Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware problem


  • This topic is locked This topic is locked
25 replies to this topic

#1 Zabak1

Zabak1

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 01 April 2015 - 03:31 AM

scanned and got told system hijack

can someone check logs please

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Chris (administrator) on DELL-530 on 01-04-2015 09:29:35
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available profiles: Chris)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
() C:\Program Files\HDD Health\HDDHealthService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(PANTERASoft) C:\Program Files\HDD Health\hddhealth.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
() C:\Program Files\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5511352 2015-03-20] (Avast Software s.r.o.)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
ShortcutTarget: HDDHealth.lnk -> C:\Program Files\HDD Health\hddhealth.exe (PANTERASoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-03-20] (Avast Software s.r.o.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\y0t440si.default-1422297887428
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1:
FF SelectedSearchEngine:
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-23] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-09-08] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-16] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-09-08] (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2013-09-08] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013-09-08] (RealPlayer)
FF Extension: NoScript - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\y0t440si.default-1422297887428\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-03-26]
FF Extension: Adblock Plus - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\y0t440si.default-1422297887428\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-04]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-08]
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-02]

Chrome:
=======
CHR HomePage: Default -> https://uk.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "https://uk.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-16]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-16]
CHR Extension: (No Name) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-16]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-16]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-16]
CHR Extension: (AdBlock) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-17]
CHR Extension: (avast! Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-02]
CHR Extension: (RealDownloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-04-16]
CHR Extension: (No Name) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-02]
CHR Extension: (ScriptSafe) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-08-17]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-16]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-20]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-03-20] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-03-20] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-03-20] (Avast Software)
R2 HDDHealth; C:\Program Files\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-20] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-03-20] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-20] (Avast Software s.r.o.)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2014-08-02] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [253728 2015-03-20] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-03-20] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-20] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427480 2015-03-20] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-03-20] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206976 2015-03-20] ()
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2014-12-10] ()
R3 gttap1; C:\Windows\System32\DRIVERS\gttap1.sys [32552 2013-09-12] (The OpenVPN Project)
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-04-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [43520 2009-12-10] (--)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-03-20] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-31 08:51 - 2015-03-31 08:53 - 00026555 _____ () C:\Users\Chris\Desktop\Addition.txt
2015-03-31 08:50 - 2015-04-01 09:29 - 00016762 _____ () C:\Users\Chris\Desktop\FRST.txt
2015-03-31 08:31 - 2015-03-31 08:31 - 01135104 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe
2015-03-30 23:54 - 2013-04-29 10:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-03-30 21:39 - 2015-03-31 08:19 - 00001041 _____ () C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
2015-03-30 21:39 - 2015-03-31 08:19 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Vso
2015-03-30 20:15 - 2015-03-31 14:50 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\uTorrent
2015-03-24 18:22 - 2015-03-24 18:22 - 06693152 _____ (Auslogics Labs Pty Ltd ) C:\Users\Chris\Downloads\disk-defrag-setup.exe
2015-03-24 18:22 - 2015-03-24 18:22 - 00000922 _____ () C:\Users\Chris\Desktop\Auslogics DiskDefrag.lnk
2015-03-24 18:22 - 2015-03-24 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-03-24 18:22 - 2015-03-24 18:22 - 00000000 ____D () C:\Program Files\Auslogics
2015-03-24 13:28 - 2015-03-24 13:28 - 00001653 _____ () C:\Users\Chris\Desktop\Ladbrokes Casino.lnk
2015-03-23 05:17 - 2015-03-23 05:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-20 19:14 - 2015-03-20 19:15 - 00000000 ____D () C:\44e3d12e142a0353867416372d
2015-03-20 18:48 - 2015-03-23 11:14 - 00001730 _____ () C:\Windows\PFRO.log
2015-03-20 18:35 - 2015-03-20 18:32 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-20 18:32 - 2015-03-20 18:32 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-20 18:04 - 2015-03-20 18:05 - 00000197 _____ () C:\Windows\system32\2015-03-20-17-04-52.036-AvastVBoxSVC.exe-1368.log
2015-03-19 13:52 - 2015-03-19 13:52 - 00000197 _____ () C:\Windows\system32\2015-03-19-12-52-23.034-AvastVBoxSVC.exe-2648.log
2015-03-18 13:13 - 2015-03-18 13:13 - 00000247 _____ () C:\Windows\system32\2015-03-18-12-13-02.070-aswFe.exe-4108.log
2015-03-18 12:58 - 2015-03-18 12:58 - 00000197 _____ () C:\Windows\system32\2015-03-18-11-58-22.057-AvastVBoxSVC.exe-3416.log
2015-03-12 04:12 - 2015-02-26 01:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 04:12 - 2015-01-29 02:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 04:12 - 2015-01-29 02:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 04:06 - 2015-02-20 03:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 04:06 - 2015-02-20 01:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 04:05 - 2015-02-26 03:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 04:05 - 2015-02-26 03:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 04:05 - 2015-01-21 03:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 04:05 - 2015-01-09 03:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 04:05 - 2015-01-09 01:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 04:04 - 2015-03-06 05:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 04:03 - 2014-10-13 02:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 04:02 - 2015-02-18 03:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 09:41 - 2015-02-21 18:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 09:41 - 2015-02-21 18:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-11 09:41 - 2015-02-21 18:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 09:41 - 2015-02-21 18:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 09:41 - 2015-02-21 18:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 09:41 - 2015-02-21 18:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 09:41 - 2015-02-21 18:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 09:41 - 2015-02-21 18:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-11 09:41 - 2015-02-21 18:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 09:41 - 2015-02-21 18:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 09:41 - 2015-02-21 18:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 09:41 - 2015-02-21 18:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 09:41 - 2015-02-21 18:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 09:41 - 2015-02-21 18:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 09:41 - 2015-02-21 18:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 09:41 - 2015-02-21 18:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 09:41 - 2015-02-21 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 09:41 - 2015-02-21 18:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 09:41 - 2015-02-21 18:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-11 09:41 - 2015-02-21 18:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-11 09:41 - 2015-02-21 18:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-11 09:41 - 2015-02-21 18:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-05 15:27 - 2015-03-05 15:28 - 00000247 _____ () C:\Windows\system32\2015-03-05-14-27-51.039-aswFe.exe-5188.log
2015-03-05 15:15 - 2015-03-05 15:27 - 00000247 _____ () C:\Windows\system32\2015-03-05-14-15-28.038-aswFe.exe-4032.log
2015-03-05 15:15 - 2015-03-05 15:15 - 00000197 _____ () C:\Windows\system32\2015-03-05-14-15-15.080-AvastVBoxSVC.exe-916.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-01 09:29 - 2015-02-14 09:57 - 00000000 ____D () C:\FRST
2015-04-01 08:47 - 2012-12-13 20:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-01 08:43 - 2014-06-02 22:04 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-01 08:32 - 2012-06-09 17:42 - 01835987 _____ () C:\Windows\WindowsUpdate.log
2015-04-01 08:22 - 2006-11-02 13:47 - 00005184 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-01 08:22 - 2006-11-02 13:47 - 00005184 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-01 07:33 - 2014-06-02 22:10 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-03-31 19:43 - 2014-06-02 22:04 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-31 12:38 - 2013-07-23 22:29 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\vlc
2015-03-31 10:16 - 2012-12-19 19:53 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\dvdcss
2015-03-31 10:16 - 2011-12-31 14:09 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
2015-03-31 08:30 - 2014-07-29 23:31 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-03-31 08:29 - 2006-11-02 11:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-31 08:22 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-31 08:21 - 2006-11-02 14:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-31 08:19 - 2012-06-03 09:55 - 00051200 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-31 03:32 - 2011-12-28 15:53 - 00000000 ____D () C:\Users\Chris\Documents\ConvertXToDVD
2015-03-26 18:41 - 2015-02-27 23:47 - 00000000 ____D () C:\Users\Chris\AppData\Local\Ladbrokes Casino
2015-03-24 18:39 - 2014-06-02 22:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-24 18:05 - 2014-06-02 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-24 18:05 - 2013-08-23 17:11 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-24 13:28 - 2015-02-27 23:47 - 00001655 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Ladbrokes Casino.lnk
2015-03-23 11:14 - 2013-10-31 01:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-23 11:14 - 2008-10-23 13:07 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-23 05:59 - 2014-08-27 21:55 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe
2015-03-23 05:42 - 2012-12-13 20:48 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-03-23 05:42 - 2012-12-13 20:48 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-23 01:03 - 2012-10-25 16:53 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-23 01:03 - 2012-10-25 16:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-23 01:02 - 2013-08-17 03:35 - 00000819 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-03-23 01:02 - 2012-03-30 08:47 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2015-03-21 18:51 - 2014-06-02 22:05 - 00001931 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-20 18:34 - 2014-08-02 22:53 - 00427480 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-20 18:34 - 2014-08-02 22:53 - 00206976 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-20 18:34 - 2014-08-02 22:53 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-20 18:34 - 2014-08-02 22:53 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-03-20 18:34 - 2014-08-02 22:53 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-03-20 18:34 - 2014-08-02 22:53 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-20 18:34 - 2014-08-02 22:53 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-20 18:31 - 2014-08-02 22:53 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-20 18:31 - 2014-08-02 22:53 - 00026096 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-03-20 18:28 - 2014-08-02 22:53 - 00253728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdis2.sys
2015-03-17 07:15 - 2014-06-02 22:10 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 07:15 - 2013-10-21 09:52 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 07:15 - 2013-08-23 17:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-12 04:33 - 2013-01-13 18:03 - 03612480 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 04:12 - 2013-08-14 03:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 04:06 - 2006-11-02 11:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2011-12-28 15:52 - 2011-12-28 15:52 - 0007887 _____ () C:\Users\Chris\AppData\Roaming\pcouffin.cat
2011-12-28 15:52 - 2011-12-28 15:52 - 0001144 _____ () C:\Users\Chris\AppData\Roaming\pcouffin.inf
2011-12-28 15:53 - 2011-12-28 15:53 - 0000034 _____ () C:\Users\Chris\AppData\Roaming\pcouffin.log
2011-12-28 15:52 - 2011-12-28 15:52 - 0047360 _____ (VSO Software) C:\Users\Chris\AppData\Roaming\pcouffin.sys
2013-06-10 19:39 - 2013-06-10 19:39 - 0029239 _____ () C:\Users\Chris\AppData\Roaming\UserTile.png
2015-03-30 21:39 - 2015-03-31 08:19 - 0001041 _____ () C:\Users\Chris\AppData\Roaming\vso_ts_preview.xml
2012-01-13 09:09 - 2013-04-28 22:18 - 0163945 _____ () C:\Users\Chris\AppData\Local\ars.cache
2012-01-13 09:10 - 2013-04-28 22:18 - 0910996 _____ () C:\Users\Chris\AppData\Local\census.cache
2013-05-06 12:27 - 2014-07-30 00:10 - 0000680 _____ () C:\Users\Chris\AppData\Local\d3d9caps.dat
2012-06-03 09:55 - 2015-03-31 08:19 - 0051200 _____ () C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-13 08:12 - 2012-01-13 08:12 - 0000036 _____ () C:\Users\Chris\AppData\Local\housecall.guid.cache
2014-11-06 22:03 - 2014-11-06 22:03 - 0000000 _____ () C:\Users\Chris\AppData\Local\{58A3253E-0601-4F77-827A-75E8523B55B2}

