Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sorry if wrong forum-- DMP file from svshost.exe ->c/temp


  • This topic is locked This topic is locked
16 replies to this topic

#1 mastervv

mastervv

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 21 July 2015 - 05:22 AM

this svchost takes up 40%of cpu in my laptop during standby...about 1,5ghz
its located in c temp folder and i have no idea what it is or what to do.
if someone could hep me out please;)?
sorry for bad english
 
i upload logs from my antivirus software(all negative on detection) soon
 

 

EDIT: I found some txt logs in the temp folder, something about a claymore bitcoin bot or something??

 I also scan with 3 anti virus(trend micro, microsoft windows defender, panda) and it detected, ''cleaned'' it but again it start all the time! :(
http://www.filedropper.com/svchost_3

 

 

 

 

13:23:02.0626 0x0618  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:23:05.0838 0x0618  ============================================================
13:23:05.0838 0x0618  Current date / time: 2015/07/21 13:23:05.0838
13:23:05.0838 0x0618  SystemInfo:
13:23:05.0838 0x0618  
13:23:05.0838 0x0618  OS Version: 6.3.9600 ServicePack: 0.0
13:23:05.0838 0x0618  Product type: Workstation
13:23:05.0838 0x0618  ComputerName: COMPUTER
13:23:05.0839 0x0618  UserName: Orochimaru
13:23:05.0839 0x0618  Windows directory: C:\WINDOWS
13:23:05.0839 0x0618  System windows directory: C:\WINDOWS
13:23:05.0839 0x0618  Running under WOW64
13:23:05.0839 0x0618  Processor architecture: Intel x64
13:23:05.0839 0x0618  Number of processors: 8
13:23:05.0839 0x0618  Page size: 0x1000
13:23:05.0839 0x0618  Boot type: Normal boot
13:23:05.0839 0x0618  ============================================================
13:23:06.0036 0x0618  KLMD registered as C:\WINDOWS\system32\drivers\88878265.sys
13:23:06.0384 0x0618  System UUID: {5730D15A-E594-A863-DDF4-084ABAB26D76}
13:23:07.0874 0x0618  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:23:07.0876 0x0618  Drive \Device\Harddisk1\DR1 - Size: 0x37E4896000 ( 223.57 Gb ), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:23:16.0963 0x0618  Drive \Device\Harddisk2\DR3 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:23:16.0967 0x0618  ============================================================
13:23:16.0967 0x0618  \Device\Harddisk0\DR0:
13:23:17.0160 0x0618  MBR partitions:
13:23:17.0160 0x0618  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
13:23:17.0160 0x0618  \Device\Harddisk1\DR1:
13:23:17.0161 0x0618  MBR partitions:
13:23:17.0161 0x0618  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
13:23:17.0161 0x0618  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x1BE74000
13:23:17.0161 0x0618  \Device\Harddisk2\DR3:
13:23:17.0163 0x0618  MBR partitions:
13:23:17.0163 0x0618  \Device\Harddisk2\DR3\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D31C1
13:23:17.0163 0x0618  ============================================================
13:23:17.0165 0x0618  C: <-> \Device\Harddisk1\DR1\Partition2
13:23:17.0232 0x0618  D: <-> \Device\Harddisk0\DR0\Partition1
13:23:17.0285 0x0618  G: <-> \Device\Harddisk2\DR3\Partition1
13:23:17.0285 0x0618  ============================================================
13:23:17.0285 0x0618  Initialize success
13:23:17.0285 0x0618  ============================================================
13:25:17.0798 0x10b4  ============================================================
13:25:17.0798 0x10b4  Scan started
13:25:17.0798 0x10b4  Mode: Manual; SigCheck; TDLFS;
13:25:17.0798 0x10b4  ============================================================
13:25:17.0798 0x10b4  KSN ping started
13:25:20.0332 0x10b4  KSN ping finished: true
13:25:21.0513 0x10b4  ================ Scan system memory ========================
13:25:21.0513 0x10b4  System memory - ok
13:25:21.0515 0x10b4  ================ Scan services =============================
13:25:21.0626 0x10b4  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
13:25:21.0712 0x10b4  1394ohci - ok
13:25:21.0738 0x10b4  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
13:25:21.0770 0x10b4  3ware - ok
13:25:21.0820 0x10b4  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
13:25:21.0898 0x10b4  ACPI - ok
13:25:21.0913 0x10b4  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
13:25:21.0944 0x10b4  acpiex - ok
13:25:21.0954 0x10b4  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
13:25:21.0980 0x10b4  acpipagr - ok
13:25:21.0990 0x10b4  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
13:25:22.0017 0x10b4  AcpiPmi - ok
13:25:22.0026 0x10b4  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
13:25:22.0056 0x10b4  acpitime - ok
13:25:22.0072 0x10b4  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:25:22.0154 0x10b4  AdobeARMservice - ok
13:25:22.0223 0x10b4  [ 011BD8A49AF856E8A8EE32652D1CFC05, 7E45CD5ED185DFCA94069640C19D3079879FD1F3069873D0302ACC372F756F90 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:25:22.0255 0x10b4  AdobeFlashPlayerUpdateSvc - ok
13:25:22.0308 0x10b4  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
13:25:22.0389 0x10b4  ADP80XX - ok
13:25:22.0415 0x10b4  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
13:25:22.0456 0x10b4  AeLookupSvc - ok
13:25:22.0496 0x10b4  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
13:25:22.0553 0x10b4  AFD - ok
13:25:22.0567 0x10b4  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
13:25:22.0587 0x10b4  agp440 - ok
13:25:22.0598 0x10b4  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
13:25:22.0659 0x10b4  ahcache - ok
13:25:22.0667 0x10b4  [ E7A01DA2BB527CD44DD7861E484CDA45, 2F5E5C21A42AA84888707FFDA6FA2C5D3DCB2DBA3F14469063F31E68A6335D60 ] AirplaneModeHid C:\WINDOWS\system32\DRIVERS\AirplaneModeHid.sys
13:25:22.0698 0x10b4  AirplaneModeHid - ok
13:25:22.0711 0x10b4  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
13:25:22.0745 0x10b4  ALG - ok
13:25:22.0759 0x10b4  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
13:25:22.0790 0x10b4  AmdK8 - ok
13:25:22.0806 0x10b4  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
13:25:22.0844 0x10b4  AmdPPM - ok
13:25:22.0862 0x10b4  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
13:25:22.0889 0x10b4  amdsata - ok
13:25:22.0913 0x10b4  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
13:25:22.0955 0x10b4  amdsbs - ok
13:25:22.0965 0x10b4  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
13:25:22.0986 0x10b4  amdxata - ok
13:25:23.0000 0x10b4  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
13:25:23.0059 0x10b4  AppID - ok
13:25:23.0069 0x10b4  [ 34B2E222F82D05398DAE7203B36B6A2B, AC04BC6B5A36A6807FFE302E9ACF073342B4D76B0BB386249251CB3CA1852CE8 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
13:25:23.0096 0x10b4  AppIDSvc - ok
