\DRIVERS\nbdrv.sys
23:58:04.0788 0x1050  nbdrv - ok
23:58:04.0835 0x1050  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:58:04.0851 0x1050  NDIS - ok
23:58:04.0866 0x1050  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:58:04.0882 0x1050  NdisCap - ok
23:58:04.0897 0x1050  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:58:04.0897 0x1050  NdisTapi - ok
23:58:04.0929 0x1050  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:58:04.0929 0x1050  Ndisuio - ok
23:58:04.0960 0x1050  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:58:04.0960 0x1050  NdisWan - ok
23:58:04.0991 0x1050  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:58:04.0991 0x1050  NDProxy - ok
23:58:05.0069 0x1050  [ D1A020E25DD261381DB95AF4E9223A3B, 0E02CCFB76ADBF23A25C963B9F1A1E921B39670E773B54C98C0CE591C14C441D ] NetBalancerService C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
23:58:05.0069 0x1050  NetBalancerService - ok
23:58:05.0085 0x1050  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:58:05.0085 0x1050  NetBIOS - ok
23:58:05.0116 0x1050  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:58:05.0116 0x1050  NetBT - ok
23:58:05.0131 0x1050  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
23:58:05.0131 0x1050  Netlogon - ok
23:58:05.0163 0x1050  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:58:05.0163 0x1050  Netman - ok
23:58:05.0194 0x1050  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:58:05.0194 0x1050  NetMsmqActivator - ok
23:58:05.0194 0x1050  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:58:05.0209 0x1050  NetPipeActivator - ok
23:58:05.0225 0x1050  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:58:05.0225 0x1050  netprofm - ok
23:58:05.0225 0x1050  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:58:05.0225 0x1050  NetTcpActivator - ok
23:58:05.0241 0x1050  [ 9A7D3A1AA5C830744FF6C44BB55A347A, 42D3281893DB4C0DDA6A7BDA92D3CCE23968D0E3CF880777B8DBBFD955629B08 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:58:05.0241 0x1050  NetTcpPortSharing - ok
23:58:05.0287 0x1050  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:58:05.0287 0x1050  nfrd960 - ok
23:58:05.0334 0x1050  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:58:05.0334 0x1050  NlaSvc - ok
23:58:05.0350 0x1050  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:58:05.0350 0x1050  Npfs - ok
23:58:05.0365 0x1050  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:58:05.0365 0x1050  nsi - ok
23:58:05.0365 0x1050  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:58:05.0365 0x1050  nsiproxy - ok
23:58:05.0412 0x1050  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:58:05.0459 0x1050  Ntfs - ok
23:58:05.0459 0x1050  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:58:05.0459 0x1050  Null - ok
23:58:05.0506 0x1050  [ 7E4355930B28C2798D9F09AB9F81151F, 941C730F3B75BDF99639E76350031EDD15F18D8D860F3B1282C28B62096E7717 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
23:58:05.0506 0x1050  NVHDA - ok
23:58:05.0724 0x1050  [ 3B99271224C43ADAB5A7F8D4B574AE3F, 931B011EA7796C61922D892C11D880BCC0383FCECABC4F4855AF89BA20B9B01B ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:58:05.0818 0x1050  nvlddmkm - ok
23:58:05.0927 0x1050  [ EC4F787905DC5753C46A4C05CEBADF45, 334E7E277A6FDABD91108DC4FE0D861DE6C00616CCFDC5E2D390CDDED62AF5D5 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
23:58:05.0943 0x1050  NvNetworkService - ok
23:58:05.0958 0x1050  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:58:05.0974 0x1050  nvraid - ok
23:58:05.0989 0x1050  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:58:05.0989 0x1050  nvstor - ok
23:58:06.0036 0x1050  [ D92F4ED189C8207D0274B8B6BB494892, 8F7656662D3F26BE51AED9B7368278B18915F98A627E70021F914016BF3E22DB ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
23:58:06.0036 0x1050  NvStreamKms - ok
23:58:06.0052 0x1050  NvStreamSvc - ok
23:58:06.0099 0x1050  [ 97ADEBE576474D4CEC53F8E06590FFC8, 2CC8587AAB595D7621AA57A33D94789BD9DC6DBFB4FA9BDEFBB425B7ACCB65AB ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:58:06.0099 0x1050  nvsvc - ok
23:58:06.0130 0x1050  [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
23:58:06.0130 0x1050  nvvad_WaveExtensible - ok
23:58:06.0161 0x1050  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:58:06.0161 0x1050  nv_agp - ok
23:58:06.0255 0x1050  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:58:06.0270 0x1050  odserv - ok
23:58:06.0286 0x1050  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:58:06.0286 0x1050  ohci1394 - ok
23:58:06.0333 0x1050  [ D29D5E61A5722630BB58940D1E4E231A, 82DDE4F3A8B2913890B14BCC8A01E1A5D7328CFF38B4FE52C022DDB7F56ED154 ] OpenVPNService  C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
23:58:06.0333 0x1050  OpenVPNService - ok
23:58:06.0364 0x1050  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:58:06.0364 0x1050  ose - ok
23:58:06.0395 0x1050  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:58:06.0395 0x1050  p2pimsvc - ok
23:58:06.0426 0x1050  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:58:06.0426 0x1050  p2psvc - ok
23:58:06.0457 0x1050  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:58:06.0457 0x1050  Parport - ok
23:58:06.0473 0x1050  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:58:06.0473 0x1050  partmgr - ok
23:58:06.0504 0x1050  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:58:06.0504 0x1050  PcaSvc - ok
23:58:06.0504 0x1050  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
23:58:06.0520 0x1050  pci - ok
23:58:06.0535 0x1050  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:58:06.0535 0x1050  pciide - ok
23:58:06.0551 0x1050  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:58:06.0567 0x1050  pcmcia - ok
23:58:06.0582 0x1050  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:58:06.0582 0x1050  pcw - ok
23:58:06.0598 0x1050  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:58:06.0598 0x1050  PEAUTH - ok
23:58:06.0629 0x1050  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
23:58:06.0678 0x1050  PeerDistSvc - ok
23:58:06.0745 0x1050  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:58:06.0746 0x1050  PerfHost - ok
23:58:06.0794 0x1050  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
23:58:06.0808 0x1050  pla - ok
23:58:06.0852 0x1050  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:58:06.0852 0x1050  PlugPlay - ok
23:58:06.0899 0x1050  PnkBstrA - ok
23:58:06.0915 0x1050  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:58:06.0915 0x1050  PNRPAutoReg - ok
23:58:06.0930 0x1050  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:58:06.0930 0x1050  PNRPsvc - ok
23:58:06.0961 0x1050  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:58:06.0961 0x1050  PolicyAgent - ok
23:58:06.0993 0x1050  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:58:06.0993 0x1050  Power - ok
23:58:07.0024 0x1050  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:58:07.0024 0x1050  PptpMiniport - ok
23:58:07.0039 0x1050  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:58:07.0039 0x1050  Processor - ok
23:58:07.0071 0x1050  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:58:07.0071 0x1050  ProfSvc - ok
23:58:07.0086 0x1050  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:58:07.0086 0x1050  ProtectedStorage - ok
23:58:07.0133 0x1050  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:58:07.0133 0x1050  Psched - ok
23:58:07.0180 0x1050  [ C32ECB99AD25E9A04F01C8665DF29EF8, 0489B3DEC6A33E50D8A48A8DAD3F5B923A81F7300E4A71358D90D2879BAC9AA2 ] pwdrvio         C:\Windows\system32\pwdrvio.sys
23:58:07.0180 0x1050  pwdrvio - ok
23:58:07.0227 0x1050  [ D619356B955EEFA642F5FF72755E8B3C, 1FD54978A77ACD6FBF1236E177ED074894743A9141E4169FE9AFE28680FC93C5 ] pwdspio         C:\Windows\system32\pwdspio.sys
23:58:07.0227 0x1050  pwdspio - ok
23:58:07.0289 0x1050  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:58:07.0305 0x1050  ql2300 - ok
23:58:07.0320 0x1050  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:58:07.0320 0x1050  ql40xx - ok
23:58:07.0351 0x1050  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:58:07.0367 0x1050  QWAVE - ok
23:58:07.0367 0x1050  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:58:07.0367 0x1050  QWAVEdrv - ok
23:58:07.0383 0x1050  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:58:07.0383 0x1050  RasAcd - ok
23:58:07.0414 0x1050  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:58:07.0414 0x1050  RasAgileVpn - ok
23:58:07.0429 0x1050  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:58:07.0429 0x1050  RasAuto - ok
23:58:07.0461 0x1050  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:58:07.0461 0x1050  Rasl2tp - ok
23:58:07.0492 0x1050  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
23:58:07.0492 0x1050  RasMan - ok
23:58:07.0507 0x1050  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:58:07.0507 0x1050  RasPppoe - ok
23:58:07.0523 0x1050  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:58:07.0523 0x1050  RasSstp - ok
23:58:07.0539 0x1050  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:58:07.0554 0x1050  rdbss - ok
23:58:07.0554 0x1050  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:58:07.0554 0x1050  rdpbus - ok
23:58:07.0570 0x1050  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:58:07.0570 0x1050  RDPCDD - ok
23:58:07.0601 0x1050  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
23:58:07.0601 0x1050  RDPDR - ok
23:58:07.0617 0x1050  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:58:07.0617 0x1050  RDPENCDD - ok
23:58:07.0632 0x1050  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:58:07.0632 0x1050  RDPREFMP - ok
23:58:07.0663 0x1050  [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:58:07.0663 0x1050  RdpVideoMiniport - ok
23:58:07.0695 0x1050  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:58:07.0695 0x1050  RDPWD - ok
23:58:07.0726 0x1050  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:58:07.0726 0x1050  rdyboost - ok
23:58:07.0741 0x1050  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:58:07.0741 0x1050  RemoteAccess - ok
23:58:07.0773 0x1050  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:58:07.0773 0x1050  RemoteRegistry - ok
23:58:07.0819 0x1050  [ 9C3AC71A9934B884FAC567A8807E9C4D, 0B6B2970098E3C21E1E54A25785544903E8CD415B527FCEF86ABC7B33BEC83E7 ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
23:58:07.0819 0x1050  Revoflt - ok
23:58:07.0866 0x1050  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:58:07.0866 0x1050  RFCOMM - ok
23:58:07.0866 0x1050  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:58:07.0866 0x1050  RpcEptMapper - ok
23:58:07.0897 0x1050  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:58:07.0897 0x1050  RpcLocator - ok
23:58:07.0929 0x1050  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
23:58:07.0929 0x1050  RpcSs - ok
23:58:07.0975 0x1050  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:58:07.0975 0x1050  rspndr - ok
23:58:07.0991 0x1050  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
23:58:07.0991 0x1050  s3cap - ok
23:58:07.0991 0x1050  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
23:58:08.0007 0x1050  SamSs - ok
23:58:08.0069 0x1050  [ B38103F1B78072D53EC23AC8287A72C2, B502C6AD64DC3D1185086623D32C275CEAF1F50BE22011B2B7F55B7FC0135857 ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
23:58:08.0069 0x1050  SbieDrv - ok
23:58:08.0131 0x1050  [ 542B3B5219AA6CE3E55B7C70021C0C35, B47E23E647AAD7C88DE7116F11973D3E6B7423A13B4F0709F2A11CC405423E10 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
23:58:08.0131 0x1050  SbieSvc - ok
23:58:08.0147 0x1050  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:58:08.0147 0x1050  sbp2port - ok
23:58:08.0163 0x1050  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:58:08.0163 0x1050  SCardSvr - ok
23:58:08.0194 0x1050  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:58:08.0194 0x1050  scfilter - ok
23:58:08.0241 0x1050  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
23:58:08.0256 0x1050  Schedule - ok
23:58:08.0287 0x1050  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:58:08.0287 0x1050  SCPolicySvc - ok
23:58:08.0319 0x1050  [ 0447065A6E10774EFCECFDD0EB970A79, 384A9AC72E756F96D43EE4B144A466564476AFD8778092C979116BB29A514433 ] ScpVBus         C:\Windows\system32\DRIVERS\ScpVBus.sys