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-01 08:48

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Chris at 2015-03-31 08:51:04
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Leawo Video Converter version  5.1.0.0 (HKLM\...\{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1) (Version:  - )
µTorrent (HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\uTorrent) (Version: 3.4.2.39744 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.3.0.0 - Auslogics Labs Pty Ltd)
Avast Internet Security (HKLM\...\Avast) (Version: 10.2.2214 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
ConvertXtoDVD 4.0.9.322 (HKLM\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.9.322 - )
EasyBCD 1.7 (HKLM\...\EasyBCD) (Version: 1.7 - NeoSmart Technologies)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
ffdshow [rev 2180] [2008-10-04] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HDD Health v4.2 (HKLM\...\HDD Health_is1) (Version:  - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Ladbrokes Casino (HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Ladbrokes) (Version:  - )
Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{A55747C1-4651-433D-B082-478874FF7516}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MPC-HC 1.7.0 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.0.7858 - MPC-HC Team)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 7 Lite 7.10.1.2 (HKLM\...\Nero7Lite_is1) (Version: 7.10.1.2 - UpdatePack.nl)
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skitch (HKLM\...\Skitch 1.0.2.0) (Version: 2.2.0.4 - Evernote Corp.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
YouTube Downloader App 3.00 (HKLM\...\YouTube Downloader App) (Version: 3.00 - Regensoft)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

10-03-2015 01:00:01 Scheduled Checkpoint
10-03-2015 15:04:45 Windows Update
12-03-2015 01:00:04 Scheduled Checkpoint
12-03-2015 04:00:18 Windows Update
13-03-2015 01:00:01 Scheduled Checkpoint
14-03-2015 01:00:02 Scheduled Checkpoint
15-03-2015 01:00:07 Scheduled Checkpoint
16-03-2015 01:32:55 Scheduled Checkpoint
17-03-2015 01:00:02 Scheduled Checkpoint
17-03-2015 23:47:28 Windows Update
18-03-2015 13:49:36 Scheduled Checkpoint
20-03-2015 18:16:39 avast! antivirus system restore point
21-03-2015 17:18:27 Windows Update
23-03-2015 11:54:29 Scheduled Checkpoint
24-03-2015 02:31:12 Scheduled Checkpoint
24-03-2015 19:22:24 Scheduled Checkpoint
24-03-2015 21:36:37 Windows Update
25-03-2015 10:55:06 Scheduled Checkpoint
26-03-2015 01:09:22 Scheduled Checkpoint
26-03-2015 19:34:18 Scheduled Checkpoint
28-03-2015 01:00:05 Scheduled Checkpoint
29-03-2015 01:00:08 Scheduled Checkpoint
30-03-2015 12:37:11 Scheduled Checkpoint
31-03-2015 04:00:31 Scheduled Checkpoint
31-03-2015 07:46:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-01-28 16:22 - 2015-02-12 19:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0945E1CB-16D0-411C-8521-E36129FC4CAD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {173D4975-2084-4DE0-9118-A5F79C988034} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5184F028-AA66-498B-8389-8BE4497A3485} - System32\Tasks\avastBCLRestartS-1-5-21-3299710142-3868310564-1978959094-1001 => Firefox.exe
Task: {55BCF811-A564-4112-86D0-CE9A15394CF0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {6092D648-6209-4D6F-9B67-908F6DA777DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {677CD573-8156-4B83-8781-B7646D6B0415} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-23] (Adobe Systems Incorporated)
Task: {6AB10674-89F8-4900-9832-2CF880C72577} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8214B684-CA5F-4C69-89AA-C1D18ACA5CB0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {85281012-34B8-4BAA-9EF3-93B5EA5F07FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-02] (Google Inc.)
Task: {8A6403D3-82D2-4E66-8DBE-0E6A1517755E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-06-02] (Google Inc.)
Task: {C9FE83DC-FBE8-4C22-AF6D-8843F56B350E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-20] (Avast Software s.r.o.)
Task: {DC0B49E4-3258-40BE-81A6-B40E45F2E425} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-20 18:32 - 2015-03-20 18:32 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-03-20 18:32 - 2015-03-20 18:32 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-03-30 20:00 - 2015-03-30 20:00 - 02924032 _____ () C:\Program Files\AVAST Software\Avast\defs\15033001\algo.dll
2014-03-25 06:27 - 2013-03-08 10:54 - 00017760 _____ () C:\Program Files\HDD Health\HDDHealthService.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-03-14 03:20 - 2015-03-20 18:33 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-20 18:40 - 2015-03-23 05:42 - 16858288 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Chris\Downloads\20120317_142032-trim-03-17-trim-03-18-00-17-38.3gp:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\33.MPG:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\a.3gp:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\meandem.MP4:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\vid2.3gp:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3299710142-3868310564-1978959094-500 - Administrator - Disabled)
Chris (S-1-5-21-3299710142-3868310564-1978959094-1001 - Administrator - Enabled) => C:\Users\Chris
Guest (S-1-5-21-3299710142-3868310564-1978959094-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2015 08:23:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/26/2015 06:39:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/25/2015 04:53:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/25/2015 10:10:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/24/2015 06:43:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/24/2015 01:25:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\Y0T440SI.DEFAULT-1422297887428\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (03/23/2015 11:18:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/23/2015 11:18:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/21/2015 04:47:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/21/2015 04:47:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (03/31/2015 08:28:57 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (03/31/2015 08:25:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Eventlog

Error: (03/31/2015 08:25:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: AvastVBox COM Service%%1053

Error: (03/31/2015 08:25:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000AvastVBox COM Service

Error: (03/31/2015 08:24:12 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053AvastVBoxSvc{F319F1B8-7587-4146-AF9C-0D6D77819BF1}

Error: (03/30/2015 11:57:20 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:56:06 on 30/03/2015 was unexpected.

Error: (03/26/2015 06:35:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 15:58:20 on 26/03/2015 was unexpected.

Error: (03/25/2015 04:51:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:17:34 on 25/03/2015 was unexpected.

Error: (03/25/2015 10:09:03 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.3 for the Network Card with network address 001EC982BAAF has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Error: (03/25/2015 10:08:55 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 07:45:25 on 25/03/2015 was unexpected.


Microsoft Office Sessions:
=========================
Error: (03/31/2015 08:23:51 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (03/26/2015 06:39:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (03/25/2015 04:53:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (03/25/2015 10:10:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (03/24/2015 06:43:33 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (03/24/2015 01:25:26 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\CHRIS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\Y0T440SI.DEFAULT-1422297887428\SAFEBROWSING-TO_DELETE

Error: (03/23/2015 11:18:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (03/23/2015 11:18:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (03/21/2015 04:47:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (03/21/2015 04:47:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe


CodeIntegrity Errors:
===================================
  Date: 2015-03-31 08:50:55.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-31 08:50:55.620
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-31 08:50:55.402
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-31 08:50:55.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-31 08:50:24.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-31 08:50:23.883
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-31 08:50:23.696
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-31 08:50:23.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-31 08:36:57.700
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\DasPtct.SYS because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-31 08:36:57.434
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\DasPtct.SYS because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz
Percentage of memory in use: 50%
Total physical RAM: 3060.45 MB
Available physical RAM: 1510.15 MB
Total Pagefile: 6355.91 MB
Available Pagefile: 4458.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.32 GB) (Free:154.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:9.77 GB) (Free:3.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 5ED7C68A)
Partition 1: (Active) - (Size=288.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:09 PM

Posted 01 April 2015 - 08:30 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
CHR HomePage: Default -> https://uk.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "https://uk.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Extension: (avast! Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-20]
AlternateDataStreams: C:\Users\Chris\Downloads\20120317_142032-trim-03-17-trim-03-18-00-17-38.3gp:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\33.MPG:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\a.3gp:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\meandem.MP4:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\vid2.3gp:TOC.WMV

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 Zabak1

Zabak1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 01 April 2015 - 10:53 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Chris at 2015-04-01 15:56:34 Run:2
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available profiles: Chris)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

CloseProcesses:

FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
CHR HomePage: Default -> https://uk.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "https://uk.yahoo.com?fr=hp-avast&type=avastbcl"
CHR Extension: (avast! Online Security) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-20]
AlternateDataStreams: C:\Users\Chris\Downloads\20120317_142032-trim-03-17-trim-03-18-00-17-38.3gp:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\33.MPG:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\a.3gp:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\meandem.MP4:TOC.WMV
AlternateDataStreams: C:\Users\Chris\Downloads\vid2.3gp:TOC.WMV

End
*****************

Processes closed successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => Key deleted successfully.
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
C:\Users\Chris\Downloads\20120317_142032-trim-03-17-trim-03-18-00-17-38.3gp => ":TOC.WMV" ADS removed successfully.
C:\Users\Chris\Downloads\33.MPG => ":TOC.WMV" ADS removed successfully.
C:\Users\Chris\Downloads\a.3gp => ":TOC.WMV" ADS removed successfully.
C:\Users\Chris\Downloads\meandem.MP4 => ":TOC.WMV" ADS removed successfully.
C:\Users\Chris\Downloads\vid2.3gp => ":TOC.WMV" ADS removed successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-04-01 16:00:49)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => File could not move.