13:25:23.0110 0x10b4  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
13:25:23.0153 0x10b4  Appinfo - ok
13:25:23.0199 0x10b4  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
13:25:23.0276 0x10b4  AppReadiness - ok
13:25:23.0364 0x10b4  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
13:25:23.0497 0x10b4  AppXSvc - ok
13:25:23.0517 0x10b4  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
13:25:23.0550 0x10b4  arcsas - ok
13:25:23.0563 0x10b4  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
13:25:23.0588 0x10b4  atapi - ok
13:25:23.0610 0x10b4  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
13:25:23.0661 0x10b4  AudioEndpointBuilder - ok
13:25:23.0721 0x10b4  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
13:25:23.0809 0x10b4  Audiosrv - ok
13:25:23.0825 0x10b4  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
13:25:23.0864 0x10b4  AxInstSV - ok
13:25:23.0901 0x10b4  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
13:25:23.0971 0x10b4  b06bdrv - ok
13:25:23.0985 0x10b4  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
13:25:24.0011 0x10b4  BasicDisplay - ok
13:25:24.0021 0x10b4  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
13:25:24.0068 0x10b4  BasicRender - ok
13:25:24.0079 0x10b4  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
13:25:24.0094 0x10b4  bcmfn2 - ok
13:25:24.0121 0x10b4  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
13:25:24.0178 0x10b4  BDESVC - ok
13:25:24.0187 0x10b4  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
13:25:24.0212 0x10b4  Beep - ok
13:25:24.0265 0x10b4  [ 7BCB00EA702F78EC74CD9699D85CE80B, 17241ADAA13051B560DB9FA9079CAE6321D5B49788B596C125DC912443B00421 ] BFE             C:\WINDOWS\System32\bfe.dll
13:25:24.0354 0x10b4  BFE - ok
13:25:24.0418 0x10b4  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
13:25:24.0504 0x10b4  BITS - ok
13:25:24.0579 0x10b4  [ FEFF60CA0FBC86A043495FA79581CEA9, E8C4762AB9168C59DE6BABF6CEF5D02918D79F255FA86E7EA4324384C91733D0 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
13:25:24.0666 0x10b4  Bluetooth Device Monitor - ok
13:25:24.0739 0x10b4  [ 075D93A7094E1BCBDE3A2D8EBA803745, 9E141EB26358D5B526D30A224DBF4EBE00EFAA19A78A22881AAF5E51C20DBED6 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
13:25:27.0114 0x10b4  Bluetooth OBEX Service - ok
13:25:27.0131 0x10b4  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
13:25:27.0162 0x10b4  bowser - ok
13:25:27.0186 0x10b4  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
13:25:27.0239 0x10b4  BrokerInfrastructure - ok
13:25:27.0255 0x10b4  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
13:25:27.0286 0x10b4  Browser - ok
13:25:27.0296 0x10b4  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
13:25:27.0325 0x10b4  BthAvrcpTg - ok
13:25:27.0338 0x10b4  [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A9B8BC22FB0D5C7 ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
13:25:27.0392 0x10b4  BthEnum - ok
13:25:27.0405 0x10b4  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
13:25:27.0465 0x10b4  BthHFEnum - ok
13:25:27.0476 0x10b4  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
13:25:27.0503 0x10b4  bthhfhid - ok
13:25:27.0536 0x10b4  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
13:25:27.0623 0x10b4  BthHFSrv - ok
13:25:27.0658 0x10b4  [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum       C:\WINDOWS\System32\drivers\BthLEEnum.sys
13:25:27.0724 0x10b4  BthLEEnum - ok
13:25:27.0736 0x10b4  [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
13:25:27.0765 0x10b4  BTHMODEM - ok
13:25:27.0783 0x10b4  [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan          C:\WINDOWS\System32\drivers\bthpan.sys
13:25:27.0845 0x10b4  BthPan - ok
13:25:27.0946 0x10b4  [ 0CC00ADC1B84C93FB46E1A0974E956E1, 64C759244651B916901F4D0C82C3D6034532A20714A72FD26FC9D050B99E230B ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
13:25:28.0043 0x10b4  BTHPORT - ok
13:25:28.0060 0x10b4  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
13:25:28.0097 0x10b4  bthserv - ok
13:25:28.0113 0x10b4  [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05D01C4D16346968 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
13:25:28.0164 0x10b4  BTHUSB - ok
13:25:28.0180 0x10b4  [ 4E10213D463B3AC9D003980398A16F01, F04CC0693006E5A8336A358F1E31C239EB3CED5D4487CD1F95F75C43A6BAFEC4 ] btmaux          C:\WINDOWS\system32\DRIVERS\btmaux.sys
13:25:28.0202 0x10b4  btmaux - ok
13:25:28.0289 0x10b4  [ FF0F9DC5EE4BB8F5F94654A8E9F7F911, 787E87B358A2AAA69FBB22475BC7EDA30E9B207F1E77F123914266D07D918300 ] btmhsf          C:\WINDOWS\system32\DRIVERS\btmhsf.sys
13:25:28.0395 0x10b4  btmhsf - ok
13:25:28.0411 0x10b4  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
13:25:28.0443 0x10b4  cdfs - ok
13:25:28.0466 0x10b4  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
13:25:28.0500 0x10b4  cdrom - ok
13:25:28.0517 0x10b4  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
13:25:28.0563 0x10b4  CertPropSvc - ok
13:25:28.0576 0x10b4  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
13:25:28.0601 0x10b4  circlass - ok
13:25:28.0629 0x10b4  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
13:25:28.0679 0x10b4  CLFS - ok
13:25:28.0706 0x10b4  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
13:25:28.0729 0x10b4  CmBatt - ok
13:25:28.0763 0x10b4  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
13:25:28.0832 0x10b4  CNG - ok
13:25:28.0848 0x10b4  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
13:25:28.0874 0x10b4  CompositeBus - ok
13:25:28.0881 0x10b4  COMSysApp - ok
13:25:28.0892 0x10b4  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
13:25:28.0924 0x10b4  condrv - ok
13:25:28.0987 0x10b4  [ 7C3EF8B5521499E47D2C5402031831C4, C71DD1BC87DCD34F97D809B66F6081E17D3C135E8E185DE2451484543A08D23A ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
13:25:29.0030 0x10b4  cphs - ok
13:25:29.0042 0x10b4  [ C8BD651E13895B93ED9EC5B4F1DF42BC, D86D6BF0BA3C09B49B3A52C86A7F3B3856A27F79EDD86A8FFA469D9A5F196E8D ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
13:25:29.0109 0x10b4  Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
13:25:31.0839 0x10b4  Detect skipped due to KSN trusted
13:25:31.0840 0x10b4  Creative ALchemy AL6 Licensing Service - ok
13:25:31.0851 0x10b4  [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
13:25:31.0917 0x10b4  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
13:25:34.0495 0x10b4  Detect skipped due to KSN trusted
13:25:34.0495 0x10b4  Creative Audio Engine Licensing Service - ok
13:25:34.0522 0x10b4  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
13:25:34.0570 0x10b4  CryptSvc - ok
13:25:34.0601 0x10b4  [ 9D85CAA293D827271AA49D741BBBC076, E51D6ACB77AE730D12037E79CEC9A9966F503A7E4356D02BC94B6C143E8F10E4 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