23:58:08.0319 0x1050  ScpVBus - ok
23:58:08.0350 0x1050  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:58:08.0350 0x1050  SDRSVC - ok
23:58:08.0365 0x1050  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:58:08.0381 0x1050  secdrv - ok
23:58:08.0397 0x1050  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
23:58:08.0397 0x1050  seclogon - ok
23:58:08.0412 0x1050  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:58:08.0412 0x1050  SENS - ok
23:58:08.0428 0x1050  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:58:08.0428 0x1050  SensrSvc - ok
23:58:08.0459 0x1050  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:58:08.0459 0x1050  Serenum - ok
23:58:08.0475 0x1050  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:58:08.0475 0x1050  Serial - ok
23:58:08.0506 0x1050  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:58:08.0506 0x1050  sermouse - ok
23:58:08.0537 0x1050  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
23:58:08.0537 0x1050  SessionEnv - ok
23:58:08.0568 0x1050  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:58:08.0568 0x1050  sffdisk - ok
23:58:08.0568 0x1050  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:58:08.0568 0x1050  sffp_mmc - ok
23:58:08.0568 0x1050  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:58:08.0584 0x1050  sffp_sd - ok
23:58:08.0584 0x1050  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:58:08.0584 0x1050  sfloppy - ok
23:58:08.0615 0x1050  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:58:08.0631 0x1050  SharedAccess - ok
23:58:08.0662 0x1050  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:58:08.0662 0x1050  ShellHWDetection - ok
23:58:08.0677 0x1050  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:58:08.0677 0x1050  SiSRaid2 - ok
23:58:08.0693 0x1050  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:58:08.0693 0x1050  SiSRaid4 - ok
23:58:08.0740 0x1050  [ A9C057A9463C25490CF99EA8DF8A4B35, 8F4D1C40D0F17EDBF84ED455B8946F782C7552383F0A07E410A9B6CFF7F51D63 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:58:08.0740 0x1050  SkypeUpdate - ok
23:58:08.0771 0x1050  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:58:08.0771 0x1050  Smb - ok
23:58:08.0802 0x1050  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:58:08.0802 0x1050  SNMPTRAP - ok
23:58:08.0802 0x1050  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:58:08.0818 0x1050  spldr - ok
23:58:08.0849 0x1050  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
23:58:08.0849 0x1050  Spooler - ok
23:58:08.0927 0x1050  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:58:08.0958 0x1050  sppsvc - ok
23:58:08.0989 0x1050  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:58:08.0989 0x1050  sppuinotify - ok
23:58:09.0099 0x1050  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:58:09.0114 0x1050  srv - ok
23:58:09.0130 0x1050  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:58:09.0130 0x1050  srv2 - ok
23:58:09.0161 0x1050  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:58:09.0161 0x1050  srvnet - ok
23:58:09.0192 0x1050  [ D52282225D5BD73A9CBF420699D1A0FE, CDBB5DDF90C3FAC9F009C870C4396D95D7D2E1643C757B6E36464D0028C3FB46 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
23:58:09.0192 0x1050  ssadbus - ok
23:58:09.0223 0x1050  [ F7936AC6E8437E10E1AE488CE21F3086, 40F181733E85473497990951C4ED4CB672C76AC99E25FC4EAAB851BF60B5C44F ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
23:58:09.0223 0x1050  ssadmdfl - ok
23:58:09.0239 0x1050  [ 1FE033372A58C67B3ECCA903FC637B36, 3977E4288D151AC871681916AFCE38FCC8FA5A6D53A72E02AF37E9E18BAEF951 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
23:58:09.0239 0x1050  ssadmdm - ok
23:58:09.0270 0x1050  [ 5EB7DA2F72B90C8398DF9D7A82E43FCB, 7F89AB72A15CE909BC04A2DCDF687F507E6D800D93F460BF592466E5620FA34E ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
23:58:09.0270 0x1050  ssadserd - ok
23:58:09.0317 0x1050  [ ED161B91FDF7EAA39469D72D463D5F4E, FC793E378FB709313D0AC44F59BF5C9488D73235AA2B1A21C50C3DED91C6BE62 ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
23:58:09.0317 0x1050  sscdbus - ok
23:58:09.0333 0x1050  [ 4CB09E77593DBD8D7AF33B37375CA715, 7B14851A8EDAA996D28335FD4DA812C6114DD5012E1E929F4813797CDC77E5BC ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
23:58:09.0333 0x1050  sscdmdfl - ok
23:58:09.0348 0x1050  [ C7B4CF53497A6E5363F3439427663882, 993278ADAAC18F12FE00CCF76681461451DA335F67BB581FC7326045048EC085 ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
23:58:09.0348 0x1050  sscdmdm - ok
23:58:09.0379 0x1050  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:58:09.0379 0x1050  SSDPSRV - ok
23:58:09.0395 0x1050  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:58:09.0395 0x1050  SstpSvc - ok
23:58:09.0426 0x1050  [ A3DB02B3FE0884E9167E457D167C8A73, E4E19A9C48B4C9037D3B8755010D385BBCC0B347AF42BE3388487CFD4E61C63E ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
23:58:09.0426 0x1050  ssudmdm - ok
23:58:09.0457 0x1050  [ 3AD097CBFFBED1D975F0B533A90402D0, 79EC9CBA6AF1AB0188BB12D6B97E51E5AF754E35673674CA02243136FB17A331 ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
23:58:09.0457 0x1050  ssudserd - ok
23:58:09.0520 0x1050  [ 49B1E5AF3AA400752A20BE169CB73DFA, D990BC79B289912EB07F3FD50F1236C593A45C5E9B7BD8162269687258E07CE2 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:58:09.0520 0x1050  Stereo Service - ok
23:58:09.0551 0x1050  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:58:09.0551 0x1050  stexstor - ok
23:58:09.0582 0x1050  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
23:58:09.0598 0x1050  stisvc - ok
23:58:09.0629 0x1050  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
23:58:09.0629 0x1050  storflt - ok
23:58:09.0645 0x1050  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
23:58:09.0645 0x1050  storvsc - ok
23:58:09.0676 0x1050  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:58:09.0676 0x1050  swenum - ok
23:58:09.0738 0x1050  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:58:09.0738 0x1050  SwitchBoard - ok
23:58:09.0769 0x1050  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:58:09.0769 0x1050  swprv - ok
23:58:09.0847 0x1050  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
23:58:09.0863 0x1050  SysMain - ok
23:58:09.0894 0x1050  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:58:09.0894 0x1050  TabletInputService - ok
23:58:09.0910 0x1050  [ F0B9D3ED88E56D3CD713DFF21E42AAF0, D914422032A6EC6B161F20CD040B631F8AF18D4B942F6CBE7E32069EBF551B6A ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
23:58:09.0910 0x1050  tap0901 - ok
23:58:09.0957 0x1050  [ B08740047145B9BCE15BF75CA0F9718A, 3E2A8A5A2A4DC4D0F05E22EA2C0EBD85AA5C7C6854E873D53538D1F54B8F7C63 ] tap0901t        C:\Windows\system32\DRIVERS\tap0901t.sys
23:58:09.0957 0x1050  tap0901t - ok
23:58:09.0988 0x1050  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:58:09.0988 0x1050  TapiSrv - ok
23:58:10.0003 0x1050  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
23:58:10.0003 0x1050  TBS - ok
23:58:10.0050 0x1050  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:58:10.0066 0x1050  Tcpip - ok
23:58:10.0128 0x1050  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:58:10.0144 0x1050  TCPIP6 - ok
23:58:10.0175 0x1050  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:58:10.0175 0x1050  tcpipreg - ok
23:58:10.0206 0x1050  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:58:10.0206 0x1050  TDPIPE - ok
23:58:10.0237 0x1050  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:58:10.0237 0x1050  TDTCP - ok
23:58:10.0253 0x1050  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:58:10.0253 0x1050  tdx - ok
23:58:10.0284 0x1050  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:58:10.0284 0x1050  TermDD - ok
23:58:10.0315 0x1050  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
23:58:10.0331 0x1050  TermService - ok
23:58:10.0347 0x1050  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:58:10.0347 0x1050  Themes - ok
23:58:10.0362 0x1050  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:58:10.0362 0x1050  THREADORDER - ok
23:58:10.0378 0x1050  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:58:10.0378 0x1050  TrkWks - ok
23:58:10.0440 0x1050  [ 132C0E39AF0312E6B9611E2E1B344D41, 8B26EB55C5E0721498FF28A2865697FF761D237626A920608B5A80360BBD1285 ] trufos          C:\Windows\system32\DRIVERS\trufos.sys
23:58:10.0456 0x1050  trufos - ok
23:58:10.0503 0x1050  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:58:10.0503 0x1050  TrustedInstaller - ok
23:58:10.0534 0x1050  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:58:10.0534 0x1050  tssecsrv - ok
23:58:10.0549 0x1050  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:58:10.0549 0x1050  TsUsbFlt - ok
23:58:10.0581 0x1050  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:58:10.0581 0x1050  tunnel - ok
23:58:10.0674 0x1050  [ A96BE6F92EDE53BA5997B2AE7367EACD, D2CE331F0BBA15C19A66BEF91FBDA96536F656C89DC9FE1A2F88D0C368986BB2 ] TunngleService  C:\Program Files (x86)\Tunngle\TnglCtrl.exe
23:58:10.0674 0x1050  TunngleService - ok
23:58:10.0705 0x1050  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:58:10.0705 0x1050  uagp35 - ok
23:58:10.0721 0x1050  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:58:10.0737 0x1050  udfs - ok
23:58:10.0752 0x1050  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:58:10.0752 0x1050  UI0Detect - ok
23:58:10.0783 0x1050  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:58:10.0783 0x1050  uliagpkx - ok
23:58:10.0830 0x1050  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
23:58:10.0830 0x1050  umbus - ok
23:58:10.0861 0x1050  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:58:10.0861 0x1050  UmPass - ok
23:58:10.0877 0x1050  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
23:58:10.0877 0x1050  UmRdpService - ok
23:58:10.0986 0x1050  [ CD114CE02A10FA79C229770788106842, A02E0FE0865CE7E14D27F23CE748F5EFBE3F14CA350B0F26623E174227F30643 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:58:11.0002 0x1050  UNS - ok
23:58:11.0017 0x1050  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:58:11.0033 0x1050  upnphost - ok
23:58:11.0080 0x1050  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:58:11.0080 0x1050  usbaudio - ok
23:58:11.0111 0x1050  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:58:11.0111 0x1050  usbccgp - ok
23:58:11.0127 0x1050  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:58:11.0127 0x1050  usbcir - ok
23:58:11.0158 0x1050  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:58:11.0158 0x1050  usbehci - ok
23:58:11.0173 0x1050  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:58:11.0189 0x1050  usbhub - ok
23:58:11.0205 0x1050  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:58:11.0205 0x1050  usbohci - ok
23:58:11.0236 0x1050  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:58:11.0236 0x1050  usbprint - ok
23:58:11.0251 0x1050  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:58:11.0251 0x1050  USBSTOR - ok
23:58:11.0267 0x1050  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:58:11.0267 0x1050  usbuhci - ok
23:58:11.0314 0x1050  [ B54AD96DD1852D47E7C4ECF44D65829F, 27A64B2AEA2F96606906C0A7415ABAE6435AA97DD65C4FC6D77F385906F313BA ] uvhid           C:\Windows\system32\DRIVERS\uvhid.sys
23:58:11.0314 0x1050  uvhid - ok
23:58:11.0329 0x1050  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:58:11.0329 0x1050  UxSms - ok
23:58:11.0345 0x1050  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
23:58:11.0345 0x1050  VaultSvc - ok
23:58:11.0376 0x1050  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:58:11.0376 0x1050  vdrvroot - ok
23:58:11.0423 0x1050  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
23:58:11.0423 0x1050  vds - ok
23:58:11.0439 0x1050  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:58:11.0439 0x1050  vga - ok
23:58:11.0454 0x1050  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:58:11.0454 0x1050  VgaSave - ok
23:58:11.0485 0x1050  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:58:11.0485 0x1050  vhdmp - ok
23:58:11.0501 0x1050  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:58:11.0501 0x1050  viaide - ok