==== End of Fixlog 16:00:51 ====



#4 Zabak1

Zabak1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 01 April 2015 - 10:59 AM

# AdwCleaner v4.200 - Logfile created 01/04/2015 at 16:53:19
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Chris - DELL-530
# Running from : C:\Users\Chris\Desktop\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Chris\AppData\Roaming\download Manager

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v36.0.4 (x86 en-US)


-\\ Google Chrome v41.0.2272.101


-\\ Comodo Dragon v


*************************

AdwCleaner[R0].txt - [894 bytes] - [01/04/2015 16:43:59]
AdwCleaner[S0].txt - [822 bytes] - [01/04/2015 16:53:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [880  bytes] ##########
 

 

 

its running about the same. did you find any malware?



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:09 PM

Posted 01 April 2015 - 12:32 PM

Your version of AdwCleaner is old.

Remove the application and get the latest version.
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

What are the issues with this computer?

#6 Zabak1

Zabak1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 01 April 2015 - 02:58 PM

panda found a system hijack and my computer is really sluggish#

#

 

# AdwCleaner v4.200 - Logfile created 01/04/2015 at 20:56:00
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Chris - DELL-530
# Running from : C:\Users\Chris\Desktop\adwcleaner_4.200.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16633


-\\ Mozilla Firefox v36.0.4 (x86 en-US)


-\\ Google Chrome v41.0.2272.101


-\\ Comodo Dragon v


*************************

AdwCleaner[R0].txt - [894 bytes] - [01/04/2015 16:43:59]
AdwCleaner[R1].txt - [946 bytes] - [01/04/2015 20:40:02]
AdwCleaner[R2].txt - [810 bytes] - [01/04/2015 20:56:00]
AdwCleaner[S0].txt - [959 bytes] - [01/04/2015 16:53:19]
AdwCleaner[S1].txt - [1009 bytes] - [01/04/2015 20:46:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [985 bytes] ##########
 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:09 PM

Posted 02 April 2015 - 06:36 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#8 Zabak1

Zabak1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 02 April 2015 - 07:49 AM

this popped up when roguekiller had done

 

http://www.adlice.com/kernelmode-rootkits-part-3-kernel-filters/

 

 

log

RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Chris [Administrator]
Started from : C:\Users\Chris\Desktop\RogueKiller.exe
Mode : Delete -- Date : 04/02/2015  13:48:56

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 9 ¤¤¤
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_4287\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Replaced (explorer.exe)
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\Chris\AppData\Local\Temp\catchme.sys) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme (\??\C:\Users\Chris\AppData\Local\Temp\catchme.sys) -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} | DhcpNameServer : 192.168.1.1 0.0.0.0 [(Private Address) (XX)]  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} | DhcpNameServer : 192.168.1.1 0.0.0.0 [(Private Address) (XX)]  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_4287\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_4287\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\fdc.sys)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3320613AS ATA Device +++++
--- User ---
[MBR] 75cea1566f37ed5202eeca8f75d9ee40
[BSP] f9ca80c0c038cea0eeca3eb48d6e0ec9 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 295243 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10132014_222158.log - RKreport_SCN_04022015_134817.log



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:09 PM

Posted 02 April 2015 - 12:43 PM



this popped up when roguekiller had done

It could be because of this fdc.sys driver for your CD Rom.

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\fdc.sys)


If your redirect issue persists run these programs.
If all is OK the forget about it.
====

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#10 Zabak1

Zabak1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 02 April 2015 - 02:05 PM