13:25:34.0763 0x10b4  CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
13:25:37.0286 0x10b4  Detect skipped due to KSN trusted
13:25:37.0287 0x10b4  CTAudSvcService - ok
13:25:37.0299 0x10b4  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
13:25:37.0326 0x10b4  dam - ok
13:25:37.0386 0x10b4  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
13:25:37.0475 0x10b4  DcomLaunch - ok
13:25:37.0515 0x10b4  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
13:25:37.0591 0x10b4  defragsvc - ok
13:25:37.0626 0x10b4  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
13:25:37.0680 0x10b4  DeviceAssociationService - ok
13:25:37.0696 0x10b4  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
13:25:37.0737 0x10b4  DeviceInstall - ok
13:25:37.0754 0x10b4  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
13:25:37.0788 0x10b4  Dfsc - ok
13:25:37.0815 0x10b4  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
13:25:37.0864 0x10b4  Dhcp - ok
13:25:37.0955 0x10b4  [ 3ECB752A6963B1CBC9AD65ED89C8ACED, 1D47D2EBD2C8D2B9F8D2D12A5FD93E6B10335EB6B23252DDEA6DF2233655FA59 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
13:25:38.0087 0x10b4  DiagTrack - ok
13:25:38.0108 0x10b4  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
13:25:38.0138 0x10b4  disk - ok
13:25:38.0149 0x10b4  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
13:25:38.0175 0x10b4  dmvsc - ok
13:25:38.0198 0x10b4  [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6CA7A14B676FD617 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
13:25:38.0246 0x10b4  Dnscache - ok
13:25:38.0271 0x10b4  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
13:25:38.0316 0x10b4  dot3svc - ok
13:25:38.0334 0x10b4  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
13:25:38.0376 0x10b4  DPS - ok
13:25:38.0387 0x10b4  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
13:25:38.0411 0x10b4  drmkaud - ok
13:25:38.0430 0x10b4  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
13:25:38.0470 0x10b4  DsmSvc - ok
13:25:38.0498 0x10b4  [ 6DC630ED1A5C02258509C7AE1EC82E13, 68224DCFCA9D94DDE70A043A3C9B0936C0DDBD07191FF76895448C1F64E9E001 ] dtscsidrv       C:\WINDOWS\system32\drivers\dtscsidrv.sys
13:25:38.0586 0x10b4  dtscsidrv - ok
13:25:38.0614 0x10b4  [ 33F90B202E9DD9B7D489EB59310FDC34, 6ECF6669433E090E9CF6B1875AF18D2C06F8CDB3901D58BF89C3E2202574ABBD ] dtsoftbus01     C:\WINDOWS\System32\drivers\dtsoftbus01.sys
13:25:38.0686 0x10b4  dtsoftbus01 - ok
13:25:38.0787 0x10b4  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
13:25:38.0968 0x10b4  DXGKrnl - ok
13:25:39.0007 0x10b4  [ FA988D76745C917CDFE20031C06DE860, B01AA3611869854D3BCA8B6CD7A6F48CC3537145DD3EBE50F5BEF72239924BF7 ] e1iexpress      C:\WINDOWS\system32\DRIVERS\e1i63x64.sys
13:25:39.0068 0x10b4  e1iexpress - ok
13:25:39.0084 0x10b4  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
13:25:39.0119 0x10b4  Eaphost - ok
13:25:39.0323 0x10b4  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
13:25:39.0622 0x10b4  ebdrv - ok
13:25:39.0641 0x10b4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
13:25:39.0670 0x10b4  EFS - ok
13:25:39.0688 0x10b4  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
13:25:39.0718 0x10b4  EhStorClass - ok
13:25:39.0736 0x10b4  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
13:25:39.0770 0x10b4  EhStorTcgDrv - ok
13:25:39.0780 0x10b4  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
13:25:39.0805 0x10b4  ErrDev - ok
13:25:39.0853 0x10b4  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
13:25:39.0923 0x10b4  EventSystem - ok
13:25:39.0969 0x10b4  [ BF220856C02DF9AB74786BE92246A0E1, 9F35F4A08967634206B965BF94469380C0ACCF8A6C973E90ED85ECECF284CE34 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:25:40.0089 0x10b4  EvtEng - ok
13:25:40.0110 0x10b4  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
13:25:40.0168 0x10b4  exfat - ok
13:25:40.0191 0x10b4  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
13:25:40.0234 0x10b4  fastfat - ok
13:25:40.0280 0x10b4  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
13:25:40.0368 0x10b4  Fax - ok
13:25:40.0386 0x10b4  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
13:25:40.0413 0x10b4  fdc - ok
13:25:40.0426 0x10b4  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
13:25:40.0462 0x10b4  fdPHost - ok
13:25:40.0472 0x10b4  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
13:25:40.0502 0x10b4  FDResPub - ok
13:25:40.0517 0x10b4  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
13:25:40.0557 0x10b4  fhsvc - ok
13:25:40.0568 0x10b4  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
13:25:40.0597 0x10b4  FileInfo - ok
13:25:40.0607 0x10b4  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
13:25:40.0652 0x10b4  Filetrace - ok
13:25:40.0661 0x10b4  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
13:25:40.0688 0x10b4  flpydisk - ok
13:25:40.0717 0x10b4  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
13:25:40.0763 0x10b4  FltMgr - ok
13:25:40.0840 0x10b4  [ 6C068E7207F183FF3647E45D2599E80C, D65C9888522CA29596D5C8BEFF42356F0310E812117E72C1D612BA089C0940D9 ] FontCache       C:\WINDOWS\system32\FntCache.dll
13:25:40.0951 0x10b4  FontCache - ok
13:25:40.0964 0x10b4  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:25:40.0990 0x10b4  FontCache3.0.0.0 - ok
13:25:41.0003 0x10b4  [ 03C908FA938DE3D0B157E0BB83CA608B, 233D38834980D6F8646056E2F96F00A477B55AC0CBFBEA3A9F8346938FD37E38 ] FPWinIo         C:\WINDOWS\system32\drivers\FPWinIo.sys
13:25:41.0024 0x10b4  FPWinIo - ok
13:25:41.0036 0x10b4  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
13:25:41.0063 0x10b4  FsDepends - ok
13:25:41.0073 0x10b4  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:25:41.0097 0x10b4  Fs_Rec - ok
13:25:41.0137 0x10b4  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
13:25:41.0214 0x10b4  fvevol - ok
13:25:41.0227 0x10b4  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
13:25:41.0250 0x10b4  FxPPM - ok
13:25:41.0263 0x10b4  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
13:25:41.0290 0x10b4  gagp30kx - ok
13:25:41.0299 0x10b4  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
13:25:41.0322 0x10b4  gencounter - ok
13:25:41.0396 0x10b4  [ EECE18D068A5DCE3D3EC468FC6921672, FD6D70269DFECD9A97BD97C1AFE9BAE28897489B2590F2B4BCF240376E740EBD ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
13:25:41.0611 0x10b4  GfExperienceService - ok
13:25:41.0634 0x10b4  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
13:25:41.0668 0x10b4  GPIOClx0101 - ok
13:25:41.0749 0x10b4  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
13:25:41.0873 0x10b4  gpsvc - ok
13:25:41.0918 0x10b4  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
13:25:41.0979 0x10b4  HdAudAddService - ok