23:58:11.0532 0x1050  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
23:58:11.0532 0x1050  vmbus - ok
23:58:11.0563 0x1050  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
23:58:11.0563 0x1050  VMBusHID - ok
23:58:11.0595 0x1050  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:58:11.0595 0x1050  volmgr - ok
23:58:11.0626 0x1050  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:58:11.0626 0x1050  volmgrx - ok
23:58:11.0641 0x1050  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:58:11.0641 0x1050  volsnap - ok
23:58:11.0673 0x1050  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:58:11.0673 0x1050  vsmraid - ok
23:58:11.0719 0x1050  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
23:58:11.0735 0x1050  VSS - ok
23:58:11.0766 0x1050  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:58:11.0766 0x1050  vwifibus - ok
23:58:11.0797 0x1050  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:58:11.0813 0x1050  W32Time - ok
23:58:11.0829 0x1050  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:58:11.0829 0x1050  WacomPen - ok
23:58:11.0860 0x1050  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:58:11.0860 0x1050  WANARP - ok
23:58:11.0875 0x1050  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:58:11.0875 0x1050  Wanarpv6 - ok
23:58:11.0922 0x1050  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:58:11.0938 0x1050  WatAdminSvc - ok
23:58:11.0985 0x1050  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
23:58:11.0985 0x1050  wbengine - ok
23:58:12.0016 0x1050  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:58:12.0016 0x1050  WbioSrvc - ok
23:58:12.0047 0x1050  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:58:12.0047 0x1050  wcncsvc - ok
23:58:12.0063 0x1050  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:58:12.0063 0x1050  WcsPlugInService - ok
23:58:12.0094 0x1050  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:58:12.0094 0x1050  Wd - ok
23:58:12.0125 0x1050  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:58:12.0141 0x1050  Wdf01000 - ok
23:58:12.0141 0x1050  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:58:12.0141 0x1050  WdiServiceHost - ok
23:58:12.0141 0x1050  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:58:12.0141 0x1050  WdiSystemHost - ok
23:58:12.0172 0x1050  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
23:58:12.0172 0x1050  WebClient - ok
23:58:12.0187 0x1050  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:58:12.0187 0x1050  Wecsvc - ok
23:58:12.0203 0x1050  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:58:12.0203 0x1050  wercplsupport - ok
23:58:12.0234 0x1050  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:58:12.0234 0x1050  WerSvc - ok
23:58:12.0250 0x1050  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:58:12.0250 0x1050  WfpLwf - ok
23:58:12.0265 0x1050  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:58:12.0265 0x1050  WIMMount - ok
23:58:12.0281 0x1050  WinDefend - ok
23:58:12.0297 0x1050  WinHttpAutoProxySvc - ok
23:58:12.0343 0x1050  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:58:12.0343 0x1050  Winmgmt - ok
23:58:12.0406 0x1050  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
23:58:12.0421 0x1050  WinRM - ok
23:58:12.0468 0x1050  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
23:58:12.0468 0x1050  WinUSB - ok
23:58:12.0499 0x1050  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:58:12.0515 0x1050  Wlansvc - ok
23:58:12.0640 0x1050  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:58:12.0671 0x1050  wlidsvc - ok
23:58:12.0702 0x1050  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:58:12.0702 0x1050  WmiAcpi - ok
23:58:12.0733 0x1050  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:58:12.0733 0x1050  wmiApSrv - ok
23:58:12.0765 0x1050  WMPNetworkSvc - ok
23:58:12.0765 0x1050  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:58:12.0765 0x1050  WPCSvc - ok
23:58:12.0796 0x1050  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:58:12.0796 0x1050  WPDBusEnum - ok
23:58:12.0827 0x1050  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:58:12.0827 0x1050  ws2ifsl - ok
23:58:12.0827 0x1050  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:58:12.0827 0x1050  wscsvc - ok
23:58:12.0843 0x1050  WSearch - ok
23:58:12.0905 0x1050  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:58:12.0936 0x1050  wuauserv - ok
23:58:12.0952 0x1050  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:58:12.0952 0x1050  WudfPf - ok
23:58:12.0983 0x1050  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:58:12.0983 0x1050  WUDFRd - ok
23:58:13.0014 0x1050  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:58:13.0014 0x1050  wudfsvc - ok
23:58:13.0030 0x1050  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:58:13.0045 0x1050  WwanSvc - ok
23:58:13.0092 0x1050  [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
23:58:13.0092 0x1050  xnacc - ok
23:58:13.0123 0x1050  [ 9176C0822FAA649E45121875BE32F5D2, B7A7A906A7BB0F760ED241F998C647D728C4DB5D8778AFE585DF38331165803F ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
23:58:13.0123 0x1050  xusb21 - ok
23:58:13.0155 0x1050  ================ Scan global ===============================
23:58:13.0170 0x1050  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:58:13.0201 0x1050  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:58:13.0217 0x1050  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:58:13.0233 0x1050  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:58:13.0264 0x1050  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:58:13.0279 0x1050  [ Global ] - ok
23:58:13.0279 0x1050  ================ Scan MBR ==================================
23:58:13.0279 0x1050  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:58:13.0607 0x1050  \Device\Harddisk0\DR0 - ok
23:58:13.0654 0x1050  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk4\DR4
23:58:13.0654 0x1050  \Device\Harddisk4\DR4 - ok
23:58:13.0654 0x1050  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
23:58:14.0434 0x1050  \Device\Harddisk2\DR2 - ok
23:58:14.0465 0x1050  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
23:58:14.0481 0x1050  \Device\Harddisk3\DR3 - ok
23:58:14.0481 0x1050  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
23:58:14.0481 0x1050  \Device\Harddisk1\DR1 - ok
23:58:14.0481 0x1050  [ 19BC89F4DBC1E943E88B6899FC98A642 ] \Device\Harddisk5\DR5
23:58:14.0808 0x1050  \Device\Harddisk5\DR5 - ok
23:58:14.0808 0x1050  ================ Scan VBR ==================================
23:58:14.0824 0x1050  [ E6A8567247FC7C6CA8C802212D6D33AA ] \Device\Harddisk0\DR0\Partition1
23:58:14.0824 0x1050  \Device\Harddisk0\DR0\Partition1 - ok
23:58:14.0824 0x1050  [ 3EE447FF2F5141687557F2E59739471D ] \Device\Harddisk0\DR0\Partition2
23:58:14.0824 0x1050  \Device\Harddisk0\DR0\Partition2 - ok
23:58:14.0824 0x1050  [ 9AA7E5D1D67FD82C0AF8B747037C022A ] \Device\Harddisk0\DR0\Partition3
23:58:14.0824 0x1050  \Device\Harddisk0\DR0\Partition3 - ok
23:58:14.0824 0x1050  [ 09F84BE3DAB0090323D0624FADB5C0ED ] \Device\Harddisk4\DR4\Partition1
23:58:14.0871 0x1050  \Device\Harddisk4\DR4\Partition1 - ok
23:58:14.0871 0x1050  [ DF4A563346CF0189BF556072B5BCCB87 ] \Device\Harddisk2\DR2\Partition1
23:58:14.0917 0x1050  \Device\Harddisk2\DR2\Partition1 - ok
23:58:14.0917 0x1050  [ 4F910BB2B28416F1AF95E6ADBC2852C0 ] \Device\Harddisk3\DR3\Partition1
23:58:14.0917 0x1050  \Device\Harddisk3\DR3\Partition1 - ok
23:58:14.0917 0x1050  [ A4F87EEB36C266F6764674A9AFBF83E0 ] \Device\Harddisk1\DR1\Partition1
23:58:14.0917 0x1050  \Device\Harddisk1\DR1\Partition1 - ok
23:58:14.0933 0x1050  ================ Scan generic autorun ======================
23:58:15.0151 0x1050  [ FBDF607ED7EF0467639DB501E1FD938C, 040528158D85D13122DB043144A982D6DC8744E75D140DB17A9BA5B93DC6B74D ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:58:15.0261 0x1050  RtHDVCpl - ok
23:58:15.0276 0x1050  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
23:58:15.0292 0x1050  ShadowPlay - ok
23:58:15.0354 0x1050  [ 1F441326CD77B3F1532D487004B180FF, FD2FE6EECE1EF99F800DAF7B0C825C94FACE4C6D5806A2335B4D3C41F1E87F7F ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
23:58:15.0385 0x1050  NvBackend - ok
23:58:15.0417 0x1050  [ ED43758BF94B8A5221D69F1B7F63F13D, F6E7418823E45085F4D4F50DD25A55ED517C0A335C6C2F69A1139B30677D3DA9 ] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
23:58:15.0432 0x1050  XboxStat - ok
23:58:15.0463 0x1050  [ A5299DCA34A86268F3A635CDCF6E8F57, FCBC168BD4465340BDC4E1589C7C5EFEED9AB711200036247EB951C71ED39538 ] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
23:58:15.0463 0x1050  AtherosBtStack - ok
23:58:15.0479 0x1050  [ A1D17BD52F1A2E387EEE1C6543AC2671, AC33526CD009790C2EC229F1F87C8B7BDCEF12A281953CC92B124014B00361B1 ] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
23:58:15.0495 0x1050  AthBtTray - ok
23:58:15.0510 0x1050  [ 17D9440D55500418C8FDB8EF1390C5AD, C4C57AE427FB89EFDFC1D111C300BB588E475BE90DD57084C03399557641F948 ] C:\Windows\RaidTool\xInsIDE.exe
23:58:15.0510 0x1050  JMB36X IDE Setup - ok
23:58:15.0526 0x1050  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
23:58:15.0541 0x1050  SwitchBoard - ok
23:58:15.0588 0x1050  [ 27CFFB1E41A2BE2A25957A679BD84E10, 521DC8F3439EAA780AE0DA68B0FC6E671963AF76E165590EA83D2F6896B1C941 ] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
23:58:15.0588 0x1050  AdobeCS5ServiceManager - ok
23:58:15.0635 0x1050  [ EDD15222718345DEF9F12336BA2405D1, 23267A37B7E58CEA5A30BB7B0E217BF4846B07E63FCEEF404FCA66C48A21FFC6 ] C:\Program Files (x86)\Ad Muncher\AdMunch.exe
23:58:15.0635 0x1050  Ad Muncher - ok
23:58:15.0697 0x1050  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:58:15.0729 0x1050  Sidebar - ok
23:58:15.0760 0x1050  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:58:15.0760 0x1050  mctadmin - ok
23:58:15.0775 0x1050  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:58:15.0791 0x1050  Sidebar - ok
23:58:15.0791 0x1050  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:58:15.0791 0x1050  mctadmin - ok
23:58:15.0900 0x1050  [ 70FB66F69C2B9383EB5A74BC1B09BF40, 3B065890DAA319331553A179DE9063413973E74A3054623475637B7493D3136E ] C:\Program Files (x86)\X7 Oscar Keyboard Editor\\OscarEditor.exe
23:58:15.0931 0x1050  OscarEditor - ok
23:58:16.0009 0x1050  [ 70FB66F69C2B9383EB5A74BC1B09BF40, 3B065890DAA319331553A179DE9063413973E74A3054623475637B7493D3136E ] C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe
23:58:16.0041 0x1050  OscarKeyboard - ok
23:58:16.0103 0x1050  [ 22729291AED6FE5344F893B87D13254B, 4F4F2045CD3E68097F5D25B8A74367C4A5030A041CA93890939FBAA3DBCC8E44 ] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
23:58:16.0103 0x1050  KiesHelper - ok
23:58:16.0165 0x1050  [ 0885C4F0E2B2E22F20895D4124E57C8F, 94F88F65F9F7AB3B591148798CA487013661F292453BE3FF2FDE49A8FEF3D127 ] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
23:58:16.0197 0x1050  KiesTrayAgent - ok
23:58:16.0243 0x1050  [ E3FC7ACB10D26543FEA8C5B17F2067B8, C444B1B95D0C6E2E6AB0E689D8A026FEA2FE520A3B3CBFEEAE52CB3143D6CB66 ] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
23:58:16.0243 0x1050  KiesPDLR - ok
23:58:16.0275 0x1050  [ BA7D51208ED1A5F2DAB4894C9717CBBD, 0341CC07EEEDB598F0EC68E1FE250F3FD73C099198B364E5877D5535D25BE26B ] C:\Program Files\Sandboxie\SbieCtrl.exe
23:58:16.0290 0x1050  SandboxieControl - ok
23:58:16.0290 0x1050  Waiting for KSN requests completion. In queue: 74
23:58:17.0304 0x1050  Waiting for KSN requests completion. In queue: 74
23:58:18.0318 0x1050  Waiting for KSN requests completion. In queue: 74
23:58:19.0332 0x1050  Waiting for KSN requests completion. In queue: 74
23:58:20.0346 0x1050  Waiting for KSN requests completion. In queue: 74
23:58:21.0360 0x1050  AV detected via SS2: Bitdefender Antivirus Free Edition, C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe ( 1.0.21.1099 ), 0x41000 ( enabled : updated )
23:58:21.0360 0x1050  Win FW state via NFP2: enabled
23:58:25.0044 0x1050  ============================================================
23:58:25.0044 0x1050  Scan finished
23:58:25.0044 0x1050  ============================================================
23:58:25.0044 0x0958  Detected object count: 0
23:58:25.0044 0x0958  Actual detected object count: 0
23:59:51.0002 0x0354  Deinitialize success