20:03:13.0621 0x0ac4  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
20:03:18.0524 0x0ac4  ============================================================
20:03:18.0524 0x0ac4  Current date / time: 2015/04/02 20:03:18.0524
20:03:18.0524 0x0ac4  SystemInfo:
20:03:18.0524 0x0ac4  
20:03:18.0524 0x0ac4  OS Version: 6.0.6002 ServicePack: 2.0
20:03:18.0524 0x0ac4  Product type: Workstation
20:03:18.0524 0x0ac4  ComputerName: DELL-530
20:03:18.0524 0x0ac4  UserName: Chris
20:03:18.0524 0x0ac4  Windows directory: C:\Windows
20:03:18.0524 0x0ac4  System windows directory: C:\Windows
20:03:18.0524 0x0ac4  Processor architecture: Intel x86
20:03:18.0524 0x0ac4  Number of processors: 2
20:03:18.0524 0x0ac4  Page size: 0x1000
20:03:18.0524 0x0ac4  Boot type: Normal boot
20:03:18.0524 0x0ac4  ============================================================
20:03:22.0689 0x0ac4  KLMD registered as C:\Windows\system32\drivers\17014557.sys
20:03:23.0392 0x0ac4  System UUID: {063AE146-6BF1-B610-C935-AFF57B61E7F0}
20:03:25.0394 0x0ac4  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:03:25.0398 0x0ac4  ============================================================
20:03:25.0398 0x0ac4  \Device\Harddisk0\DR0:
20:03:25.0398 0x0ac4  MBR partitions:
20:03:25.0398 0x0ac4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x240A5800
20:03:25.0398 0x0ac4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000
20:03:25.0398 0x0ac4  ============================================================
20:03:25.0435 0x0ac4  C: <-> \Device\Harddisk0\DR0\Partition1
20:03:25.0567 0x0ac4  D: <-> \Device\Harddisk0\DR0\Partition2
20:03:25.0567 0x0ac4  ============================================================
20:03:25.0567 0x0ac4  Initialize success
20:03:25.0567 0x0ac4  ============================================================
20:03:27.0195 0x1530  ============================================================
20:03:27.0195 0x1530  Scan started
20:03:27.0195 0x1530  Mode: Manual;
20:03:27.0195 0x1530  ============================================================
20:03:27.0195 0x1530  KSN ping started
20:04:25.0968 0x1530  KSN ping finished: true
20:04:28.0373 0x1530  ================ Scan system memory ========================
20:04:28.0373 0x1530  System memory - ok
20:04:28.0374 0x1530  ================ Scan services =============================
20:04:29.0200 0x1530  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:04:29.0225 0x1530  ACPI - ok
20:04:29.0462 0x1530  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:04:29.0467 0x1530  AdobeARMservice - ok
20:04:29.0648 0x1530  [ B0FE8D243A4EC6727D7EC5019C4B26B1, 6A319A77E19937208237BDBD2A545367EEC7B4B7ED732E0BAF616070C2FD88A3 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:04:29.0654 0x1530  AdobeFlashPlayerUpdateSvc - ok
20:04:29.0966 0x1530  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:04:30.0069 0x1530  adp94xx - ok
20:04:30.0174 0x1530  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:04:30.0225 0x1530  adpahci - ok
20:04:30.0244 0x1530  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:04:30.0248 0x1530  adpu160m - ok
20:04:30.0277 0x1530  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:04:30.0283 0x1530  adpu320 - ok
20:04:30.0348 0x1530  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:04:30.0350 0x1530  AeLookupSvc - ok
20:04:30.0422 0x1530  [ 330A1E4DF07C2E29949ED8631CD8828E, 139127405B2D635B0252FF8D7308D671546F20B051C93C50A9013E7AB9D54835 ] AERTFilters     C:\Windows\system32\AERTSrv.exe
20:04:30.0426 0x1530  AERTFilters - ok
20:04:30.0521 0x1530  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
20:04:30.0705 0x1530  AFD - ok
20:04:30.0812 0x1530  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:04:30.0816 0x1530  agp440 - ok
20:04:30.0857 0x1530  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:04:30.0863 0x1530  aic78xx - ok
20:04:30.0898 0x1530  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
20:04:30.0918 0x1530  ALG - ok
20:04:30.0963 0x1530  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
20:04:31.0009 0x1530  aliide - ok
20:04:31.0047 0x1530  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:04:31.0069 0x1530  amdagp - ok
20:04:31.0094 0x1530  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
20:04:31.0096 0x1530  amdide - ok
20:04:31.0151 0x1530  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
20:04:31.0154 0x1530  AmdK7 - ok
20:04:31.0186 0x1530  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:04:31.0190 0x1530  AmdK8 - ok
20:04:31.0288 0x1530  [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo         C:\Windows\System32\appinfo.dll
20:04:31.0312 0x1530  Appinfo - ok
20:04:31.0380 0x1530  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
20:04:31.0384 0x1530  arc - ok
20:04:31.0413 0x1530  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:04:31.0418 0x1530  arcsas - ok
20:04:31.0728 0x1530  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:04:31.0746 0x1530  aspnet_state - ok
20:04:31.0801 0x1530  [ AA69ED00EE72BFEE003C864DCFBC5038, 95B949C4AC7F1962FE84EE8FBA4C7CBE959B963ABEEAE0EF092EBB028D1435E2 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
20:04:31.0826 0x1530  aswHwid - ok
20:04:31.0882 0x1530  [ 75A8F8A312FBB4C3D7003BACAB2BFEB1, 94A088B2D16FE8165AC7730BA998AE890547B0C740053CB086EB78A12B83383C ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
20:04:31.0885 0x1530  aswKbd - ok
20:04:31.0932 0x1530  [ 6FDAE6458E0FAC369005EEFE55E1190A, 518FEFEBE50CAC7F54AF839F8A2423307789989FC5D92535866C38A1FBDBDDE3 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
20:04:31.0950 0x1530  aswMonFlt - ok
20:04:32.0010 0x1530  [ 7B948E3657BEA62E437BC46CA6EF6012, D518FEB29DBCC1406FFFAF7F618A4475B0A469D4C2714313859D7AD402283A5C ] aswNdis         C:\Windows\system32\DRIVERS\aswNdis.sys
20:04:32.0012 0x1530  aswNdis - ok
20:04:32.0049 0x1530  [ FB6893167C18D9C6372BDFE9FB02B4C5, DD28D79FA443863EF48EE8645FA54CCF2D1C0A3A5543593BDE2ED72B0CB1D16D ] aswNdis2        C:\Windows\system32\drivers\aswNdis2.sys
20:04:32.0066 0x1530  aswNdis2 - ok
20:04:32.0109 0x1530  [ 06ADE0B8900AA63322172011F49BAAA7, 6A9821AEB303E578C6E33FFF8863890BD6549EC58B1DED78D5764BA7A036F8EF ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys
20:04:32.0153 0x1530  aswRdr - ok
20:04:32.0169 0x1530  [ 6FB92505DAA300DA62A1C374B949B574, CBF54038F1267A8B3420C5B58F4AAB77A71590B1C82B9144AD4FAB07E9B9B685 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
20:04:32.0173 0x1530  aswRvrt - ok
20:04:32.0202 0x1530  [ C3A047ABB97AEB805E07A30EFDACD0B9, D62BD6FF27C42134FE3A22B87ED5D16EDEA1994E90C1EEC5E2680047B76DC4DC ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
20:04:32.0227 0x1530  aswSnx - ok
20:04:32.0252 0x1530  [ E5F230B70F1A9764EB7AC4A76445F79F, 22D938B96D6E1BCAF2E5DD109A880BDB640AC048970876EB75DA5BB7DD858DDA ] aswSP           C:\Windows\system32\drivers\aswSP.sys
20:04:32.0269 0x1530  aswSP - ok
20:04:32.0301 0x1530  [ 279BE64DC533AB4E3F70279BDC432B4C, 43C855E637A8976354C99C01073A875DCBD6024C89AB61A241C0C7BDB3320D1D ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
20:04:32.0305 0x1530  aswTdi - ok
20:04:32.0324 0x1530  [ 2EBD0ACCAFC67088D4B9EBDF7428F6AD, F2872CB350CE46BED8FCD3790921612B808292D32A58BC6F646BBD2EEEA4ADE0 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
20:04:32.0331 0x1530  aswVmm - ok
20:04:32.0367 0x1530  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:04:32.0370 0x1530  AsyncMac - ok
20:04:32.0416 0x1530  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
20:04:32.0418 0x1530  atapi - ok
20:04:32.0504 0x1530  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:04:32.0525 0x1530  AudioEndpointBuilder - ok
20:04:32.0536 0x1530  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:04:32.0543 0x1530  Audiosrv - ok
20:04:32.0849 0x1530  [ 35714DC1ADD995681D890D4382C75721, C1D10F2D47D348DCEA363B676E35A363FE8FA0E24295C4AD90F7EA37826A822D ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:04:32.0855 0x1530  avast! Antivirus - ok
20:04:32.0898 0x1530  [ 9BCCEF665F197A5BBE86C679EFF608D0, 16D818E6642DD23B5915311C909E1131AA27592254ED8A6EAC59674AC80A01A0 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
20:04:32.0902 0x1530  avast! Firewall - ok
20:04:33.0441 0x1530  [ 5019A83BE87FD8B60F7333901BFD35E5, 674DF51CAA1B6C0BC9CA9755B3BC5A9A71C583BD7C7A2826BD280E107B855092 ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
20:04:33.0606 0x1530  AvastVBoxSvc - ok
20:04:33.0695 0x1530  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:04:33.0699 0x1530  Beep - ok
20:04:33.0826 0x1530  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
20:04:33.0844 0x1530  BFE - ok
20:04:34.0006 0x1530  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\system32\qmgr.dll
20:04:34.0027 0x1530  BITS - ok
20:04:34.0057 0x1530  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:04:34.0060 0x1530  blbdrive - ok
20:04:34.0137 0x1530  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:04:34.0141 0x1530  bowser - ok
20:04:34.0180 0x1530  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:04:34.0182 0x1530  BrFiltLo - ok
20:04:34.0224 0x1530  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:04:34.0228 0x1530  BrFiltUp - ok
20:04:34.0242 0x1530  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
20:04:34.0247 0x1530  Browser - ok
20:04:34.0281 0x1530  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:04:34.0285 0x1530  Brserid - ok
20:04:34.0308 0x1530  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:04:34.0312 0x1530  BrSerWdm - ok
20:04:34.0340 0x1530  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:04:34.0342 0x1530  BrUsbMdm - ok
20:04:34.0353 0x1530  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:04:34.0356 0x1530  BrUsbSer - ok
20:04:34.0373 0x1530  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:04:34.0376 0x1530  BTHMODEM - ok
20:04:34.0430 0x1530  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:04:34.0509 0x1530  cdfs - ok
20:04:34.0591 0x1530  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:04:34.0608 0x1530  cdrom - ok
20:04:34.0645 0x1530  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
20:04:34.0709 0x1530  CertPropSvc - ok
20:04:34.0730 0x1530  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:04:34.0734 0x1530  circlass - ok
20:04:34.0769 0x1530  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
20:04:34.0794 0x1530  CLFS - ok
20:04:34.0850 0x1530  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:04:34.0928 0x1530  clr_optimization_v2.0.50727_32 - ok
20:04:34.0955 0x1530  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:04:35.0005 0x1530  clr_optimization_v4.0.30319_32 - ok
20:04:35.0030 0x1530  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:04:35.0054 0x1530  cmdide - ok
20:04:35.0200 0x1530  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:04:35.0243 0x1530  Compbatt - ok
20:04:35.0249 0x1530  COMSysApp - ok
20:04:35.0284 0x1530  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:04:35.0287 0x1530  crcdisk - ok
20:04:35.0318 0x1530  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
20:04:35.0321 0x1530  Crusoe - ok
20:04:35.0393 0x1530  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:04:35.0401 0x1530  CryptSvc - ok
20:04:35.0478 0x1530  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:04:35.0495 0x1530  DcomLaunch - ok
20:04:35.0580 0x1530  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:04:35.0602 0x1530  DfsC - ok
20:04:35.0750 0x1530  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
20:04:35.0905 0x1530  DFSR - ok
20:04:36.0040 0x1530  [ 54D0B8343CE8C22412A5F29D32EFD211, D78BF09680FF19523C84E862593B45637D91A079C79CAB63A13726E7ACA8ABBF ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
20:04:36.0085 0x1530  dg_ssudbus - ok
20:04:36.0172 0x1530  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:04:36.0196 0x1530  Dhcp - ok
20:04:36.0233 0x1530  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
20:04:36.0236 0x1530  disk - ok
20:04:36.0266 0x1530  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:04:36.0271 0x1530  Dnscache - ok
20:04:36.0293 0x1530  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
20:04:36.0301 0x1530  dot3svc - ok
20:04:36.0348 0x1530  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
20:04:36.0380 0x1530  DPS - ok
20:04:36.0419 0x1530  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:04:36.0421 0x1530  drmkaud - ok
20:04:36.0456 0x1530  [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:04:36.0514 0x1530  DXGKrnl - ok
20:04:36.0558 0x1530  [ 908ED85B7806E8AF3AF5E9B74F7809D4, 9A763D247035578A946094D2C1CE8204E6EDFFD7237C7BF2058B5F4ECC0306E0 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
20:04:36.0566 0x1530  e1express - ok
20:04:36.0589 0x1530  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
20:04:36.0594 0x1530  E1G60 - ok
20:04:36.0636 0x1530  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
20:04:36.0666 0x1530  EapHost - ok
20:04:36.0705 0x1530  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:04:36.0712 0x1530  Ecache - ok