13:25:42.0003 0x10b4  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
13:25:42.0059 0x10b4  HDAudBus - ok
13:25:42.0071 0x10b4  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
13:25:42.0096 0x10b4  HidBatt - ok
13:25:42.0113 0x10b4  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
13:25:42.0166 0x10b4  HidBth - ok
13:25:42.0178 0x10b4  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
13:25:42.0205 0x10b4  hidi2c - ok
13:25:42.0216 0x10b4  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
13:25:42.0247 0x10b4  HidIr - ok
13:25:42.0259 0x10b4  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
13:25:42.0289 0x10b4  hidserv - ok
13:25:42.0301 0x10b4  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
13:25:42.0327 0x10b4  HidUsb - ok
13:25:42.0342 0x10b4  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
13:25:42.0378 0x10b4  hkmsvc - ok
13:25:42.0410 0x10b4  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
13:25:42.0466 0x10b4  HomeGroupListener - ok
13:25:42.0511 0x10b4  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
13:25:42.0572 0x10b4  HomeGroupProvider - ok
13:25:42.0586 0x10b4  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
13:25:42.0615 0x10b4  HpSAMD - ok
13:25:42.0700 0x10b4  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
13:25:42.0819 0x10b4  HTTP - ok
13:25:42.0831 0x10b4  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
13:25:42.0855 0x10b4  hwpolicy - ok
13:25:42.0864 0x10b4  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
13:25:42.0889 0x10b4  hyperkbd - ok
13:25:42.0899 0x10b4  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
13:25:42.0921 0x10b4  HyperVideo - ok
13:25:42.0937 0x10b4  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
13:25:42.0965 0x10b4  i8042prt - ok
13:25:42.0981 0x10b4  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
13:25:43.0001 0x10b4  iaLPSSi_GPIO - ok
13:25:43.0015 0x10b4  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
13:25:43.0039 0x10b4  iaLPSSi_I2C - ok
13:25:43.0084 0x10b4  [ 25555186E4FBDF0E30A5DBFC9B9A73F9, 4A9DAC2B56389C5955C343E202C6E81CD3A608E78A4BB7E6ED560719DF02C955 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
13:25:43.0148 0x10b4  iaStorA - ok
13:25:43.0195 0x10b4  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
13:25:43.0255 0x10b4  iaStorAV - ok
13:25:43.0569 0x10b4  [ 6241810294275CEA59EBA9733080E5EE, F9A1A505B9279CD660CAAF4F8D21BDC34AC75FD86E881632A378B9BF39A3738E ] IAStorDataMgrSvc D:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:25:43.0647 0x10b4  IAStorDataMgrSvc - ok
13:25:43.0684 0x10b4  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
13:25:43.0746 0x10b4  iaStorV - ok
13:25:43.0766 0x10b4  [ C42FA2C2CB77604E94530E0A8560FA99, BA84B88C1D3951E4D10D9A783090B72261FD9825F8003DDD01716D4E0A8EED09 ] iBtSiva         C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
13:25:43.0883 0x10b4  iBtSiva - ok
13:25:43.0903 0x10b4  [ 0316165998C74A0C109D5943F0027925, 91093906A100DD3FDC635AF8274910DB4BCEA10D6A003702786246D208CC4BBB ] ibtusb          C:\WINDOWS\system32\DRIVERS\ibtusb.sys
13:25:43.0930 0x10b4  ibtusb - ok
13:25:43.0942 0x10b4  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:25:44.0006 0x10b4  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
13:25:46.0516 0x10b4  Detect skipped due to KSN trusted
13:25:46.0516 0x10b4  IDriverT - ok
13:25:46.0524 0x10b4  IEEtwCollectorService - ok
13:25:46.0840 0x10b4  [ C5E23116B13704940651AD1694B1A37D, 2FF3E2D16799B0D896E1CE9AB22637FF290CD9D03EBE773EBC2C23281A9C6F8C ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
13:25:47.0370 0x10b4  igfx - ok
13:25:47.0410 0x10b4  [ F5BBF0F3A5F2FE6B292038132D483A25, C4E3BF543E5F83A56FC6BD48A54191592F242EF64DFD7F5277E13BDD66554B4C ] igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
13:25:47.0448 0x10b4  igfxCUIService1.0.0.0 - ok
13:25:47.0515 0x10b4  [ 3DBDBD9581C015F02651D6A89801FAD5, 81B6D302C9CD29AD8319515056CFBCD0BD25619B2B166937ACD5F1416B568837 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
13:25:47.0615 0x10b4  IKEEXT - ok
13:25:47.0632 0x10b4  [ 5950F69F9B345952F3C2275C39EA393B, 382923DE0F5F25285F8C86BA628350DF1CFB6E63FF20736CF9285FB0F36A76DE ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
13:25:47.0690 0x10b4  intaud_WaveExtensible - ok
13:25:47.0911 0x10b4  [ F7B7E77DE7182311189A2DC5AA20C003, F6B94434097BE84C8336387BCB46C47581B8693F6A5A1322A49303798F78A288 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
13:25:48.0192 0x10b4  IntcAzAudAddService - ok
13:25:48.0261 0x10b4  [ 4C17F57E43645E75800E9E84787E34E5, 6A1531D97462BA3B3DBDAD472AF15B717C958AA8C5CE2373DE0B2A41C35BE33E ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
13:25:50.0278 0x10b4  Intel® Capability Licensing Service TCP IP Interface - ok
13:25:50.0295 0x10b4  [ 9417DBC88A3A80F6177BCA204B16A016, A1CAEEDB634C5858D6C448F38BB1464F555D9AC1EC4340DFD0E10E69B4F3CF07 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
13:25:50.0401 0x10b4  Intel® ME Service - ok
13:25:50.0411 0x10b4  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
13:25:50.0433 0x10b4  intelide - ok
13:25:50.0445 0x10b4  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
13:25:50.0471 0x10b4  intelpep - ok
13:25:50.0487 0x10b4  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
13:25:50.0515 0x10b4  intelppm - ok
13:25:50.0528 0x10b4  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:25:50.0561 0x10b4  IpFilterDriver - ok
13:25:50.0614 0x10b4  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
13:25:50.0699 0x10b4  iphlpsvc - ok
13:25:50.0714 0x10b4  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
13:25:50.0771 0x10b4  IPMIDRV - ok
13:25:50.0787 0x10b4  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
13:25:50.0814 0x10b4  IPNAT - ok
13:25:50.0823 0x10b4  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
13:25:50.0852 0x10b4  IRENUM - ok
13:25:50.0863 0x10b4  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
13:25:50.0884 0x10b4  isapnp - ok
13:25:50.0909 0x10b4  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
13:25:50.0960 0x10b4  iScsiPrt - ok
13:25:50.0978 0x10b4  [ 5C9B001D8970C2DA36254A916F3DA8F7, 625AC5C3DFAE52BD34EC3F93742D1D2C229785E4F0F3484CFB7B8728A1C830DF ] iumsvc          C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
13:25:51.0039 0x10b4  iumsvc - ok
13:25:51.0049 0x10b4  [ F1D3A377ED9BA1CA449824C41CAF104C, EA0E90D5D827664CFDB644753C6DC134C3F8F852F24175EC8328A9FA925B25BF ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
13:25:51.0098 0x10b4  iwdbus - ok
13:25:51.0111 0x10b4  [ 0B93A01F786F37A4B1EDE84E639FFF10, 8747109A2FA2B80C8C5F5B6D2372C1B0DA4F4BF9DC1D551195ADF0715C260223 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
13:25:51.0238 0x10b4  jhi_service - ok