ASWMBR results:

 

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-04-14 23:59:55
-----------------------------
23:59:55.164    OS Version: Windows x64 6.1.7601 Service Pack 1
23:59:55.164    Number of processors: 4 586 0x3A09
23:59:55.164    ComputerName: MOI-PC  UserName: MOI
23:59:55.773    Initialize success
23:59:55.788    VM: initialized successfully
23:59:55.788    VM: Intel CPU BiosDisabled 
01:07:57.430    AVAST engine defs: 15041400
01:11:43.891    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:11:43.892    Disk 0 Vendor: WDC_WD5000AAKX-001CA0 15.01H15 Size: 476940MB BusType: 11
01:11:43.893    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-5
01:11:43.894    Disk 1 Vendor: WDC_WD1600AABS-00PRA0 05.06H05 Size: 152626MB BusType: 11
01:11:43.896    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2
01:11:43.897    Disk 2 Vendor: WDC_WD10EADS-00M2B0 01.00A01 Size: 953868MB BusType: 11
01:11:43.899    Disk 3  \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T0L0-3
01:11:43.901    Disk 3 Vendor: WDC_WD1600AVBS-63SVA0 05.06H05 Size: 152626MB BusType: 11
01:11:43.903    Disk 4  \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP1T0L0-1
01:11:43.904    Disk 4 Vendor: WDC_WD10EZEX-60M2NA0 01.01A01 Size: 953869MB BusType: 11
01:11:44.007    Disk 0 MBR read successfully
01:11:44.010    Disk 0 MBR scan
01:11:44.014    Disk 0 Windows 7 default MBR code
01:11:44.016    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
01:11:44.019    Disk 0 Boot: NTFS     code=2
01:11:44.029    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       102400 MB offset 206848
01:11:44.046    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       374438 MB offset 209922048
01:11:44.069    Disk 0 scanning C:\Windows\system32\drivers
01:11:53.803    Service scanning
01:11:56.373    Service bdfwfpf C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys **LOCKED** 5
01:12:12.873    Modules scanning
01:12:12.873    Disk 0 trace - called modules:
01:12:12.889    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
01:12:12.889    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078c7060]
01:12:12.889    3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80075d4680]
01:12:13.701    AVAST engine scan C:\Windows
01:12:19.280    AVAST engine scan C:\Windows\system32
01:14:47.565    AVAST engine scan C:\Windows\system32\drivers
01:15:00.415    AVAST engine scan C:\Users\MOI
01:16:16.362    Disk 0 MBR has been saved successfully to "C:\Users\MOI\Desktop\MBR.dat"
01:16:16.362    The log file has been saved successfully to "C:\Users\MOI\Desktop\aswMBR.txt"
01:22:38.929    AVAST engine scan C:\ProgramData
01:24:37.778    Disk 0 statistics 4625717/0/0 @ 3.73 MB/s
01:24:37.782    Scan finished successfully
01:28:44.029    Disk 0 MBR has been saved successfully to "C:\Users\MOI\Desktop\MBR.dat"
01:28:44.031    The log file has been saved successfully to "C:\Users\MOI\Desktop\aswMBR.txt"


MBR.dat is attached to this post.

and a fresh FRST scan+Addition

FRST.TXT
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015
Ran by MOI (administrator) on MOI-PC on 15-04-2015 01:29:13
Running from C:\Users\MOI\Desktop
Loaded Profiles: MOI (Available profiles: MOI & FL2-MAN)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files (x86)\BitdefenderBandwidthFix\BitdefenderBandwidthFix.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
() E:\Programs\CPU-Z\Core Temp.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(SeriousBit) C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Slackerhome Productions) C:\Users\MOI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Better DS3.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch.exe
() E:\Programs\RBTray\64bit\RBTray.exe
(Murray Hurps Software Pty Ltd) C:\Program Files (x86)\Ad Muncher\AdMunch64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(www.BitComet.com) C:\Program Files\BitComet\BitComet.exe
(www.BitComet.com) C:\Program Files\BitComet\tools\BitCometService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad Muncher] => C:\Program Files (x86)\Ad Muncher\AdMunch.exe [560760 2015-03-14] (Murray Hurps Software Pty Ltd)
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\\OscarEditor.exe [3536896 2010-12-24] ()
HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\Run: [OscarKeyboard] => C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe [3536896 2010-12-24] ()
HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\Run: [KiesHelper] => C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [928656 2011-04-14] (Samsung)
HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3373968 2011-04-14] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\Run: [KiesPDLR] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [19872 2011-04-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
Startup: C:\Users\FL2-MAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
Startup: C:\Users\MOI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Better DS3.exe (Slackerhome Productions)
Startup: C:\Users\MOI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RBTray.exe - Shortcut.lnk
ShortcutTarget: RBTray.exe - Shortcut.lnk -> E:\Programs\RBTray\64bit\RBTray.exe ()
Startup: C:\Users\MOI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-630149823-2377076548-582725754-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-08-20] (Internet Download Manager, Tonec Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-07] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-07] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-08-20] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10] (Adobe Systems Incorporated)
BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2011-04-11] (BitComet)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\..\Interfaces\{961F65A3-8AA1-4202-8669-69DA03F45BC1}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\MOI\AppData\Roaming\Mozilla\Firefox\Profiles\sgambccf.default
FF Homepage: hxxp://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-17] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-07] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-17] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-630149823-2377076548-582725754-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MOI\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS)
FF Extension: Avira Browser Safety - C:\Users\MOI\AppData\Roaming\Mozilla\Firefox\Profiles\sgambccf.default\Extensions\abs@avira.com [2015-04-01]
FF Extension: Test Pilot - C:\Users\MOI\AppData\Roaming\Mozilla\Firefox\Profiles\sgambccf.default\Extensions\testpilot@labs.mozilla.com.xpi [2014-08-09]
FF HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\MOI\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\MOI\AppData\Roaming\IDM\idmmzcc5 [2014-08-31]
FF HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\MOI\AppData\Roaming\IDM\idmmzcc5