20:04:36.0844 0x1530  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:04:36.0854 0x1530  ehRecvr - ok
20:04:36.0868 0x1530  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
20:04:36.0874 0x1530  ehSched - ok
20:04:36.0923 0x1530  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
20:04:36.0925 0x1530  ehstart - ok
20:04:37.0004 0x1530  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:04:37.0054 0x1530  elxstor - ok
20:04:37.0102 0x1530  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:04:37.0138 0x1530  EMDMgmt - ok
20:04:37.0185 0x1530  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:04:37.0187 0x1530  ErrDev - ok
20:04:37.0327 0x1530  [ 29D3D1F383139FE0D195C93CEF0CDA2C, 490C4F9128E4FBF0A2942EA924FD903D12C0FCF099FB0C3466A68756EA640232 ] ESProtectionDriver C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys
20:04:37.0350 0x1530  ESProtectionDriver - ok
20:04:37.0433 0x1530  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
20:04:37.0536 0x1530  EventSystem - ok
20:04:37.0639 0x1530  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:04:37.0664 0x1530  exfat - ok
20:04:37.0779 0x1530  [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:04:37.0821 0x1530  fastfat - ok
20:04:37.0849 0x1530  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:04:37.0853 0x1530  fdc - ok
20:04:37.0865 0x1530  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
20:04:37.0871 0x1530  fdPHost - ok
20:04:37.0888 0x1530  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:04:37.0891 0x1530  FDResPub - ok
20:04:37.0913 0x1530  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:04:37.0917 0x1530  FileInfo - ok
20:04:37.0947 0x1530  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:04:37.0951 0x1530  Filetrace - ok
20:04:37.0985 0x1530  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:04:37.0988 0x1530  flpydisk - ok
20:04:38.0086 0x1530  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:04:38.0219 0x1530  FltMgr - ok
20:04:38.0464 0x1530  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
20:04:38.0483 0x1530  FontCache - ok
20:04:38.0684 0x1530  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:04:38.0732 0x1530  FontCache3.0.0.0 - ok
20:04:38.0752 0x1530  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:04:38.0754 0x1530  Fs_Rec - ok
20:04:38.0768 0x1530  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:04:38.0772 0x1530  gagp30kx - ok
20:04:39.0016 0x1530  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
20:04:39.0050 0x1530  gpsvc - ok
20:04:39.0081 0x1530  [ CB751449CD98244B358682362B45BF48, C2F97001F5B4203A3F885EEB7BB9CDF5F44A53FC71984728CA2B3AED835F3074 ] gttap1          C:\Windows\system32\DRIVERS\gttap1.sys
20:04:39.0084 0x1530  gttap1 - ok
20:04:39.0158 0x1530  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:04:39.0162 0x1530  gupdate - ok
20:04:39.0189 0x1530  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:04:39.0192 0x1530  gupdatem - ok
20:04:39.0257 0x1530  [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:04:39.0265 0x1530  HdAudAddService - ok
20:04:39.0297 0x1530  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:04:39.0323 0x1530  HDAudBus - ok
20:04:39.0391 0x1530  [ 5DC84FEF6A9050019678C30B1D01C8E8, 923B1CDAEDF153FA280EF301A8BEE0F44DF4B13716A8FE6B0785433F85884D6C ] HDDHealth       C:\Program Files\HDD Health\HDDHealthService.exe
20:04:39.0419 0x1530  HDDHealth - ok
20:04:39.0454 0x1530  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:04:39.0456 0x1530  HidBth - ok
20:04:39.0478 0x1530  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:04:39.0480 0x1530  HidIr - ok
20:04:39.0505 0x1530  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\System32\hidserv.dll
20:04:39.0547 0x1530  hidserv - ok
20:04:39.0563 0x1530  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:04:39.0566 0x1530  HidUsb - ok
20:04:39.0598 0x1530  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:04:39.0604 0x1530  hkmsvc - ok
20:04:39.0647 0x1530  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:04:39.0666 0x1530  HpCISSs - ok
20:04:39.0738 0x1530  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:04:39.0760 0x1530  HTTP - ok
20:04:39.0789 0x1530  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:04:39.0834 0x1530  i2omp - ok
20:04:39.0895 0x1530  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:04:39.0899 0x1530  i8042prt - ok
20:04:39.0983 0x1530  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:04:40.0053 0x1530  iaStorV - ok
20:04:40.0245 0x1530  [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:04:40.0495 0x1530  idsvc - ok
20:04:40.0844 0x1530  [ 63C56DAC467EF814B60FF2AA2286C917, C3CF0FEE8FF3C7300D3561217717F53ECD22DEE55D9C904C8E990BE5F9A3D99F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
20:04:40.0969 0x1530  igfx - ok
20:04:41.0012 0x1530  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:04:41.0138 0x1530  iirsp - ok
20:04:41.0304 0x1530  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:04:41.0453 0x1530  IKEEXT - ok
20:04:41.0883 0x1530  [ F8F53C5449F15B23D4C61D51D2701DA8, BDAE41E3A5798FA11E979DAE84EB5F21D9C271196A757429ED1DACD732822CF9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:04:41.0987 0x1530  IntcAzAudAddService - ok
20:04:42.0047 0x1530  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
20:04:42.0050 0x1530  intelide - ok
20:04:42.0114 0x1530  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:04:42.0129 0x1530  intelppm - ok
20:04:42.0188 0x1530  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:04:42.0213 0x1530  IPBusEnum - ok
20:04:42.0247 0x1530  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:04:42.0250 0x1530  IpFilterDriver - ok
20:04:42.0271 0x1530  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:04:42.0288 0x1530  iphlpsvc - ok
20:04:42.0305 0x1530  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:04:42.0309 0x1530  IPMIDRV - ok
20:04:42.0329 0x1530  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:04:42.0334 0x1530  IPNAT - ok
20:04:42.0350 0x1530  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:04:42.0353 0x1530  IRENUM - ok
20:04:42.0376 0x1530  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:04:42.0379 0x1530  isapnp - ok
20:04:42.0396 0x1530  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:04:42.0403 0x1530  iScsiPrt - ok
20:04:42.0419 0x1530  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:04:42.0422 0x1530  iteatapi - ok
20:04:42.0477 0x1530  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:04:42.0480 0x1530  iteraid - ok
20:04:42.0495 0x1530  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:04:42.0498 0x1530  kbdclass - ok
20:04:42.0522 0x1530  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:04:42.0524 0x1530  kbdhid - ok
20:04:42.0555 0x1530  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
20:04:42.0578 0x1530  KeyIso - ok
20:04:42.0643 0x1530  [ 5035EDF1F2E72F78BB1EC5BD9B97463F, 8AFAD580A96F002FFB22761B65D4B414917895C45B11B53089BB3E0331995EF7 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:04:42.0701 0x1530  KSecDD - ok
20:04:42.0832 0x1530  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:04:42.0903 0x1530  KtmRm - ok
20:04:42.0938 0x1530  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:04:42.0962 0x1530  LanmanServer - ok
20:04:43.0016 0x1530  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:04:43.0046 0x1530  LanmanWorkstation - ok
20:04:43.0074 0x1530  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:04:43.0077 0x1530  lltdio - ok
20:04:43.0147 0x1530  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:04:43.0232 0x1530  lltdsvc - ok
20:04:43.0253 0x1530  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:04:43.0256 0x1530  lmhosts - ok
20:04:43.0281 0x1530  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:04:43.0285 0x1530  LSI_FC - ok
20:04:43.0299 0x1530  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:04:43.0303 0x1530  LSI_SAS - ok
20:04:43.0317 0x1530  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:04:43.0321 0x1530  LSI_SCSI - ok
20:04:43.0335 0x1530  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:04:43.0339 0x1530  luafv - ok
20:04:43.0385 0x1530  [ FCF1A9F544CD89564CFAC9572AB2DDBB, B5793DF12FE656FF73F3094CEE8986E2E90C64C47EAED9FA190A66E601125B42 ] MbaeSvc         C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
20:04:43.0395 0x1530  MbaeSvc - ok
20:04:43.0451 0x1530  [ C2730E796F3A84DE3D4FCFF899028838, E93163D5657B67019FD798EDC9A0D9CC561AB76CA20C1F15413D466149FC4ABE ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
20:04:43.0477 0x1530  mbamchameleon - ok
20:04:43.0512 0x1530  [ AB73A39A5E45F465B02C11C500BB0278, 6863B27DA7A0808F232B93CB74ACA09751B6F63FD9FB26EB3FA0282636CE9807 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:04:43.0537 0x1530  MBAMProtector - ok
20:04:43.0769 0x1530  [ 86701B8E4C53280AA8642AC85F8500F4, 6839F2B840410857AE7DA215A17922A7499A9B99D96032756525878E98175103 ] MBAMScheduler   C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
20:04:43.0893 0x1530  MBAMScheduler - ok
20:04:44.0015 0x1530  [ E27891A49DF92004041FEC5C3A2D4230, A4679A1F10F84935875E35A83FC7075499B8F4CBB543209A38C0D946347CD264 ] MBAMService     C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
20:04:44.0059 0x1530  MBAMService - ok
20:04:44.0094 0x1530  [ 04B309A1A653177994630C2773E659F1, 1D9F81D2DF513FE177E5308E3DE0CE416109F87FDBD00FE7453FEB6074216C3C ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
20:04:44.0119 0x1530  MBAMSwissArmy - ok
20:04:44.0147 0x1530  [ 17A18AC4B266F74EE6BB163156AA38AC, 22C5EE6107E98332AD8976B4385E7380B03D265A73BA406C5AC31157DDF74607 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
20:04:44.0174 0x1530  MBAMWebAccessControl - ok
20:04:44.0230 0x1530  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:04:44.0235 0x1530  Mcx2Svc - ok
20:04:44.0366 0x1530  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
20:04:44.0387 0x1530  megasas - ok
20:04:44.0468 0x1530  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
20:04:44.0484 0x1530  MegaSR - ok
20:04:44.0521 0x1530  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
20:04:44.0580 0x1530  MMCSS - ok
20:04:44.0620 0x1530  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
20:04:44.0644 0x1530  Modem - ok
20:04:44.0668 0x1530  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:04:44.0671 0x1530  monitor - ok
20:04:44.0695 0x1530  [ E07AFAF733D3004F5DC64AA3A47700B1, FD3126FAA0D74F03E5104485438B07CB321530E8AAC57B99AF7BF39078982FDA ] MOSUMAC         C:\Windows\system32\DRIVERS\MOSUMAC.SYS
20:04:44.0699 0x1530  MOSUMAC - ok
20:04:44.0707 0x1530  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:04:44.0710 0x1530  mouclass - ok
20:04:44.0739 0x1530  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:04:44.0765 0x1530  mouhid - ok
20:04:44.0795 0x1530  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:04:44.0799 0x1530  MountMgr - ok
20:04:44.0897 0x1530  [ 0A68B3E37961CEC327EED518F6D62530, EDEB16545ECDDEA2ADFF73E4DF3E9FD87E4B7126C8CFB037ABAF883D157103DE ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:04:44.0904 0x1530  MozillaMaintenance - ok
20:04:44.0945 0x1530  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:04:44.0950 0x1530  mpio - ok
20:04:44.0959 0x1530  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:04:44.0962 0x1530  mpsdrv - ok
20:04:45.0002 0x1530  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:04:45.0018 0x1530  MpsSvc - ok
20:04:45.0052 0x1530  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:04:45.0073 0x1530  Mraid35x - ok
20:04:45.0122 0x1530  [ B0584CA7DEF55929FDB5169BD28B2484, AF6A7E404FEB29F7F3428D0AF6682195E5E8ED106996A04E6947DBD575696546 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:04:45.0130 0x1530  MRxDAV - ok
20:04:45.0166 0x1530  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:04:45.0170 0x1530  mrxsmb - ok
20:04:45.0209 0x1530  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:04:45.0220 0x1530  mrxsmb10 - ok
20:04:45.0247 0x1530  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:04:45.0251 0x1530  mrxsmb20 - ok
20:04:45.0258 0x1530  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:04:45.0260 0x1530  msahci - ok
20:04:45.0289 0x1530  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:04:45.0295 0x1530  msdsm - ok
20:04:45.0333 0x1530  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
20:04:45.0341 0x1530  MSDTC - ok
20:04:45.0410 0x1530  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:04:45.0415 0x1530  Msfs - ok
20:04:45.0618 0x1530  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:04:45.0661 0x1530  msisadrv - ok
20:04:45.0711 0x1530  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:04:45.0736 0x1530  MSiSCSI - ok
20:04:45.0772 0x1530  msiserver - ok
20:04:45.0905 0x1530  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:04:45.0909 0x1530  MSKSSRV - ok
20:04:45.0969 0x1530  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:04:45.0971 0x1530  MSPCLOCK - ok