13:25:51.0250 0x10b4  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
13:25:51.0272 0x10b4  kbdclass - ok
13:25:51.0283 0x10b4  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
13:25:51.0330 0x10b4  kbdhid - ok
13:25:51.0341 0x10b4  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
13:25:51.0366 0x10b4  kdnic - ok
13:25:51.0377 0x10b4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
13:25:51.0403 0x10b4  KeyIso - ok
13:25:51.0417 0x10b4  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
13:25:51.0446 0x10b4  KSecDD - ok
13:25:51.0464 0x10b4  [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
13:25:51.0502 0x10b4  KSecPkg - ok
13:25:51.0511 0x10b4  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
13:25:51.0537 0x10b4  ksthunk - ok
13:25:51.0565 0x10b4  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
13:25:51.0611 0x10b4  KtmRm - ok
13:25:51.0638 0x10b4  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
13:25:51.0695 0x10b4  LanmanServer - ok
13:25:51.0719 0x10b4  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
13:25:51.0769 0x10b4  LanmanWorkstation - ok
13:25:51.0809 0x10b4  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
13:25:51.0878 0x10b4  lfsvc - ok
13:25:51.0889 0x10b4  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\WINDOWS\system32\drivers\LGBusEnum.sys
13:25:51.0906 0x10b4  LGBusEnum - ok
13:25:51.0916 0x10b4  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\WINDOWS\system32\drivers\LGVirHid.sys
13:25:51.0930 0x10b4  LGVirHid - ok
13:25:51.0942 0x10b4  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
13:25:51.0980 0x10b4  lltdio - ok
13:25:52.0002 0x10b4  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
13:25:52.0051 0x10b4  lltdsvc - ok
13:25:52.0061 0x10b4  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
13:25:52.0096 0x10b4  lmhosts - ok
13:25:52.0126 0x10b4  [ C31139E0907170E2A3FA8D19DCC23D35, C504E93D2018E9E487A428483C646C67B4ECE122560CF0FA49A1626E1509EEAE ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:25:52.0266 0x10b4  LMS - ok
13:25:52.0284 0x10b4  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
13:25:52.0316 0x10b4  LSI_SAS - ok
13:25:52.0330 0x10b4  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
13:25:52.0361 0x10b4  LSI_SAS2 - ok
13:25:52.0373 0x10b4  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
13:25:52.0404 0x10b4  LSI_SAS3 - ok
13:25:52.0415 0x10b4  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
13:25:52.0445 0x10b4  LSI_SSS - ok
13:25:52.0494 0x10b4  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
13:25:52.0572 0x10b4  LSM - ok
13:25:52.0588 0x10b4  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
13:25:52.0620 0x10b4  luafv - ok
13:25:52.0631 0x10b4  [ 8FF2D95CBA49B405C5DE27039FF0BF35, 03BF7FC7F1C2C76EDB583BA342EA1C325DB8058517744EF2A78529D3938F4DC1 ] MBfilt          C:\WINDOWS\system32\drivers\MBfilt64.sys
13:25:52.0647 0x10b4  MBfilt - ok
13:25:52.0662 0x10b4  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
13:25:52.0687 0x10b4  megasas - ok
13:25:52.0726 0x10b4  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
13:25:52.0802 0x10b4  megasr - ok
13:25:52.0818 0x10b4  [ 8751062F2F7EC78DE92D778A08099DDE, F10BE771FF9E02A51CF3A167BB967167DE4F66647D7F1508CB27D8FDD8623700 ] MEIx64          C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys
13:25:52.0875 0x10b4  MEIx64 - ok
13:25:53.0261 0x10b4  [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service D:\Program files(x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:25:53.0324 0x10b4  Microsoft Office Groove Audit Service - ok
13:25:53.0337 0x10b4  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
13:25:53.0374 0x10b4  MMCSS - ok
13:25:53.0385 0x10b4  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
13:25:53.0419 0x10b4  Modem - ok
13:25:53.0431 0x10b4  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
13:25:53.0456 0x10b4  monitor - ok
13:25:53.0468 0x10b4  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
13:25:53.0494 0x10b4  mouclass - ok
13:25:53.0505 0x10b4  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
13:25:53.0528 0x10b4  mouhid - ok
13:25:53.0551 0x10b4  [ D1D82F007A079A4D623DBD1F36EF30A1, 7901F81B62C5A4196D75A10C05386B16831CB290EFB9A1611CECF281068C520F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
13:25:53.0581 0x10b4  mountmgr - ok
13:25:53.0597 0x10b4  [ 22A7042C70F90F8261840740DDBB5176, AD0075C97D2D7C568D5CFB1C3A02DCE3BC01941844A759B29CD4DE4AF2F5FC45 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:25:53.0626 0x10b4  MozillaMaintenance - ok
13:25:53.0639 0x10b4  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
13:25:53.0696 0x10b4  mpsdrv - ok
13:25:53.0754 0x10b4  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
13:25:53.0838 0x10b4  MpsSvc - ok
13:25:53.0856 0x10b4  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
13:25:53.0889 0x10b4  MRxDAV - ok
13:25:53.0919 0x10b4  [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:25:53.0965 0x10b4  mrxsmb - ok
13:25:53.0990 0x10b4  [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
13:25:54.0060 0x10b4  mrxsmb10 - ok
13:25:54.0079 0x10b4  [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
13:25:54.0141 0x10b4  mrxsmb20 - ok
13:25:54.0156 0x10b4  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
13:25:54.0187 0x10b4  MsBridge - ok
13:25:54.0205 0x10b4  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
13:25:54.0241 0x10b4  MSDTC - ok
13:25:54.0259 0x10b4  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
13:25:54.0289 0x10b4  Msfs - ok
13:25:54.0300 0x10b4  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
13:25:54.0326 0x10b4  msgpiowin32 - ok
13:25:54.0334 0x10b4  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
13:25:54.0361 0x10b4  mshidkmdf - ok
13:25:54.0370 0x10b4  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
13:25:54.0396 0x10b4  mshidumdf - ok
13:25:54.0406 0x10b4  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
13:25:54.0431 0x10b4  msisadrv - ok
13:25:54.0448 0x10b4  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
13:25:54.0484 0x10b4  MSiSCSI - ok
13:25:54.0493 0x10b4  msiserver - ok
13:25:54.0501 0x10b4  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:25:54.0528 0x10b4  MSKSSRV - ok
13:25:54.0540 0x10b4  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
13:25:54.0597 0x10b4  MsLldp - ok
13:25:54.0605 0x10b4  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:25:54.0631 0x10b4  MSPCLOCK - ok
13:25:54.0640 0x10b4  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
13:25:54.0668 0x10b4  MSPQM - ok
13:25:54.0697 0x10b4  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
13:25:54.0752 0x10b4  MsRPC - ok
13:25:54.0768 0x10b4  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
13:25:54.0794 0x10b4  mssmbios - ok