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com", "hxxp://www.google.com/"
CHR Profile: C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-08-07]
CHR Extension: (Entanglement Web App) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-08-07]
CHR Extension: (Google Drive) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-07]
CHR Extension: (Web Developer) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2014-08-07]
CHR Extension: (YouTube) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-07]
CHR Extension: (History 2) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp [2014-08-07]
CHR Extension: (Adblock Plus) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-07]
CHR Extension: (Google Search) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-07]
CHR Extension: (Tampermonkey) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-08-07]
CHR Extension: (Simple Facebook) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\fehonfajapnkdlogkffeemjoninangkk [2014-08-07]
CHR Extension: (IDM Integration Module) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-08-31]
CHR Extension: (Hangouts) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2014-11-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Better Youtube History) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\lleajdkalfbohpinoaekajagdefaeckd [2014-08-07]
CHR Extension: (Hangouts) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-10-10]
CHR Extension: (Your Quality for YouTube™) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfcilgimggemnogfigihdkmapdhhlbph [2014-12-15]
CHR Extension: (Google Wallet) - C:\Users\MOI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-07]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-08-28]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-08-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com)
S3 EvoSvc; C:\Program Files (x86)\Evolve\EvoSvc.exe [1581440 2015-03-08] (Echobit LLC)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [614624 2014-11-25] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MUTESV_SERVICE; C:\Program Files\ASTER-V7\mutesv.exe [8704 2010-09-01] () [File not signed]
R2 NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [128776 2015-01-29] (SeriousBit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-07-01] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-18] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 ASUSstpt; C:\Windows\System32\DRIVERS\ASUSstpt.sys [24648 2011-09-15] (MCCI Corporation)
S3 ASUSumsc; C:\Windows\System32\DRIVERS\ASUSumsc.sys [141896 2011-09-15] (MCCI Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2015-03-20] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2009-02-10] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-08] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 MUTENX_SERVICE; C:\Windows\System32\DRIVERS\mutenx.sys [67728 2010-09-02] () [File not signed]
R1 nbdrv; C:\Windows\System32\DRIVERS\nbdrv.sys [41392 2013-11-25] (SeriousBit)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [202560 2011-02-18] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [25592 2015-01-13] (Windows (R) Win 7 DDK provider)
R3 ALSysIO; \??\C:\Users\MOI\AppData\Local\Temp\ALSysIO64.sys [X]
U3 aswMBR; \??\C:\Users\MOI\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\MOI\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 01:29 - 2015-04-15 01:29 - 00023123 _____ () C:\Users\MOI\Desktop\FRST.txt
2015-04-15 01:28 - 2015-04-15 01:28 - 00003101 _____ () C:\Users\MOI\Desktop\aswMBR.txt
2015-04-15 01:28 - 2015-04-15 01:28 - 00000512 _____ () C:\Users\MOI\Desktop\MBR.dat
2015-04-14 23:57 - 2015-04-14 23:57 - 05198336 _____ (AVAST Software) C:\Users\MOI\Desktop\aswMBR.exe
2015-04-14 23:55 - 2015-04-14 23:55 - 02096640 _____ (Farbar) C:\Users\MOI\Desktop\FRST64.exe
2015-04-14 23:54 - 2015-04-14 23:54 - 00000000 ____D () C:\Users\MOI\Desktop\tdsskiller
2015-04-14 23:53 - 2015-04-14 23:53 - 04176437 _____ () C:\Users\MOI\Desktop\tdsskiller.zip
2015-04-13 21:24 - 2015-04-13 21:24 - 00349048 _____ () C:\Windows\Minidump\041315-24804-01.dmp
2015-04-13 18:06 - 2015-04-13 18:06 - 00000828 _____ () C:\Users\MOI\Desktop\Nora 2.0.lnk
2015-04-13 16:41 - 2015-04-13 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy GIF Animator
2015-04-13 16:41 - 2015-04-13 16:41 - 00000000 ____D () C:\Program Files (x86)\Easy GIF Animator
2015-04-13 11:48 - 2015-04-13 11:48 - 00001084 _____ () C:\Users\MOI\Desktop\Ultra Street Fighter IV.lnk
2015-04-12 18:02 - 2015-04-12 18:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-09 23:41 - 2015-04-09 23:41 - 00405768 _____ () C:\Windows\Minidump\040915-22682-01.dmp
2015-04-09 23:21 - 2015-04-09 23:21 - 00321504 _____ () C:\Windows\Minidump\040915-22074-01.dmp
2015-04-09 23:08 - 2015-04-09 23:08 - 00355064 _____ () C:\Windows\Minidump\040915-22058-01.dmp
2015-04-09 22:06 - 2015-04-09 22:06 - 00318136 _____ () C:\Windows\Minidump\040915-24055-01.dmp
2015-04-09 22:00 - 2015-04-09 22:00 - 00391392 _____ () C:\Windows\Minidump\040915-23072-01.dmp
2015-04-09 19:14 - 2015-04-09 23:30 - 00000000 ____D () C:\Users\MOI\Documents\FIFA 15
2015-04-09 19:13 - 2015-04-09 19:13 - 00000974 _____ () C:\Users\Public\Desktop\FIFA 15 Ultimate Team Edition.lnk
2015-04-09 18:49 - 2015-04-09 18:49 - 00003208 _____ () C:\Windows\System32\Tasks\Steam_x64-S-2-106-91
2015-04-09 18:40 - 2015-04-09 18:40 - 00329304 _____ () C:\Windows\Minidump\040915-21886-01.dmp
2015-04-09 17:08 - 2015-04-09 17:09 - 00390336 _____ () C:\Windows\Minidump\040915-22822-01.dmp
2015-04-06 21:01 - 2015-04-06 21:01 - 00001154 _____ () C:\Users\MOI\Desktop\Wolfenstein - The New Order.lnk
2015-04-06 21:01 - 2015-04-06 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2015-04-06 11:48 - 2015-04-06 11:48 - 00000959 _____ () C:\Users\Public\Desktop\Pillars of Eternity.lnk
2015-04-03 18:30 - 2015-04-03 18:31 - 00318192 _____ () C:\Windows\Minidump\040315-19390-01.dmp
2015-04-03 18:27 - 2015-04-03 18:27 - 00318128 _____ () C:\Windows\Minidump\040315-18064-01.dmp
2015-04-03 18:23 - 2015-04-13 21:24 - 789520837 _____ () C:\Windows\MEMORY.DMP
2015-04-03 02:15 - 2015-04-03 02:21 - 34760917 _____ () C:\Users\MOI\Downloads\Let's Create! Pottery v1.50 apkmania.com.rar
2015-03-28 14:17 - 2015-03-28 14:17 - 00000812 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ibb and Obb.lnk
2015-03-28 14:17 - 2015-03-28 14:17 - 00000800 _____ () C:\Users\Public\Desktop\Ibb and Obb.lnk
2015-03-28 14:16 - 2015-03-28 14:26 - 00000000 ____D () C:\Program Files (x86)\Ibb and Obb
2015-03-28 05:39 - 2015-03-28 05:39 - 00000000 ____D () C:\Users\FL2-MAN\AppData\Roaming\Steam
2015-03-28 04:50 - 2015-03-28 04:50 - 00000000 ___RD () C:\Users\FL2-MAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-27 11:03 - 2015-03-27 11:03 - 00000000 ____D () C:\Users\MOI\AppData\Roaming\MotioninJoy
2015-03-27 11:03 - 2015-03-27 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2015-03-27 11:03 - 2015-03-27 11:03 - 00000000 ____D () C:\Program Files\MotioninJoy
2015-03-27 11:03 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2015-03-27 11:03 - 2011-12-07 19:42 - 00074960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb21.sys
2015-03-27 10:23 - 2015-03-27 11:35 - 00000000 ____D () C:\Users\MOI\AppData\Local\Ori and the Blind Forest
2015-03-27 10:10 - 2015-03-27 10:10 - 00000804 _____ () C:\Users\MOI\Desktop\Ori and the Blind Forest.lnk
2015-03-27 10:10 - 2015-03-27 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ori and the Blind Forest
2015-03-25 17:43 - 2015-04-06 09:13 - 246947128 _____ () C:\Users\MOI\Desktop\Final.psd
2015-03-20 15:19 - 2015-03-22 09:51 - 00000000 ____D () C:\Users\MOI\Documents\FIFA 155
2015-03-20 15:13 - 2015-03-20 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15 Ultimate Team Edition
2015-03-20 14:49 - 2015-03-20 14:49 - 00000000 ____D () C:\ProgramData\bdch
2015-03-20 06:13 - 2015-03-20 06:13 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 01:29 - 2014-10-31 19:41 - 00000000 ____D () C:\FRST
2015-04-15 01:29 - 2014-08-07 21:30 - 00000000 ____D () C:\Users\MOI\AppData\Roaming\BitComet
2015-04-15 00:55 - 2015-02-06 09:50 - 00000842 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d041e18e76e6c1.job
2015-04-15 00:49 - 2014-08-07 20:45 - 00000842 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 23:54 - 2014-11-02 18:56 - 00007606 _____ () C:\Users\MOI\AppData\Local\Resmon.ResmonCfg
2015-04-14 23:25 - 2009-07-14 06:45 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-14 23:25 - 2009-07-14 06:45 - 00023632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-14 23:22 - 2014-08-07 18:01 - 01825868 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 23:19 - 2015-02-06 09:50 - 00000838 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d041e18d451906.job
2015-04-14 23:19 - 2014-09-01 07:28 - 00114536 _____ () C:\Windows\setupact.log
2015-04-14 23:18 - 2014-08-07 21:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-14 23:18 - 2014-08-07 20:45 - 00000838 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 23:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 21:24 - 2014-08-31 20:49 - 00000000 ____D () C:\Windows\Minidump
2015-04-13 21:24 - 2014-08-23 18:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-13 18:00 - 2014-11-08 01:45 - 00000132 _____ () C:\Users\MOI\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-04-13 16:38 - 2014-12-09 13:50 - 00000000 ____D () C:\Users\MOI\AppData\Local\Windows Live
2015-04-13 16:16 - 2014-08-10 15:32 - 00000000 ____D () C:\Users\MOI\AppData\Local\Adobe
2015-04-13 12:09 - 2015-03-08 02:36 - 00000000 ____D () C:\Users\MOI\AppData\Roaming\Tunngle
2015-04-13 12:09 - 2015-03-08 02:36 - 00000000 ____D () C:\ProgramData\Tunngle
2015-04-11 14:59 - 2014-08-08 09:08 - 00000000 ____D () C:\Users\MOI\AppData\Local\CrashDumps
2015-04-11 03:34 - 2014-08-08 09:30 - 00686794 _____ () C:\Windows\system32\perfh00C.dat
2015-04-11 03:34 - 2014-08-08 09:30 - 00483214 _____ () C:\Windows\system32\perfh001.dat
2015-04-11 03:34 - 2014-08-08 09:30 - 00131424 _____ () C:\Windows\system32\perfc00C.dat
2015-04-11 03:34 - 2014-08-08 09:30 - 00096148 _____ () C:\Windows\system32\perfc001.dat
2015-04-11 03:34 - 2009-07-14 07:13 - 02172350 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-09 19:03 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-08 21:02 - 2009-07-14 06:45 - 04990808 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-08 04:03 - 2015-01-06 21:45 - 00000000 ____D () C:\Games
2015-04-06 23:54 - 2014-08-29 05:17 - 00000000 ____D () C:\Users\MOI\AppData\Roaming\DMCache
2015-04-06 23:50 - 2014-08-29 05:17 - 00000000 ____D () C:\Users\MOI\Downloads\Compressed
2015-04-06 14:35 - 2014-11-08 06:27 - 00000000 ____D () C:\Users\MOI\Screenshots
2015-04-06 14:35 - 2014-10-08 07:36 - 00000000 ____D () C:\Users\MOI\Movies
2015-04-06 11:48 - 2014-09-15 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-04-04 14:58 - 2014-08-07 20:43 - 00121888 _____ () C:\Users\MOI\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-03 18:36 - 2014-08-07 20:51 - 00000000 ____D () C:\Users\MOI\Documents\Bluetooth Folder
2015-04-03 18:23 - 2015-02-16 18:30 - 00000000 ____D () C:\Windows\USB Vibration
2015-04-03 18:23 - 2014-09-03 17:44 - 00186188 _____ () C:\Windows\PFRO.log
2015-04-01 19:02 - 2014-08-07 20:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-01 19:00 - 2014-08-08 06:35 - 00000000 ____D () C:\Program Files (x86)\USB Vibration
2015-03-30 04:27 - 2014-08-12 23:40 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2015-03-28 05:51 - 2014-11-29 03:50 - 00003418 _____ () C:\Windows\Sandboxie.ini
2015-03-28 05:50 - 2015-02-04 01:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-03-28 04:59 - 2014-10-04 14:39 - 00000000 ____D () C:\Users\FL2-MAN\AppData\Local\CrashDumps
2015-03-27 12:11 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-23 13:45 - 2015-01-28 07:01 - 00357990 _____ () C:\Users\MOI\fightcade.log
2015-03-23 13:45 - 2015-01-28 07:01 - 00001207 _____ () C:\Users\MOI\ggpo-ng.ini
2015-03-23 13:41 - 2015-01-28 07:01 - 00425836 _____ () C:\Users\MOI\fightcade-debug.log
2015-03-23 13:36 - 2015-01-28 07:11 - 00006588 _____ () C:\Users\MOI\ggpofba-ng.bkp.ini
2015-03-20 14:25 - 2014-10-01 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fox Interactive
2015-03-20 05:57 - 2014-11-01 04:35 - 00000000 ____D () C:\Users\MOI\AppData\Roaming\abgx360
2015-03-18 19:52 - 2009-07-14 09:45 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-17 13:54 - 2014-08-10 01:08 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-17 13:54 - 2014-08-10 01:08 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-11-08 01:45 - 2015-04-13 18:00 - 0000132 _____ () C:\Users\MOI\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-08-10 16:21 - 2014-08-27 19:27 - 0007168 _____ () C:\Users\MOI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-17 07:15 - 2015-02-19 13:46 - 1065984 _____ () C:\Users\MOI\AppData\Local\file__0.localstorage
2014-11-02 18:56 - 2015-04-14 23:54 - 0007606 _____ () C:\Users\MOI\AppData\Local\Resmon.ResmonCfg
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\MOI\AppData\Local\setup.txt
2014-08-08 05:12 - 2014-08-08 05:12 - 0047340 _____ () C:\ProgramData\1407467490.bdinstall.bin
2014-08-08 05:37 - 2014-08-08 05:37 - 0048455 _____ () C:\ProgramData\1407469028.bdinstall.bin
2014-08-08 05:49 - 2014-08-08 05:49 - 0300981 _____ () C:\ProgramData\1407469293.bdinstall.bin
2014-08-08 12:56 - 2014-08-08 12:56 - 0037634 _____ () C:\ProgramData\1407495365.bdinstall.bin
2014-08-08 12:58 - 2014-08-08 12:58 - 0097504 _____ () C:\ProgramData\1407495366.bdinstall.bin
2014-10-31 07:13 - 2014-10-31 07:13 - 0044403 _____ () C:\ProgramData\1414732410.bdinstall.bin
2014-10-31 07:14 - 2014-10-31 07:14 - 0040626 _____ () C:\ProgramData\1414732454.2776.bin
2014-10-31 07:14 - 2014-10-31 07:14 - 0002151 _____ () C:\ProgramData\1414732454.5280.bin
2014-10-31 07:17 - 2014-10-31 07:18 - 0004736 _____ () C:\ProgramData\1414732634.4140.bin
2014-10-31 07:17 - 2014-10-31 07:19 - 0009054 _____ () C:\ProgramData\1414732634.4360.bin
2014-10-31 07:17 - 2014-10-31 07:18 - 0013698 _____ () C:\ProgramData\1414732634.4624.bin
2014-10-31 07:17 - 2014-10-31 07:18 - 0047648 _____ () C:\ProgramData\1414732634.5076.bin
2014-10-31 07:18 - 2014-10-31 07:18 - 0009193 _____ () C:\ProgramData\1414732634.5276.bin
2014-10-31 07:18 - 2014-10-31 07:18 - 0002152 _____ () C:\ProgramData\1414732634.5280.bin
2014-10-31 07:18 - 2014-10-31 07:18 - 0004486 _____ () C:\ProgramData\1414732634.5288.bin
2014-10-31 07:21 - 2014-10-31 07:21 - 0103251 _____ () C:\ProgramData\1414732886.bdinstall.bin
2014-10-31 07:21 - 2014-10-31 07:21 - 0104246 _____ () C:\ProgramData\1414732904.bdinstall.bin
2014-11-01 16:56 - 2014-11-01 16:56 - 0169432 _____ () C:\ProgramData\1414853740.bdinstall.bin