20:04:45.0993 0x1530  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:04:46.0002 0x1530  MSPQM - ok
20:04:46.0014 0x1530  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:04:46.0022 0x1530  MsRPC - ok
20:04:46.0057 0x1530  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:04:46.0071 0x1530  mssmbios - ok
20:04:46.0144 0x1530  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:04:46.0149 0x1530  MSTEE - ok
20:04:46.0223 0x1530  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:04:46.0231 0x1530  Mup - ok
20:04:46.0284 0x1530  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
20:04:46.0295 0x1530  napagent - ok
20:04:46.0350 0x1530  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:04:46.0408 0x1530  NativeWifiP - ok
20:04:46.0525 0x1530  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:04:46.0573 0x1530  NDIS - ok
20:04:46.0599 0x1530  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:04:46.0603 0x1530  NdisTapi - ok
20:04:46.0631 0x1530  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:04:46.0634 0x1530  Ndisuio - ok
20:04:46.0679 0x1530  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:04:46.0684 0x1530  NdisWan - ok
20:04:46.0698 0x1530  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:04:46.0701 0x1530  NDProxy - ok
20:04:46.0709 0x1530  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:04:46.0712 0x1530  NetBIOS - ok
20:04:46.0724 0x1530  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:04:46.0731 0x1530  netbt - ok
20:04:46.0753 0x1530  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
20:04:46.0757 0x1530  Netlogon - ok
20:04:46.0798 0x1530  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
20:04:46.0861 0x1530  Netman - ok
20:04:47.0378 0x1530  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:04:47.0475 0x1530  NetMsmqActivator - ok
20:04:47.0482 0x1530  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:04:47.0487 0x1530  NetPipeActivator - ok
20:04:47.0506 0x1530  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
20:04:47.0522 0x1530  netprofm - ok
20:04:47.0530 0x1530  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:04:47.0534 0x1530  NetTcpActivator - ok
20:04:47.0542 0x1530  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:04:47.0547 0x1530  NetTcpPortSharing - ok
20:04:47.0562 0x1530  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:04:47.0565 0x1530  nfrd960 - ok
20:04:47.0604 0x1530  [ C96411DD46AABC0D6F3CF06D0E0E7E14, 0D36F322AF1B923D96735BFFCAC3FDB0B282E59220BADAB8B49AC178A6765380 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:04:47.0612 0x1530  NlaSvc - ok
20:04:47.0621 0x1530  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:04:47.0624 0x1530  Npfs - ok
20:04:47.0638 0x1530  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
20:04:47.0643 0x1530  nsi - ok
20:04:47.0654 0x1530  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:04:47.0657 0x1530  nsiproxy - ok
20:04:47.0700 0x1530  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:04:47.0768 0x1530  Ntfs - ok
20:04:47.0797 0x1530  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
20:04:47.0800 0x1530  ntrigdigi - ok
20:04:47.0823 0x1530  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
20:04:47.0827 0x1530  Null - ok
20:04:47.0857 0x1530  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:04:47.0861 0x1530  nvraid - ok
20:04:47.0875 0x1530  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:04:47.0878 0x1530  nvstor - ok
20:04:47.0893 0x1530  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:04:47.0938 0x1530  nv_agp - ok
20:04:47.0959 0x1530  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:04:47.0962 0x1530  ohci1394 - ok
20:04:48.0042 0x1530  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:04:48.0049 0x1530  ose - ok
20:04:48.0076 0x1530  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:04:48.0100 0x1530  p2pimsvc - ok
20:04:48.0126 0x1530  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:04:48.0141 0x1530  p2psvc - ok
20:04:48.0179 0x1530  [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:04:48.0274 0x1530  Parport - ok
20:04:48.0282 0x1530  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:04:48.0285 0x1530  partmgr - ok
20:04:48.0328 0x1530  [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
20:04:48.0353 0x1530  Parvdm - ok
20:04:48.0388 0x1530  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:04:48.0413 0x1530  PcaSvc - ok
20:04:48.0441 0x1530  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
20:04:48.0447 0x1530  pci - ok
20:04:48.0475 0x1530  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
20:04:48.0477 0x1530  pciide - ok
20:04:48.0488 0x1530  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:04:48.0493 0x1530  pcmcia - ok
20:04:48.0534 0x1530  [ 5B6C11DE7E839C05248CED8825470FEF, DB57DFD02C18461B1B383DF759730FFEE9C7FA8577E1679FD4740A590303EE79 ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
20:04:48.0538 0x1530  pcouffin - ok
20:04:48.0594 0x1530  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:04:48.0654 0x1530  PEAUTH - ok
20:04:48.0890 0x1530  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
20:04:48.0970 0x1530  pla - ok
20:04:49.0015 0x1530  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:04:49.0064 0x1530  PlugPlay - ok
20:04:49.0221 0x1530  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:04:49.0240 0x1530  PNRPAutoReg - ok
20:04:49.0270 0x1530  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:04:49.0289 0x1530  PNRPsvc - ok
20:04:49.0334 0x1530  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:04:49.0367 0x1530  PolicyAgent - ok
20:04:49.0417 0x1530  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:04:49.0434 0x1530  PptpMiniport - ok
20:04:49.0458 0x1530  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
20:04:49.0462 0x1530  Processor - ok
20:04:49.0500 0x1530  [ 0D5DAD610D7EA1627581ED06FB2BAA9A, 6E27CF3A1624AE10EECB8B5F38E03D76A6AABE4E75DD66DEDD67E0773935A396 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:04:49.0517 0x1530  ProfSvc - ok
20:04:49.0542 0x1530  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
20:04:49.0546 0x1530  ProtectedStorage - ok
20:04:49.0554 0x1530  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:04:49.0558 0x1530  PSched - ok
20:04:49.0592 0x1530  [ 68B57D7C11277EA89F78255480376B4D, 5530B58126BF33E6BCDED99C73C41B90BA148587BDA3866FD4DAD12035B302B5 ] PSI             C:\Windows\system32\DRIVERS\psi_mf_x86.sys
20:04:49.0595 0x1530  PSI - ok
20:04:49.0648 0x1530  [ 05A0C2744CEAC6F1B723EC469B650EF0, D9F2E0E4431217C6A7CDE38D36362CD5A06E93B9F45F92638120EF151089B370 ] PSKMAD          C:\Windows\system32\DRIVERS\PSKMAD.sys
20:04:49.0652 0x1530  PSKMAD - ok
20:04:49.0731 0x1530  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:04:49.0772 0x1530  ql2300 - ok
20:04:49.0785 0x1530  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:04:49.0812 0x1530  ql40xx - ok
20:04:49.0856 0x1530  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
20:04:49.0874 0x1530  QWAVE - ok
20:04:49.0894 0x1530  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:04:49.0898 0x1530  QWAVEdrv - ok
20:04:49.0924 0x1530  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:04:49.0927 0x1530  RasAcd - ok
20:04:49.0949 0x1530  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
20:04:49.0964 0x1530  RasAuto - ok
20:04:49.0975 0x1530  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:04:49.0979 0x1530  Rasl2tp - ok
20:04:50.0043 0x1530  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
20:04:50.0119 0x1530  RasMan - ok
20:04:50.0141 0x1530  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:04:50.0146 0x1530  RasPppoe - ok
20:04:50.0166 0x1530  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:04:50.0170 0x1530  RasSstp - ok
20:04:50.0199 0x1530  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:04:50.0247 0x1530  rdbss - ok
20:04:50.0276 0x1530  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:04:50.0299 0x1530  RDPCDD - ok
20:04:50.0314 0x1530  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:04:50.0323 0x1530  rdpdr - ok
20:04:50.0350 0x1530  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:04:50.0357 0x1530  RDPENCDD - ok
20:04:50.0394 0x1530  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:04:50.0519 0x1530  RDPWD - ok
20:04:50.0660 0x1530  [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
20:04:50.0685 0x1530  RealNetworks Downloader Resolver Service - ok
20:04:50.0915 0x1530  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:04:50.0922 0x1530  RemoteAccess - ok
20:04:50.0952 0x1530  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:04:50.0960 0x1530  RemoteRegistry - ok
20:04:51.0000 0x1530  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
20:04:51.0025 0x1530  RpcLocator - ok
20:04:51.0137 0x1530  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\System32\rpcss.dll
20:04:51.0154 0x1530  RpcSs - ok
20:04:51.0265 0x1530  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:04:51.0410 0x1530  rspndr - ok
20:04:51.0438 0x1530  [ 283392AF1860ECDB5E0F8EBD7F3D72DF, B947025A41D7A16C48330ECE469860023D2109537A3DDC631C8EF9672687FF93 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
20:04:51.0441 0x1530  RTL8169 - ok
20:04:51.0466 0x1530  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
20:04:51.0470 0x1530  SamSs - ok
20:04:51.0496 0x1530  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:04:51.0541 0x1530  sbp2port - ok
20:04:51.0573 0x1530  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:04:51.0582 0x1530  SCardSvr - ok
20:04:51.0616 0x1530  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
20:04:51.0666 0x1530  Schedule - ok
20:04:51.0706 0x1530  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:04:51.0709 0x1530  SCPolicySvc - ok
20:04:51.0767 0x1530  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:04:51.0862 0x1530  SDRSVC - ok
20:04:51.0913 0x1530  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:04:51.0918 0x1530  secdrv - ok
20:04:51.0958 0x1530  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
20:04:51.0965 0x1530  seclogon - ok
20:04:52.0154 0x1530  [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
20:04:52.0184 0x1530  Secunia PSI Agent - ok
20:04:52.0518 0x1530  [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
20:04:52.0532 0x1530  Secunia Update Agent - ok
20:04:52.0582 0x1530  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\system32\sens.dll
20:04:52.0590 0x1530  SENS - ok
20:04:52.0621 0x1530  [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:04:52.0623 0x1530  Serenum - ok
20:04:52.0667 0x1530  [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:04:52.0718 0x1530  Serial - ok
20:04:52.0755 0x1530  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:04:52.0759 0x1530  sermouse - ok
20:04:52.0788 0x1530  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:04:52.0797 0x1530  SessionEnv - ok
20:04:52.0819 0x1530  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:04:52.0822 0x1530  sffdisk - ok
20:04:52.0838 0x1530  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:04:52.0842 0x1530  sffp_mmc - ok
20:04:52.0858 0x1530  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:04:52.0861 0x1530  sffp_sd - ok
20:04:52.0880 0x1530  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:04:52.0884 0x1530  sfloppy - ok
20:04:52.0916 0x1530  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:04:52.0962 0x1530  SharedAccess - ok
20:04:53.0042 0x1530  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:04:53.0117 0x1530  ShellHWDetection - ok
20:04:53.0146 0x1530  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:04:53.0163 0x1530  sisagp - ok
20:04:53.0185 0x1530  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:04:53.0189 0x1530  SiSRaid2 - ok
20:04:53.0207 0x1530  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:04:53.0212 0x1530  SiSRaid4 - ok
20:04:53.0641 0x1530  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
20:04:53.0701 0x1530  slsvc - ok
20:04:53.0756 0x1530  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:04:53.0761 0x1530  SLUINotify - ok
20:04:53.0788 0x1530  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:04:53.0794 0x1530  Smb - ok
20:04:53.0811 0x1530  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:04:53.0815 0x1530  SNMPTRAP - ok
20:04:53.0859 0x1530  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:04:53.0863 0x1530  spldr - ok
20:04:53.0932 0x1530  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
20:04:53.0942 0x1530  Spooler - ok
20:04:53.0983 0x1530  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:04:54.0077 0x1530  srv - ok
20:04:54.0122 0x1530  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:04:54.0158 0x1530  srv2 - ok
20:04:54.0188 0x1530  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:04:54.0194 0x1530  srvnet - ok
20:04:54.0222 0x1530  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:04:54.0241 0x1530  SSDPSRV - ok
20:04:54.0296 0x1530  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:04:54.0333 0x1530  SstpSvc - ok