13:25:54.0803 0x10b4  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
13:25:54.0829 0x10b4  MSTEE - ok
13:25:54.0840 0x10b4  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
13:25:54.0867 0x10b4  MTConfig - ok
13:25:54.0879 0x10b4  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
13:25:54.0908 0x10b4  Mup - ok
13:25:54.0921 0x10b4  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
13:25:54.0950 0x10b4  mvumis - ok
13:25:54.0972 0x10b4  [ 1EE90E273094252917843D111E898C94, D0D7D155E3CA022BC1F718327165E44F954A40B96259DEE5266C48ADCC8B4556 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:25:55.0073 0x10b4  MyWiFiDHCPDNS - ok
13:25:55.0107 0x10b4  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
13:25:55.0165 0x10b4  napagent - ok
13:25:55.0199 0x10b4  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
13:25:55.0279 0x10b4  NativeWifiP - ok
13:25:55.0298 0x10b4  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
13:25:55.0342 0x10b4  NcaSvc - ok
13:25:55.0358 0x10b4  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
13:25:55.0397 0x10b4  NcbService - ok
13:25:55.0410 0x10b4  [ 9ACED0F5B458C9011F39143326494E93, 9DFFC7EE7DE6FD92545EC6A203213C498A01EEFB0BC55460D339BCE498E56A7F ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
13:25:55.0449 0x10b4  NcdAutoSetup - ok
13:25:55.0516 0x10b4  [ 6D3A2565E01B3E4B0F1BEDB0D4B00B3F, 95F2608E17CA3E25BD7958D1A49F7030EC8088BC1DF12422F1DAC5BA99113E34 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
13:25:55.0635 0x10b4  NDIS - ok
13:25:55.0649 0x10b4  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
13:25:55.0702 0x10b4  NdisCap - ok
13:25:55.0717 0x10b4  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
13:25:55.0779 0x10b4  NdisImPlatform - ok
13:25:55.0789 0x10b4  [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B6024704A5D8C87762E1C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:25:55.0813 0x10b4  NdisTapi - ok
13:25:55.0824 0x10b4  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:25:55.0854 0x10b4  Ndisuio - ok
13:25:55.0863 0x10b4  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
13:25:55.0897 0x10b4  NdisVirtualBus - ok
13:25:55.0918 0x10b4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:25:55.0963 0x10b4  NdisWan - ok
13:25:55.0983 0x10b4  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:25:56.0033 0x10b4  NdisWanLegacy - ok
13:25:56.0045 0x10b4  [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437051BB893B5A386 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
13:25:56.0072 0x10b4  NDProxy - ok
13:25:56.0086 0x10b4  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
13:25:56.0154 0x10b4  Ndu - ok
13:25:56.0165 0x10b4  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
13:25:56.0192 0x10b4  NetBIOS - ok
13:25:56.0215 0x10b4  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
13:25:56.0259 0x10b4  NetBT - ok
13:25:56.0273 0x10b4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
13:25:56.0302 0x10b4  Netlogon - ok
13:25:56.0325 0x10b4  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
13:25:56.0371 0x10b4  Netman - ok
13:25:56.0411 0x10b4  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
13:25:56.0475 0x10b4  netprofm - ok
13:25:56.0509 0x10b4  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:25:56.0541 0x10b4  NetTcpPortSharing - ok
13:25:56.0554 0x10b4  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
13:25:56.0612 0x10b4  netvsc - ok
13:25:56.0827 0x10b4  [ 619EE1E89B759F4C3B3B684D1FF24A6D, 3654F7F3AB3FF55C6EE3F5CC17CDC660B9C2A2EDEC4CA118BC8660D38E14C191 ] NETwNb64        C:\WINDOWS\system32\DRIVERS\NETwbw02.sys
13:25:57.0131 0x10b4  NETwNb64 - ok
13:25:57.0398 0x10b4  [ B636B4A8E59A73033B766EA7FD7C3B81, CAC8614DEE83623DE56C969C668A33366793779084B6A23F59ADC98392115F8C ] NETwNe64        C:\WINDOWS\system32\DRIVERS\NETwew02.sys
13:25:57.0723 0x10b4  NETwNe64 - ok
13:25:57.0764 0x10b4  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
13:25:57.0822 0x10b4  NlaSvc - ok
13:25:57.0834 0x10b4  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
13:25:57.0864 0x10b4  Npfs - ok
13:25:57.0874 0x10b4  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
13:25:57.0898 0x10b4  npsvctrig - ok
13:25:57.0909 0x10b4  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
13:25:57.0940 0x10b4  nsi - ok
13:25:57.0951 0x10b4  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
13:25:58.0000 0x10b4  nsiproxy - ok
13:25:58.0126 0x10b4  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
13:25:58.0322 0x10b4  Ntfs - ok
13:25:58.0336 0x10b4  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
13:25:58.0365 0x10b4  Null - ok
13:25:58.0999 0x10b4  [ 017E0B4AEFCB291E7CF1CD4BF120A7A8, 5C4B8D1AF91DE041F48E06E58ED71EFDD168942259F39012EB1CC957908B554C ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
13:25:59.0824 0x10b4  nvlddmkm - ok
13:25:59.0960 0x10b4  [ 0D8FD1F6DCD537D97D9072D04DFC56A7, DAB608E8AE3000B2B32DD9DCD621E44F9466D8CCAA15AAE31CC53CA747355C95 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
13:26:02.0015 0x10b4  NvNetworkService - ok
13:26:02.0037 0x10b4  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
13:26:02.0070 0x10b4  nvraid - ok
13:26:02.0093 0x10b4  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
13:26:02.0130 0x10b4  nvstor - ok
13:26:02.0138 0x10b4  [ B9B0A76E8AA23E7FF4645D64C0238CE2, F6D0AF1FA63285ADC984991ED989DB4EB0CED34520B3078CDD27F9C8CC02C737 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
13:26:02.0193 0x10b4  NvStreamKms - ok
13:26:02.0518 0x10b4  [ CFCEFB5EAB2B196A0E5E7F3D89FC13DE, FF7B031334A97F67546705B1385B6625D8BBA53E9FBB64E4A4C57DC363CDBDCF ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
13:26:06.0094 0x10b4  NvStreamSvc - ok
13:26:06.0172 0x10b4  [ 5141D408272B3681ED6A0E8CCF771EF9, C55304DC5EE588F747DF3B26ED08DE12106B79C686DCD22030F5523FC3F62727 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
13:26:06.0301 0x10b4  nvsvc - ok
13:26:06.0316 0x10b4  [ 4F00008B513F4019623ED61159363888, A1047FF1FCF3ED405C3426C8959AD10426F30E3F58E95BFD6ADF1DBC947AB379 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
13:26:06.0373 0x10b4  nvvad_WaveExtensible - ok
13:26:06.0389 0x10b4  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
13:26:06.0422 0x10b4  nv_agp - ok
13:26:06.0454 0x10b4  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:26:06.0498 0x10b4  odserv - ok
13:26:06.0513 0x10b4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:26:06.0536 0x10b4  ose - ok
13:26:06.0571 0x10b4  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
13:26:06.0629 0x10b4  p2pimsvc - ok
13:26:06.0661 0x10b4  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
13:26:06.0721 0x10b4  p2psvc - ok
13:26:06.0741 0x10b4  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