Files to move or delete:
====================
C:\Users\MOI\fraps.exe
C:\Users\MOI\fraps32.dll
C:\Users\MOI\fraps64.dat
C:\Users\MOI\fraps64.dll
C:\Users\MOI\frapslcd.dll
C:\Users\MOI\uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> testsigning is on. Check for possible unsigned rootkit driver <===== ATTENTION!


LastRegBack: 2015-04-14 20:52

==================== End Of Log ============================

ADDITION.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2015
Ran by MOI at 2015-04-15 01:29:43
Running from C:\Users\MOI\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"FORCED" (HKLM-x32\...\{73EB236C-65E8-4F85-A391-CEC85B1C478E}_is1) (Version: 4.2.1.11687 - )
"Transistor" (HKLM-x32\...\{28562D01-4A0D-403C-A1BE-4135AA8D8F30}_is1) (Version: 1.25992.0.0 (Update 3) - )
«Wolfenstein - The New Order» 1.0.0.2 (HKLM-x32\...\«Wolfenstein - The New Order»_is1) (Version: 1.0.0.2 - Bethesda Softworks)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.4 - )
3DMark (HKLM-x32\...\{7330098c-3669-4f39-9e82-4221d489db39}) (Version: 1.4.828.0 - Futuremark)
3DMark (Version: 1.4.828.0 - Futuremark) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
Acoustica Mixcraft 6 (HKLM-x32\...\Acoustica Mixcraft 6) (Version: b216 - Acoustica)
Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
Ad Muncher v4.94.34121 (Free)  (HKLM-x32\...\Ad Muncher) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AnatronicaFree (HKLM-x32\...\AnatronicaFree) (Version:  - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)
ASTER-V7 (HKLM\...\{FAE1618B-B66C-48B4-B183-7553B9FB0B38}) (Version: 1.0.0 - IBIK)
AutoHotkey 1.1.09.04 (HKLM\...\AutoHotkey) (Version: 1.1.09.04 - Lexikos)
BitComet 1.36 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.36 - CometNetwork)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
BitdefenderBandwidthFix version 0.1 (HKLM-x32\...\{5148D5C8-FDA4-4F30-809C-787E029BCC24}_is1) (Version: 0.1 - JoshY and The Bitdefender Community)
Blender (HKLM\...\Blender) (Version: 2.63-release - Blender Foundation)
BloodRayne Betrayal (HKLM-x32\...\BloodRayne Betrayal_is1) (Version:  - )
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Blur(TM) (HKLM-x32\...\InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}) (Version: 1.00.0000 - Activision)
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
COWON Media Center - jetAudio Basic VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.14 - COWON)
CPUID CPU-Z 1.61.2 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectVobSub 2.41.6609 (HKLM-x32\...\vsfilter_is1) (Version: 2.41.6609 - MPC-HC Team)
Easy GIF Animator 6.1 (HKLM-x32\...\Easy GIF Animator_is1) (Version: Easy GIF Animator 6.0 - Karlis Blumentals)
EVGA PrecisionX 16 (HKLM-x32\...\{D99289E6-A66A-4D27-A3E0-EC726A7BC82D}) (Version: 5.3.0 - EVGA Corporation)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.11 - Echobit, LLC)
FIFA 15 Ultimate Team Edition (HKLM-x32\...\FIFA 15 Ultimate Team Edition_is1) (Version: 1.4.0.0 - Релиз от R.G. Steamgames)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{03856D3F-DDDC-4C9A-9202-36529D21D94C}) (Version: 4.32.483.0 - Futuremark)
Gauntlet (HKLM-x32\...\Gauntlet_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Geeks3D FurMark 1.15.1.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Horizon v2.7.9.0 (HKLM-x32\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.9.0 - Daring Development Inc.)
Hotline Miami (HKLM-x32\...\GOGPACKHOTLINEMIAMI_is1) (Version: 2.0.0.4 - GOG.com)
Ibb and Obb (HKLM-x32\...\SWJiYW5kT2Ji_is1) (Version: 1 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iWisoft Free Video Converter 1.2 (HKLM-x32\...\iWisoft Free Video Converter_is1) (Version: 1.2 - www.easy-video-converter.com)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
K-Lite Codec Pack 10.6.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
Lethal League v1.0.0.0 (HKLM-x32\...\Lethal League_is1) (Version: v1.0.0.0 - )
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.5.1 - Hermann Schinagl)
Lone Survivor - The Director's Cut (HKLM-x32\...\GOGPACKLONESURVIVORDC_is1) (Version: 2.0.0.2 - GOG.com)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
MegaDownloader 0.92 (HKLM\...\{C12C2297-65A4-4E64-9AE1-29F0D947FDA0}}_is1) (Version: 0.92 - Andres_age)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60830 (HKLM\...\{122B909F-9DCF-360E-91E7-0679E033FBE1}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60830 (HKLM\...\{083808D6-6235-37A8-82C1-98D226EB681F}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60830 (HKLM-x32\...\{F68B404C-0E04-337F-A132-796508EE337A}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60830 (HKLM-x32\...\{50AF8559-F490-381F-A6E7-06A07DE227DC}) (Version: 11.0.60830 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Nation Red (HKLM-x32\...\Nation Red_is1) (Version:  - )
NetBalancer (HKLM\...\NetBalancer_is1) (Version:  - SeriousBit)
Nidhogg v1.004 (HKLM-x32\...\TmlkaG9nZ3YxMDA0_is1) (Version: 1 - )
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN 2.2.1 (HKLM-x32\...\OpenVPN) (Version: 2.2.1 - )
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_is1) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
Pillars of Eternity Kickstarter Item (HKLM-x32\...\Pillars of Eternity Kickstarter Item_is1) (Version: 2.0.0.1 - GOG.com)
Pillars of Eternity Kickstarter Pet (HKLM-x32\...\Pillars of Eternity Kickstarter Pet_is1) (Version: 2.0.0.1 - GOG.com)
Pocket Tanks Deluxe version 1.6 (HKLM-x32\...\{392A7927-CD80-4C42-9368-EC69313F1CB1}_is1) (Version: 1.6 - BlitWise Productions LLC)
QuickSFV (HKLM\...\{89B56CFC-0270-4ACF-8BF1-048251FD9E08}) (Version: 3.0.0 - Totally Useful Software, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.0.0.11042_28 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.0.0.11042_28 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.2250.0 - SAMSUNG Electronics Co., Ltd.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Shadow Of Mordor version Shadow Of Mordor (HKLM-x32\...\Shadow Of Mordor_is1) (Version: Shadow Of Mordor - )
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Spec Ops The Line (HKLM-x32\...\Spec Ops The Line_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Super Street Fighter IV: Arcade Edition (HKLM-x32\...\GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}) (Version: 1.0.0000.129 - CAPCOM U.S.A., INC)
Super Street Fighter IV: Arcade Edition (x32 Version: 1.0.0000.129 - CAPCOM U.S.A., INC) Hidden
SUPER STREET FIGHTER IV: ARCADE EDITION (x32 Version: 1.0.0004.129 - CAPCOM U.S.A., INC) Hidden
Team Fortress 2 (HKLM-x32\...\Team Fortress 2_is1) (Version: 1.1.5.8 - Valve Corporation)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The Evil Within version The Evil Within (HKLM-x32\...\The Evil Within_is1) (Version: The Evil Within - )
The King Of Fighters XIII (HKLM-x32\...\VGhlS2luZ09mRmlnaHRlcnNYSUlJ_is1) (Version: 1 - )
The King of Fighters XIII Update v1.1c (HKLM-x32\...\VGhlS2luZ29mRmlnaHRlcnNYSUlJ_is1) (Version: 1 - )
TriDef 3D (AOC Monitor) 1.2.1 (HKLM-x32\...\experience-aoc-mon-bundle) (Version: 1.2.1 - Dynamic Digital Depth Australia Pty Ltd)
Tunngle version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Twin USB Gamepad (HKLM-x32\...\{0AD1F05D-15F6-476D-A3BE-E3D5E3E0E023}) (Version: 1.00.0000 - yanglx)
UltraISO Premium V9.33 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.1 - Unified Intents AB)
Unity Web Player (HKU\S-1-5-21-630149823-2377076548-582725754-1000\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
X7 Oscar Keyboard Editor (HKLM-x32\...\InstallShield_{705D6406-AA83-4BBD-8036-EEB4A1F69B5B}) (Version: 10.12.0004 - A4TECH)
X7 Oscar Keyboard Editor (x32 Version: 10.12.0004 - A4TECH) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-630149823-2377076548-582725754-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Restore Points  =========================