20:04:54.0401 0x1530  [ D2C02234E3E87EA5FE420F045068099B, A5BFB342FFF50E6EAF5586A72BCBE56E9DA4F7AE612EDE7D20D77DB59472D3FE ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
20:04:54.0459 0x1530  ssudmdm - ok
20:04:54.0572 0x1530  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
20:04:54.0719 0x1530  stisvc - ok
20:04:54.0751 0x1530  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:04:54.0757 0x1530  swenum - ok
20:04:54.0809 0x1530  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
20:04:54.0826 0x1530  swprv - ok
20:04:54.0857 0x1530  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:04:54.0861 0x1530  Symc8xx - ok
20:04:54.0868 0x1530  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:04:54.0872 0x1530  Sym_hi - ok
20:04:54.0879 0x1530  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:04:54.0882 0x1530  Sym_u3 - ok
20:04:54.0988 0x1530  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
20:04:55.0027 0x1530  SysMain - ok
20:04:55.0075 0x1530  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:04:55.0101 0x1530  TabletInputService - ok
20:04:55.0135 0x1530  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:04:55.0187 0x1530  TapiSrv - ok
20:04:55.0239 0x1530  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
20:04:55.0246 0x1530  TBS - ok
20:04:55.0343 0x1530  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:04:55.0381 0x1530  Tcpip - ok
20:04:55.0514 0x1530  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:04:55.0535 0x1530  Tcpip6 - ok
20:04:55.0575 0x1530  [ 95389980F70FC4990A4395A0B8BBE1D6, FB5CBC85733A4EC4FB9F210A5D4E5989F6A3F2995D895F5B41163CDFC04DB82C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:04:55.0596 0x1530  tcpipreg - ok
20:04:55.0631 0x1530  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:04:55.0635 0x1530  TDPIPE - ok
20:04:55.0670 0x1530  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:04:55.0673 0x1530  TDTCP - ok
20:04:55.0708 0x1530  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:04:55.0719 0x1530  tdx - ok
20:04:55.0762 0x1530  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:04:55.0821 0x1530  TermDD - ok
20:04:56.0154 0x1530  [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService     C:\Windows\System32\termsrv.dll
20:04:56.0185 0x1530  TermService - ok
20:04:56.0207 0x1530  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
20:04:56.0217 0x1530  Themes - ok
20:04:56.0280 0x1530  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
20:04:56.0285 0x1530  THREADORDER - ok
20:04:56.0339 0x1530  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
20:04:56.0347 0x1530  TrkWks - ok
20:04:56.0421 0x1530  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:04:56.0425 0x1530  TrustedInstaller - ok
20:04:56.0470 0x1530  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:04:56.0477 0x1530  tssecsrv - ok
20:04:56.0503 0x1530  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
20:04:56.0506 0x1530  tunmp - ok
20:04:56.0533 0x1530  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:04:56.0591 0x1530  tunnel - ok
20:04:56.0628 0x1530  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:04:56.0678 0x1530  uagp35 - ok
20:04:56.0722 0x1530  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:04:56.0734 0x1530  udfs - ok
20:04:56.0769 0x1530  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:04:56.0776 0x1530  UI0Detect - ok
20:04:56.0810 0x1530  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:04:56.0816 0x1530  uliagpkx - ok
20:04:56.0829 0x1530  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:04:56.0839 0x1530  uliahci - ok
20:04:56.0867 0x1530  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:04:56.0871 0x1530  UlSata - ok
20:04:56.0890 0x1530  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:04:56.0940 0x1530  ulsata2 - ok
20:04:56.0948 0x1530  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:04:56.0952 0x1530  umbus - ok
20:04:57.0024 0x1530  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
20:04:57.0037 0x1530  upnphost - ok
20:04:57.0147 0x1530  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:04:57.0155 0x1530  usbccgp - ok
20:04:57.0187 0x1530  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:04:57.0190 0x1530  usbcir - ok
20:04:57.0220 0x1530  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:04:57.0228 0x1530  usbehci - ok
20:04:57.0255 0x1530  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:04:57.0280 0x1530  usbhub - ok
20:04:57.0315 0x1530  [ 7BDB7B0E7D45AC0402D78B90789EF47C, 321C70DFB8F21AFF236C815F2BCC5F778177A83C7238177DA73B82A906CC116E ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:04:57.0374 0x1530  usbohci - ok
20:04:57.0391 0x1530  [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:04:57.0394 0x1530  usbprint - ok
20:04:57.0418 0x1530  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:04:57.0442 0x1530  USBSTOR - ok
20:04:57.0462 0x1530  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:04:57.0465 0x1530  usbuhci - ok
20:04:57.0489 0x1530  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
20:04:57.0548 0x1530  UxSms - ok
20:04:57.0743 0x1530  [ EA9ADB96A31020D4D3E5167FE31427DE, 5635513F58CF89AF87B7A5CE570B348A932C5C74D3FBAF575D708198B174D641 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
20:04:57.0827 0x1530  VBoxAswDrv - ok
20:04:57.0940 0x1530  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
20:04:58.0022 0x1530  vds - ok
20:04:58.0057 0x1530  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:04:58.0059 0x1530  vga - ok
20:04:58.0090 0x1530  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:04:58.0093 0x1530  VgaSave - ok
20:04:58.0124 0x1530  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:04:58.0127 0x1530  viaagp - ok
20:04:58.0172 0x1530  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
20:04:58.0192 0x1530  ViaC7 - ok
20:04:58.0236 0x1530  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
20:04:58.0239 0x1530  viaide - ok
20:04:58.0247 0x1530  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:04:58.0251 0x1530  volmgr - ok
20:04:58.0338 0x1530  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:04:58.0432 0x1530  volmgrx - ok
20:04:58.0517 0x1530  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:04:58.0585 0x1530  volsnap - ok
20:04:58.0603 0x1530  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:04:58.0647 0x1530  vsmraid - ok
20:04:58.0855 0x1530  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
20:04:59.0125 0x1530  VSS - ok
20:04:59.0233 0x1530  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
20:04:59.0386 0x1530  W32Time - ok
20:04:59.0427 0x1530  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:04:59.0450 0x1530  WacomPen - ok
20:04:59.0541 0x1530  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:04:59.0560 0x1530  Wanarp - ok
20:04:59.0587 0x1530  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:04:59.0590 0x1530  Wanarpv6 - ok
20:04:59.0692 0x1530  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:04:59.0757 0x1530  wcncsvc - ok
20:04:59.0799 0x1530  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:04:59.0821 0x1530  WcsPlugInService - ok
20:04:59.0902 0x1530  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
20:04:59.0948 0x1530  Wd - ok
20:05:00.0099 0x1530  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:05:00.0336 0x1530  Wdf01000 - ok
20:05:00.0430 0x1530  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:05:00.0468 0x1530  WdiServiceHost - ok
20:05:00.0484 0x1530  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:05:00.0495 0x1530  WdiSystemHost - ok
20:05:00.0547 0x1530  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
20:05:00.0559 0x1530  WebClient - ok
20:05:00.0598 0x1530  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:05:00.0672 0x1530  Wecsvc - ok
20:05:00.0717 0x1530  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:05:00.0775 0x1530  wercplsupport - ok
20:05:00.0853 0x1530  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:05:00.0902 0x1530  WerSvc - ok
20:05:01.0008 0x1530  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:05:01.0016 0x1530  WinDefend - ok
20:05:01.0025 0x1530  WinHttpAutoProxySvc - ok
20:05:01.0114 0x1530  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:05:01.0230 0x1530  Winmgmt - ok
20:05:01.0297 0x1530  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:05:01.0347 0x1530  WinRM - ok
20:05:01.0384 0x1530  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
20:05:01.0388 0x1530  WinUSB - ok
20:05:01.0425 0x1530  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:05:01.0451 0x1530  Wlansvc - ok
20:05:01.0499 0x1530  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:05:01.0502 0x1530  WmiAcpi - ok
20:05:01.0540 0x1530  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:05:01.0547 0x1530  wmiApSrv - ok
20:05:01.0630 0x1530  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:05:01.0651 0x1530  WMPNetworkSvc - ok
20:05:01.0686 0x1530  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:05:01.0698 0x1530  WPCSvc - ok
20:05:01.0716 0x1530  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:05:01.0725 0x1530  WPDBusEnum - ok
20:05:01.0733 0x1530  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
20:05:01.0736 0x1530  WpdUsb - ok
20:05:01.0947 0x1530  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:05:02.0005 0x1530  WPFFontCache_v0400 - ok
20:05:02.0049 0x1530  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:05:02.0052 0x1530  ws2ifsl - ok
20:05:02.0085 0x1530  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\system32\wscsvc.dll
20:05:02.0094 0x1530  wscsvc - ok
20:05:02.0100 0x1530  WSearch - ok
20:05:02.0188 0x1530  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:05:02.0349 0x1530  wuauserv - ok
20:05:02.0437 0x1530  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:05:02.0506 0x1530  WudfPf - ok
20:05:02.0556 0x1530  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:05:02.0562 0x1530  WUDFRd - ok
20:05:02.0581 0x1530  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:05:02.0623 0x1530  wudfsvc - ok
20:05:02.0636 0x1530  ================ Scan global ===============================
20:05:02.0670 0x1530  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
20:05:02.0716 0x1530  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:05:02.0766 0x1530  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
20:05:02.0819 0x1530  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
20:05:02.0834 0x1530  [ Global ] - ok
20:05:02.0834 0x1530  ================ Scan MBR ==================================
20:05:02.0849 0x1530  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:05:04.0632 0x1530  \Device\Harddisk0\DR0 - ok
20:05:04.0632 0x1530  ================ Scan VBR ==================================
20:05:04.0646 0x1530  [ 3DFD8F055873D9238E5377622DA9FB66 ] \Device\Harddisk0\DR0\Partition1
20:05:04.0675 0x1530  \Device\Harddisk0\DR0\Partition1 - ok
20:05:04.0717 0x1530  [ C16041381DB22404C8FC65DDE425FB44 ] \Device\Harddisk0\DR0\Partition2
20:05:04.0786 0x1530  \Device\Harddisk0\DR0\Partition2 - ok
20:05:04.0787 0x1530  ================ Scan generic autorun ======================
20:05:05.0032 0x1530  [ B503285B5D1CAC5AE445D60C690DCFF9, FE62BEC9A594B1D7BFE597EF1F4713C038E7F4A6231A307D5FF3A70AF8BC01A1 ] C:\Windows\RtHDVCpl.exe
20:05:05.0113 0x1530  RtHDVCpl - ok
20:05:05.0196 0x1530  [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
20:05:05.0199 0x1530  APSDaemon - ok
20:05:05.0296 0x1530  [ 93D4E7E780D6A385FCC226D1596E0ACA, 2F079B84BBF289CF484745544AE084A9BA83FB398259FB3D0042EA7E9A0AABC0 ] C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
20:05:05.0361 0x1530  Malwarebytes Anti-Exploit - ok
20:05:05.0858 0x1530  [ 938FA6F63B210FB8EF5A7B2FC1229431, 545DDA9C32DF14B50688F8192A345FE66D2DB3F8763ECBF85B38AC829E49E1D9 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
20:05:05.0992 0x1530  AvastUI.exe - ok
20:05:06.0678 0x1530  [ 870893F2365CA9D91D2AC7C0BD391868, A34675EF1D3DC12FE49FAEA266E4783ABBF544C7B22B9C6F2B380DBE473089BE ] C:\Program Files\CCleaner\CCleaner.exe
20:05:06.0849 0x1530  CCleaner Monitoring - ok
20:05:06.0894 0x1530  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
20:05:06.0900 0x1530  WMPNSCFG - ok
20:05:06.0901 0x1530  Waiting for KSN requests completion. In queue: 21
20:05:07.0901 0x1530  Waiting for KSN requests completion. In queue: 21
20:05:08.0901 0x1530  Waiting for KSN requests completion. In queue: 21
20:05:09.0966 0x1530  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2214.845 ), 0x41000 ( enabled : updated )
20:05:09.0970 0x1530  FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2214.845 ), 0x41010 ( enabled )
20:05:12.0460 0x1530  ============================================================
20:05:12.0460 0x1530  Scan finished
20:05:12.0460 0x1530  ============================================================
20:05:12.0467 0x1450  Detected object count: 0
20:05:12.0467 0x1450  Actual detected object count: 0
 