13:26:06.0772 0x10b4  Parport - ok
13:26:06.0786 0x10b4  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
13:26:06.0814 0x10b4  partmgr - ok
13:26:06.0850 0x10b4  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
13:26:06.0912 0x10b4  PcaSvc - ok
13:26:06.0942 0x10b4  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
13:26:06.0990 0x10b4  pci - ok
13:26:07.0001 0x10b4  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
13:26:07.0026 0x10b4  pciide - ok
13:26:07.0043 0x10b4  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
13:26:07.0073 0x10b4  pcmcia - ok
13:26:07.0095 0x10b4  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
13:26:07.0120 0x10b4  pcw - ok
13:26:07.0133 0x10b4  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
13:26:07.0162 0x10b4  pdc - ok
13:26:07.0214 0x10b4  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
13:26:07.0303 0x10b4  PEAUTH - ok
13:26:07.0362 0x10b4  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
13:26:07.0398 0x10b4  PerfHost - ok
13:26:07.0514 0x10b4  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
13:26:07.0653 0x10b4  pla - ok
13:26:07.0673 0x10b4  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
13:26:07.0707 0x10b4  PlugPlay - ok
13:26:07.0718 0x10b4  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
13:26:07.0746 0x10b4  PNRPAutoReg - ok
13:26:07.0776 0x10b4  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
13:26:07.0825 0x10b4  PNRPsvc - ok
13:26:07.0857 0x10b4  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
13:26:07.0909 0x10b4  PolicyAgent - ok
13:26:07.0928 0x10b4  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
13:26:07.0962 0x10b4  Power - ok
13:26:07.0971 0x10b4  [ 811F1B2229FB7A81CFBC6BC3EA3DCC1A, A35570AD497859C96875A1A069DE833566B3F806DC56F08649296AF4981F1615 ] PowerBiosServer C:\Program Files (x86)\Hotkey\HotkeyService.exe
13:26:07.0979 0x10b4  PowerBiosServer - detected UnsignedFile.Multi.Generic ( 1 )
13:26:10.0939 0x10b4  PowerBiosServer ( UnsignedFile.Multi.Generic ) - warning
13:26:13.0663 0x10b4  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
13:26:14.0002 0x10b4  PrintNotify - ok
13:26:14.0027 0x10b4  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
13:26:14.0057 0x10b4  Processor - ok
13:26:14.0080 0x10b4  [ C8D39A07CAD9EF1C86BD5D7CAC98DA54, 10146D1E023D9BC5B8CBAADE6A70D87A41BDABAA44D812B609C13563DF25527A ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
13:26:14.0133 0x10b4  ProfSvc - ok
13:26:14.0151 0x10b4  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
13:26:14.0213 0x10b4  Psched - ok
13:26:14.0238 0x10b4  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
13:26:14.0310 0x10b4  QWAVE - ok
13:26:14.0332 0x10b4  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
13:26:14.0414 0x10b4  QWAVEdrv - ok
13:26:14.0430 0x10b4  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:26:14.0456 0x10b4  RasAcd - ok
13:26:14.0471 0x10b4  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
13:26:14.0509 0x10b4  RasAuto - ok
13:26:14.0552 0x10b4  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
13:26:14.0648 0x10b4  RasMan - ok
13:26:14.0663 0x10b4  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:26:14.0707 0x10b4  RasPppoe - ok
13:26:14.0740 0x10b4  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:26:14.0790 0x10b4  rdbss - ok
13:26:14.0807 0x10b4  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
13:26:14.0832 0x10b4  rdpbus - ok
13:26:14.0852 0x10b4  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
13:26:14.0886 0x10b4  RDPDR - ok
13:26:14.0905 0x10b4  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
13:26:14.0930 0x10b4  RdpVideoMiniport - ok
13:26:14.0952 0x10b4  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
13:26:14.0995 0x10b4  rdyboost - ok
13:26:15.0050 0x10b4  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
13:26:15.0161 0x10b4  ReFS - ok
13:26:15.0182 0x10b4  [ 37F021CF7D670D305C1687781173069E, 286D6D04B0A9C4399086BE8DDA5126CDE462EE3B9F5B40A65CD9CD2B7C160886 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:26:15.0291 0x10b4  RegSrvc - ok
13:26:15.0314 0x10b4  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
13:26:15.0374 0x10b4  RemoteAccess - ok
13:26:15.0397 0x10b4  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
13:26:15.0458 0x10b4  RemoteRegistry - ok
13:26:15.0482 0x10b4  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
13:26:15.0563 0x10b4  RFCOMM - ok
13:26:15.0578 0x10b4  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
13:26:15.0622 0x10b4  RpcEptMapper - ok
13:26:15.0631 0x10b4  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
13:26:15.0669 0x10b4  RpcLocator - ok
13:26:15.0723 0x10b4  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
13:26:15.0812 0x10b4  RpcSs - ok
13:26:15.0842 0x10b4  [ A5A0BBC875A1E50E29ED02E21A8FA13E, 92D920A5978313F0B5B9C5227F170FDCAC8D2431CCEB7A217FF6CB3869837D44 ] RSBASTOR        C:\WINDOWS\system32\DRIVERS\RtsBaStor.sys
13:26:15.0883 0x10b4  RSBASTOR - ok
13:26:15.0897 0x10b4  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
13:26:15.0937 0x10b4  rspndr - ok
13:26:15.0999 0x10b4  [ 7CC0D898D00675F14BA0C4BF056C1CF4, E9203DD2A201AEF206C1A4177FD564DDFC8E7468DC268BD99389626A2C6593D3 ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
13:26:16.0072 0x10b4  RTL8168 - ok
13:26:16.0086 0x10b4  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
13:26:16.0113 0x10b4  s3cap - ok
13:26:16.0124 0x10b4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
13:26:16.0153 0x10b4  SamSs - ok
13:26:16.0468 0x10b4  [ 5EFBBFCC6ADAC121C8E2FE76641ED329, 0EAB16C7F54B61620277977F8C332737081A46BC6BBDE50742B6904BDD54F502 ] SANDRA          d:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2\WNt600x64\Sandra.sys
13:26:16.0519 0x10b4  SANDRA - ok
13:26:16.0541 0x10b4  [ 3137CE7CD5266C25E58BA8C8E129EE25, CC515D2936AE6A72ABC4523AD7CAB554273748B128756703E9F612C60E112B64 ] SandraAgentSrv  d:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2\RpcAgentSrv.exe
13:26:16.0630 0x10b4  SandraAgentSrv - detected UnsignedFile.Multi.Generic ( 1 )
13:26:19.0164 0x10b4  Detect skipped due to KSN trusted
13:26:19.0164 0x10b4  SandraAgentSrv - ok
13:26:19.0182 0x10b4  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
13:26:19.0217 0x10b4  sbp2port - ok
13:26:19.0381 0x10b4  [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService  D:\Program Files(x86)\Spybot - Search & Destroy\SDWinSec.exe
13:26:21.0766 0x10b4  SBSDWSCService - ok
13:26:21.0790 0x10b4  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
13:26:21.0841 0x10b4  SCardSvr - ok
13:26:21.0857 0x10b4  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
13:26:21.0896 0x10b4  ScDeviceEnum - ok
13:26:21.0908 0x10b4  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
13:26:21.0960 0x10b4  scfilter - ok