08-04-2015 22:39:21 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-02-05 03:09 - 00000904 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {503DA1FC-C5E6-4FED-8CDA-4AFE2E23A96F} - System32\Tasks\{6FDCE03E-1120-4E17-8424-9D1C6BC91CD1} => pcalua.exe -a "E:\GAMES\Sources\Fighting\Guilty Gear X2 - PC Rip by Freeman G Ripper\setup.exe" -d "E:\GAMES\Sources\Fighting\Guilty Gear X2 - PC Rip by Freeman G Ripper"
Task: {512F41BB-A142-4196-BC8E-1721C0CB14D1} - System32\Tasks\EVGAPrecisionX => C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe [2015-02-03] (EVGA Corp.)
Task: {7151FF44-5C6F-4F29-84FE-D2B7A1EB01F5} - System32\Tasks\BitdefenderBandwidthFix => C:\Program Files (x86)\BitdefenderBandwidthFix\BitdefenderBandwidthFix.exe [2013-03-29] ()
Task: {73C2583E-0A81-42AA-BE14-35A6E6554162} - System32\Tasks\AdobeAAMUpdater-1.0-MOI-PC-MOI => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {856F5CBB-3796-47F8-9A81-C9C38B021AB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {86D18315-6738-44A7-8300-782CC2FE1061} - System32\Tasks\GoogleUpdateTaskMachineCore1d041e18d451906 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {95817E62-EAA6-4FE1-B4E3-3E8C3E7DC71D} - System32\Tasks\Core Temp Autostart MOI => E:\Programs\CPU-Z\Core Temp.exe [2010-08-29] ()
Task: {B478E1B6-D38B-4014-B2AC-14262D99A054} - System32\Tasks\{563AA775-A7E6-4104-9F2A-6E4D8264F9EC} => pcalua.exe -a "E:\Programs\Clean Sweep!\Bitdefender free 14\Bitdefender_Installer\install\setuplauncher.exe" -d "E:\Programs\Clean Sweep!\Bitdefender free 14\Bitdefender_Installer\install"
Task: {BB4AD7ED-C007-47E9-96E2-C65257C23AFF} - System32\Tasks\GoogleUpdateTaskMachineUA1d041e18e76e6c1 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: {C34A95E9-CDC7-4636-980E-5392283E2A1F} - System32\Tasks\{93673D05-C7EA-4248-A6BE-D4A2ADF5357C} => pcalua.exe -a "J:\Container\PC\Dead Rising 3 - Apocalypse Edition (2014)_RePack by XLASER\Redist\DirectX.exe" -d "J:\Container\PC\Dead Rising 3 - Apocalypse Edition (2014)_RePack by XLASER\Redist"
Task: {D7CDE1D4-D24F-4BD4-B856-DCE47FCF5979} - System32\Tasks\{1F00B167-CF5C-4DB1-9392-D57E2303CFDA} => pcalua.exe -a "C:\Program Files (x86)\Samsung\Kies\KiesDriverInstaller.exe" -d "C:\Program Files (x86)\Samsung\Kies"
Task: {DF665AF2-9E24-4B2A-9993-10AA9C6ED57E} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\MOI\AppData\Roaming\Unity\CODEXi\Steam [2015-03-12] () <==== ATTENTION
Task: {FA67FDEA-9DB6-4B9F-9B8B-B52EA4039A46} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-14] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d041e18d451906.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d041e18e76e6c1.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-01 16:55 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-11-01 16:55 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-11-14 01:54 - 2013-03-29 20:48 - 00009216 _____ () C:\Program Files (x86)\BitdefenderBandwidthFix\BitdefenderBandwidthFix.exe
2014-08-07 21:26 - 2015-02-05 21:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-13 10:36 - 2011-06-13 10:36 - 00922240 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
2015-01-02 04:56 - 2011-10-30 15:02 - 00038912 _____ () E:\Programs\RBTray\64bit\RBHook.dll
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2015-02-13 08:37 - 2015-02-13 08:37 - 00217864 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\SeriousBit.NetBalancer.DeskBand\v4.0_1.0.0.0__ce1333cc798c13ee\SeriousBit.NetBalancer.DeskBand.dll
2010-09-07 08:37 - 2010-08-29 15:06 - 00538640 _____ () E:\Programs\CPU-Z\Core Temp.exe
2010-12-02 04:15 - 2010-12-02 04:15 - 00915584 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
2014-08-07 21:45 - 2010-10-21 11:52 - 00586880 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2015-02-13 08:37 - 2015-01-29 15:32 - 00115712 _____ () C:\Program Files\NetBalancer\Events.dll
2015-02-13 08:37 - 2015-01-29 15:33 - 00217352 _____ () C:\Program Files\NetBalancer\PacketDotNet.dll
2015-02-13 08:37 - 2015-01-29 15:33 - 00031744 _____ () C:\Program Files\NetBalancer\BugReporting.dll
2014-09-18 05:15 - 2014-09-18 05:15 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-12-24 12:15 - 2010-12-24 12:15 - 03536896 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\OscarEditor.exe
2011-04-14 19:57 - 2011-04-14 19:57 - 00019872 _____ () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
2015-01-02 04:56 - 2011-10-30 15:02 - 00045568 _____ () E:\Programs\RBTray\64bit\RBTray.exe
2014-08-07 21:38 - 2015-04-14 23:18 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.14\PEbiosinterface32.dll
2014-08-07 21:38 - 2010-06-29 04:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.14\ATKEX.dll
2010-12-02 16:56 - 2010-12-02 16:56 - 00815104 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\OSD_Text\OSD_Text.dll
2010-10-11 09:13 - 2010-10-11 09:13 - 00087040 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_MouseDeviceManager.dll
2010-12-02 19:01 - 2010-12-02 19:01 - 00994304 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2010-12-28 09:25 - 2010-12-28 09:25 - 00900608 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\ProfileHint\ProfileHint.dll
2010-12-03 13:43 - 2010-12-03 13:43 - 00943104 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\Data\X7_Keyboard\Forms\KeySettingRemind\KeySettingRemind.dll
2010-09-20 13:18 - 2010-09-20 13:18 - 00085504 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_ZoomControl.dll
2010-09-20 13:18 - 2010-09-20 13:18 - 00054272 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_ScrollbarControl.dll
2010-09-20 13:19 - 2010-09-20 13:19 - 00062976 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-11-01 19:16 - 2010-11-01 19:16 - 00062976 _____ () C:\Program Files (x86)\X7 Oscar Keyboard Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2015-02-01 06:12 - 2015-02-01 06:12 - 00055816 _____ () C:\Users\MOI\AppData\Local\Temp\d0d94490-af44-4ddb-bc13-e620b29d93f9\CliSecureRT.dll
2004-09-30 19:09 - 2004-09-30 19:09 - 00155648 _____ () C:\Program Files\LinkShellExtension\32\RockallDLL.dll
2015-04-04 22:57 - 2015-03-30 23:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-04 22:56 - 2015-03-30 23:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-04 22:57 - 2015-03-30 23:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\MOI\Desktop\aswMBR.exe:BDU
AlternateDataStreams: C:\Users\MOI\Desktop\FRST64.exe:BDU

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-630149823-2377076548-582725754-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MOI\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ASUS AiChargerPlus Execute => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
MSCONFIG\startupreg: EvolveClient => "C:\Program Files (x86)\Evolve\EvolveClient.exe" -autorun
MSCONFIG\startupreg: NetBalancer => C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-630149823-2377076548-582725754-500 - Administrator - Disabled)
FL2-MAN (S-1-5-21-630149823-2377076548-582725754-1002 - Administrator - Enabled) => C:\Users\FL2-MAN
Guest (S-1-5-21-630149823-2377076548-582725754-501 - Limited - Enabled)
MOI (S-1-5-21-630149823-2377076548-582725754-1000 - Administrator - Enabled) => C:\Users\MOI

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: {8ecc055d-047f-11d1-a537-0000f8753ed1}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2015 10:45:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WolfNewOrder_x64.exe version 1.0.0.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ac4

Start Time: 01d0762aae87e4ad

Termination Time: 401

Application Path: G:\My New Super Games\R.G. Catalyst\Wolfenstein - The New Order\WolfNewOrder_x64.exe

Report Id: 1017ba9d-e21e-11e4-8dcb-c8600024f3a8

Error: (04/12/2015 08:28:47 PM) (Source: NetBalancer 8.5.4 150129.1532) (EventID: 0) (User: )
Description: System.Net.WebException: The operation has timed out
   at System.Net.HttpWebRequest.GetResponse()
   at ey.b()

Error: (04/11/2015 02:59:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ggxxnet_config.exe, version: 0.0.0.0, time stamp: 0x47ae877e
Faulting module name: ggxxnet_config.exe, version: 0.0.0.0, time stamp: 0x47ae877e
Exception code: 0xc0000005
Fault offset: 0x00002a70
Faulting process id: 0xebc
Faulting application start time: 0xggxxnet_config.exe0
Faulting application path: ggxxnet_config.exe1
Faulting module path: ggxxnet_config.exe2
Report Id: ggxxnet_config.exe3

Error: (04/10/2015 09:28:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ggxx (english).exe, version: 1.0.0.1, time stamp: 0x40e6a172
Faulting module name: ggxx (english).exe, version: 1.0.0.1, time stamp: 0x40e6a172
Exception code: 0xc0000005
Fault offset: 0x000c79c6
Faulting process id: 0x1224
Faulting application start time: 0xggxx (english).exe0
Faulting application path: ggxx (english).exe1
Faulting module path: ggxx (english).exe2
Report Id: ggxx (english).exe3

Error: (04/09/2015 10:28:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsSysCtrlService.exe, version: 0.0.0.0, time stamp: 0x4cc00d4c
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0x0eedfade
Fault offset: 0x0000c42d
Faulting process id: 0x9f8
Faulting application start time: 0xAsSysCtrlService.exe0
Faulting application path: AsSysCtrlService.exe1
Faulting module path: AsSysCtrlService.exe2
Report Id: AsSysCtrlService.exe3