#11 Zabak1

Zabak1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 02 April 2015 - 04:08 PM

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-04-02 20:06:51
-----------------------------
20:06:51.027    OS Version: Windows 6.0.6002 Service Pack 2
20:06:51.027    Number of processors: 2 586 0xF0B
20:06:51.031    ComputerName: DELL-530  UserName: Chris
20:07:08.117    Initialize success
20:07:08.157    VM: initialized successfully
20:07:08.159    VM: Intel CPU supported
20:07:31.212    VM: disk I/O atapi.sys
20:07:34.330    AVAST engine defs: 15040202
20:08:27.488    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:08:27.491    Disk 0 Vendor: ST3320613AS DE11 Size: 305245MB BusType: 3
20:08:27.736    Disk 0 MBR read successfully
20:08:27.738    Disk 0 MBR scan
20:08:27.788    Disk 0 Windows VISTA default MBR code
20:08:27.799    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       295243 MB offset 2048
20:08:27.845    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10000 MB offset 604659712
20:08:27.892    Disk 0 scanning sectors +625139712
20:08:28.041    Disk 0 scanning C:\Windows\system32\drivers
20:08:37.804    Service scanning
20:08:58.116    Modules scanning
20:08:58.124    Disk 0 trace - called modules:
20:08:58.156    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
20:08:58.160    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8668aac8]
20:08:58.165    3 CLASSPNP.SYS[8b1a28b3] -> nt!IofCallDriver -> [0x853844c8]
20:08:58.169    5 acpi.sys[8aaa66bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d8eb98]
20:08:58.809    AVAST engine scan C:\Windows
20:09:00.850    AVAST engine scan C:\Windows\system32
20:11:18.286    AVAST engine scan C:\Windows\system32\drivers
20:11:30.614    AVAST engine scan C:\Users\Chris
20:49:27.188    AVAST engine scan C:\ProgramData
21:00:28.577    Disk 0 statistics 3332550/0/0 @ 0.65 MB/s
21:00:28.593    Scan finished successfully
22:07:54.437    Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
22:07:54.453    The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"

 



#12 Zabak1

Zabak1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 02 April 2015 - 04:10 PM

MBR.DAT

Attached Files

  • Attached File  MBR.zip   553bytes   0 downloads


#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:09 PM

Posted 03 April 2015 - 07:28 AM

All clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 Zabak1

Zabak1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 03 April 2015 - 04:47 PM

thank you

did you find anything bad?



#15 Zabak1

Zabak1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 03 April 2015 - 10:47 PM

do i just delete all the things i`ve downloaded?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users