Error: (04/09/2015 09:54:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_shell32.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x1154
Faulting application start time: 0xrundll32.exe_shell32.dll0
Faulting application path: rundll32.exe_shell32.dll1
Faulting module path: rundll32.exe_shell32.dll2
Report Id: rundll32.exe_shell32.dll3

Error: (04/09/2015 09:53:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fifa15.exe, version: 1.4.0.0, time stamp: 0x545d6637
Faulting module name: fifa15.exe, version: 1.4.0.0, time stamp: 0x545d6637
Exception code: 0xc0000005
Fault offset: 0x0000000003c38706
Faulting process id: 0x1210
Faulting application start time: 0xfifa15.exe0
Faulting application path: fifa15.exe1
Faulting module path: fifa15.exe2
Report Id: fifa15.exe3

Error: (04/09/2015 09:52:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fifa15.exe, version: 1.4.0.0, time stamp: 0x545d6637
Faulting module name: fifa15.exe, version: 1.4.0.0, time stamp: 0x545d6637
Exception code: 0xc0000005
Fault offset: 0x0000000003c38706
Faulting process id: 0x89c
Faulting application start time: 0xfifa15.exe0
Faulting application path: fifa15.exe1
Faulting module path: fifa15.exe2
Report Id: fifa15.exe3

Error: (04/09/2015 09:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fifa15.exe, version: 1.4.0.0, time stamp: 0x545d6637
Faulting module name: fifa15.exe, version: 1.4.0.0, time stamp: 0x545d6637
Exception code: 0xc0000005
Fault offset: 0x0000000003c38706
Faulting process id: 0x12f0
Faulting application start time: 0xfifa15.exe0
Faulting application path: fifa15.exe1
Faulting module path: fifa15.exe2
Report Id: fifa15.exe3

Error: (04/09/2015 05:11:20 PM) (Source: NetBalancer Toolbar) (EventID: 0) (User: )
Description: Deskband exception: System.NullReferenceException: Object reference not set to an instance of an object.
   at SeriousBit.NetBalancer.DeskBand.BandForm.DrawGraph(Graphics g, Pen upPen, Pen downPen)
   at SeriousBit.NetBalancer.DeskBand.BandForm.DrawChart(Graphics g)
   at SeriousBit.NetBalancer.DeskBand.BandForm.DrawAnything()
   at SeriousBit.NetBalancer.DeskBand.BandForm.Show()
   at SeriousBit.NetBalancer.DeskBand.DeskBand.DeskBand_MouseEnter(Object sender, EventArgs e)


System errors:
=============
Error: (04/14/2015 11:16:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (04/14/2015 11:16:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (04/14/2015 11:16:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (04/14/2015 11:16:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (04/14/2015 11:16:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (04/14/2015 11:16:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (04/14/2015 11:15:07 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068

Error: (04/14/2015 11:15:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (04/14/2015 11:15:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068

Error: (04/14/2015 11:15:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-02-28 09:12:01.150
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mutenx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-28 09:12:01.087
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mutenx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-28 09:07:26.747
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mutenx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-28 09:07:26.684
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mutenx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-20 17:08:34.465
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\xusb21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-20 17:08:34.425
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\xusb21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-20 16:40:11.636
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\xusb21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-20 16:40:11.596
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\xusb21.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-05 23:56:56.506
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mutenx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-05 23:56:56.440
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mutenx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 37%
Total physical RAM: 8159.14 MB
Available physical RAM: 5097.82 MB
Total Pagefile: 16316.46 MB
Available Pagefile: 12647.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:100 GB) (Free:34.01 GB) NTFS
Drive e: (My Stuff) (Fixed) (Total:931.51 GB) (Free:292.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Games) (Fixed) (Total:365.66 GB) (Free:6.67 GB) NTFS
Drive m: (Media) (Fixed) (Total:931.51 GB) (Free:487.14 GB) NTFS
Drive s: (Series) (Fixed) (Total:149.05 GB) (Free:30.61 GB) NTFS
Drive x: (Xbox) (Fixed) (Total:149.05 GB) (Free:58.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00095A37)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=365.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 14E814E8)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DEB00AFA)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 2B2C2B2C)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 92D6DDF0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

waiting on your reply.

Attached Files

  • Attached File  MBR.zip   567bytes   0 downloads


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 PM

Posted 15 April 2015 - 08:14 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

Task: {DAE11010-3DEB-46C3-9862-A2C0BC08217D} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\MOI\AppData\Roaming\Unity\CODEXi\Steam [2015-03-12] () <==== ATTENTION
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
R3 ALSysIO; \??\C:\Users\MOI\AppData\Local\Temp\ALSysIO64.sys [X]
U3 aswMBR; \??\C:\Users\MOI\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\MOI\AppData\Local\Temp\aswVmm.sys [X]
AlternateDataStreams: C:\Users\MOI\Desktop\aswMBR.exe:BDU
AlternateDataStreams: C:\Users\MOI\Desktop\FRST64.exe:BDU
C:\Users\MOI\AppData\Roaming\Unity\CODEXi

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Refer to post no 2. Download and run the RogueKiller tool.
Post the log for my review.

#11 handakes

handakes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 15 April 2015 - 12:42 PM

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-04-2015
Ran by MOI at 2015-04-15 15:24:55 Run:2
Running from E:\Programs\Clean Sweep!\Scanning tools
Loaded Profiles: MOI (Available profiles: MOI & FL2-MAN)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

Task: {DAE11010-3DEB-46C3-9862-A2C0BC08217D} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\MOI\AppData\Roaming\Unity\CODEXi\Steam [2015-03-12] () <==== ATTENTION
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
ShortcutTarget: Windows Explorer.lnk -> C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe (No File)
R3 ALSysIO; \??\C:\Users\MOI\AppData\Local\Temp\ALSysIO64.sys [X]
U3 aswMBR; \??\C:\Users\MOI\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\MOI\AppData\Local\Temp\aswVmm.sys [X]
AlternateDataStreams: C:\Users\MOI\Desktop\aswMBR.exe:BDU
AlternateDataStreams: C:\Users\MOI\Desktop\FRST64.exe:BDU
C:\Users\MOI\AppData\Roaming\Unity\CODEXi

End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DAE11010-3DEB-46C3-9862-A2C0BC08217D} => Key not found. 
C:\Windows\System32\Tasks\Steam_x64-S-2-106-91 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Steam_x64-S-2-106-91" => Key Deleted successfully.
C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe not found.
C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe not found.
C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe not found.
ALSysIO => Service stopped successfully.
ALSysIO => Service deleted successfully.
aswMBR => Service deleted successfully.
aswVmm => Service deleted successfully.
"C:\Users\MOI\Desktop\aswMBR.exe" => ":BDU" ADS not found.
"C:\Users\MOI\Desktop\FRST64.exe" => ":BDU" ADS not found.
C:\Users\MOI\AppData\Roaming\Unity\CODEXi => Moved successfully.


The system needed a reboot. 

==== End of Fixlog 15:24:56 ====

Rogue killer "note that i have unckecked better DS3.exe from the deleted items at the startup tab because i am the one who put it there myself"

 

RogueKiller V10.5.10.0 [Apr 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : MOI [Administrator]
Started from : E:\Programs\Clean Sweep!\Scanning tools\RogueKiller.exe
Mode : Delete -- Date : 04/15/2015  19:40:41

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] Better DS3.exe(2860) -- C:\Users\MOI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Better DS3.exe[-] -> Killed [TermProc]
[Suspicious.Path] (SVC) ALSysIO -- \??\C:\Users\MOI\AppData\Local\Temp\ALSysIO64.sys[x] -> Stopped

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\Users\MOI\AppData\Local\Temp\ALSysIO64.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\MOI\AppData\Local\Temp\ALSysIO64.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\Users\MOI\AppData\Local\Temp\ALSysIO64.sys) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ADD64CDC-EFB9-4D35-B84F-55E5C2DBD207} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ADD64CDC-EFB9-4D35-B84F-55E5C2DBD207} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{ADD64CDC-EFB9-4D35-B84F-55E5C2DBD207} | DhcpNameServer : 7.254.254.254 [UNITED STATES (US)]  -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-630149823-2377076548-582725754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-630149823-2377076548-582725754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-630149823-2377076548-582725754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-630149823-2377076548-582725754-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 4 ¤¤¤
[Suspicious.Path][File] Windows Explorer.lnk -- C:\Users\FL2-MAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk [LNK@] C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe "C:\Users\MOI\AppData\Roaming\wusofuvir\yucxpi.js" -> Deleted
[Suspicious.Path|Suspicious.Startup][File] Better DS3.exe -- C:\Users\MOI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Better DS3.exe -> Not selected
[Suspicious.Path][File] Windows Explorer.lnk -- C:\Users\MOI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk [LNK@] C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe "C:\Users\MOI\AppData\Roaming\wusofuvir\yucxpi.js" -> Deleted
[Suspicious.Path][File] Windows Explorer.lnk -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk [LNK@] C:\Users\MOI\AppData\Roaming\wusofuvir\dskprocess64.exe "C:\Users\MOI\AppData\Roaming\wusofuvir\yucxpi.js" -> Deleted

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.adobe.com

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 576ffaec1101e4bed3b2ffe1efe81b0a
[BSP] c33b3d30bddcb427c6249ee8d4751624 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD1600AABS-00PRA0 ATA Device +++++
--- User ---
[MBR] 1e98e549a90732126d454e31c0358847
[BSP] 12f1adb46760b5d083bd735dc18177d2 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: WDC WD10EADS-00M2B0 ATA Device +++++
--- User ---
[MBR] 18b0b4a4032d902e5e7c4ffed6ec8cdd
[BSP] 2d86458f9f4080c7488c7124da807dfa : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: WDC WD10EZEX-60M2NA0 ATA Device +++++
--- User ---
[MBR] 38d6fd4adeb126d5f3396f1af5570fc9
[BSP] d6c5d0ba40adf1a70d56e43af3bc15d0 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive4: WDC WD1600AVBS-63SVA0 ATA Device +++++
--- User ---
[MBR] b166b0b181b273867ad0e01e47af927a
[BSP] 1c3a1aee1440b835075d5c0ef23fb30e : Windows XP MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_04152015_154050.log


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 PM

Posted 15 April 2015 - 01:34 PM

How is the computer running now?

#13 handakes

handakes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 16 April 2015 - 07:44 AM

well, i can't find the process in question, nor there is another one hogging the processor..so i guess it's fine for now..



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:36 PM

Posted 16 April 2015 - 08:02 AM

Lets look also in the Registry.

Please run the Farbar Recovery Scan Tool. Enter DisableStartupSound in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#15 handakes

handakes
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 18 April 2015 - 07:39 PM

sorry for the delay, here it is

Farbar Recovery Scan Tool (x64) Version: 19-04-2015
Ran by MOI at 2015-04-19 02:39:17
Running from E:\Programs\Clean Sweep!\Scanning tools
Boot Mode: Normal

================== Search Registry: "DisableStartupSound" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\BootAnimation]
"DisableStartupSound"="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\BootAnimation]
"DisableStartupSound"="0"

====== End Of Search ======





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users