13:26:22.0062 0x10b4  [ A626F5E446860F22835E783142D7AE33, 3A786639E1FABCA512F4F91A10811DD3C4D9C9C9BB893362E4D019219D0BD8E2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
13:26:22.0173 0x10b4  Schedule - ok
13:26:22.0198 0x10b4  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
13:26:22.0235 0x10b4  SCPolicySvc - ok
13:26:22.0263 0x10b4  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
13:26:22.0306 0x10b4  sdbus - ok
13:26:22.0323 0x10b4  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
13:26:22.0354 0x10b4  sdstor - ok
13:26:22.0363 0x10b4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
13:26:22.0391 0x10b4  secdrv - ok
13:26:22.0401 0x10b4  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
13:26:22.0435 0x10b4  seclogon - ok
13:26:22.0448 0x10b4  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
13:26:22.0481 0x10b4  SENS - ok
13:26:22.0506 0x10b4  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
13:26:22.0555 0x10b4  SensrSvc - ok
13:26:22.0569 0x10b4  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
13:26:22.0596 0x10b4  SerCx - ok
13:26:22.0612 0x10b4  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
13:26:22.0642 0x10b4  SerCx2 - ok
13:26:22.0652 0x10b4  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
13:26:22.0676 0x10b4  Serenum - ok
13:26:22.0691 0x10b4  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
13:26:22.0722 0x10b4  Serial - ok
13:26:22.0733 0x10b4  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
13:26:22.0781 0x10b4  sermouse - ok
13:26:22.0822 0x10b4  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
13:26:22.0872 0x10b4  SessionEnv - ok
13:26:22.0883 0x10b4  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
13:26:22.0909 0x10b4  sfloppy - ok
13:26:22.0941 0x10b4  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
13:26:22.0997 0x10b4  SharedAccess - ok
13:26:23.0054 0x10b4  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:26:23.0125 0x10b4  ShellHWDetection - ok
13:26:23.0143 0x10b4  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
13:26:23.0168 0x10b4  SiSRaid2 - ok
13:26:23.0180 0x10b4  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
13:26:23.0210 0x10b4  SiSRaid4 - ok
13:26:23.0298 0x10b4  [ 0B70786BD1062CD4C6B58E412B9C3E55, 60ED027642FFF97BFFA55AE3EFFCCBB6D6AD8196D35E9ED06F9AF431E3C0402A ] SkypeUpdate     D:\Program files(x86)\Updater\Updater.exe
13:26:23.0430 0x10b4  SkypeUpdate - ok
13:26:23.0443 0x10b4  [ 7039ED63F198FD40E8B9E9C5065333F1, C62D318C0ACB74B871985ED095D0D45A63D55CC0DC761D154C2F59CC15DC850F ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
13:26:23.0460 0x10b4  SmbDrvI - ok
13:26:23.0469 0x10b4  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
13:26:23.0492 0x10b4  smphost - ok
13:26:23.0509 0x10b4  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
13:26:23.0532 0x10b4  SNMPTRAP - ok
13:26:23.0546 0x10b4  [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
13:26:23.0645 0x10b4  Sony PC Companion - ok
13:26:23.0689 0x10b4  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
13:26:23.0744 0x10b4  spaceport - ok
13:26:23.0755 0x10b4  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
13:26:23.0782 0x10b4  SpbCx - ok
13:26:23.0837 0x10b4  [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276142BD80F8A32C9 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
13:26:23.0912 0x10b4  Spooler - ok
13:26:24.0259 0x10b4  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
13:26:24.0808 0x10b4  sppsvc - ok
13:26:24.0853 0x10b4  [ 74D30C2EF66C2EB19F17ED5423AA8038, F79AB2B2B60620565FB2169255F95F4B37F6113F0AF776D1BAD02681EBE0DB54 ] sptd            C:\WINDOWS\System32\Drivers\sptd.sys
13:26:27.0509 0x10b4  sptd - ok
13:26:27.0536 0x10b4  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
13:26:27.0584 0x10b4  srv - ok
13:26:27.0632 0x10b4  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
13:26:27.0723 0x10b4  srv2 - ok
13:26:27.0745 0x10b4  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
13:26:27.0808 0x10b4  srvnet - ok
13:26:27.0832 0x10b4  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
13:26:27.0873 0x10b4  SSDPSRV - ok
13:26:27.0891 0x10b4  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
13:26:27.0927 0x10b4  SstpSvc - ok
13:26:27.0980 0x10b4  [ 0A3544D7E9AF7D8C991C904339157EDC, 1E1DE4D808AE1174B0CB37E93EBADFC98FEBCD70D612CFE393DDA513581CD123 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
13:26:28.0040 0x10b4  Steam Client Service - ok
13:26:28.0053 0x10b4  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
13:26:28.0079 0x10b4  stexstor - ok
13:26:28.0127 0x10b4  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
13:26:28.0201 0x10b4  stisvc - ok
13:26:28.0218 0x10b4  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
13:26:28.0247 0x10b4  storahci - ok
13:26:28.0258 0x10b4  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
13:26:28.0283 0x10b4  storflt - ok
13:26:28.0296 0x10b4  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
13:26:28.0317 0x10b4  stornvme - ok
13:26:28.0327 0x10b4  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
13:26:28.0362 0x10b4  StorSvc - ok
13:26:28.0373 0x10b4  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
13:26:28.0397 0x10b4  storvsc - ok
13:26:28.0407 0x10b4  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
13:26:28.0441 0x10b4  svsvc - ok
13:26:28.0446 0x10b4  [ D64AFEEFA5EE732F53BD126D69A78E62, E3C4C475161306DCE37E9AC424E47D56647ACBACA57F4CE3AFE93B15FD3EABD8 ] SvThANSP        C:\Program Files (x86)\Hotkey\SvThANSP.sys
13:26:28.0498 0x10b4  SvThANSP - ok
13:26:28.0508 0x10b4  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
13:26:28.0527 0x10b4  swenum - ok
13:26:28.0575 0x10b4  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
13:26:28.0656 0x10b4  swprv - ok
13:26:28.0697 0x10b4  [ 80ABC6AB833A4A12AE5893B3D4A35152, 4BD67D350CD70396A8CB7E0D18FD6E3C97394BB6181E176E194CEC084217463E ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:26:28.0749 0x10b4  SynTP - ok
13:26:28.0822 0x10b4  [ 3114CB46C2853CA71525428CB0C7CB58, A9CC51506AABBC23BAB2B90E30AB13197A72268A3DE6D2F281C1C367ED7118AE ] SysMain         C:\WINDOWS\system32\sysmain.dll
13:26:28.0932 0x10b4  SysMain - ok
13:26:28.0958 0x10b4  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
13:26:29.0010 0x10b4  SystemEventsBroker - ok
13:26:29.0027 0x10b4  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
13:26:29.0076 0x10b4  TabletInputService - ok
13:26:29.0102 0x10b4  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
13:26:29.0150 0x10b4  TapiSrv - ok
13:26:29.0299 0x10b4  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
13:26:29.0516 0x10b4  Tcpip - ok
13:26:29.0662 0x10b4  [ 468273F7089A3A33D149955F0F203FA4, 18FD0B73FBD63550E904EE76D4323EFE163BFF8C3DC6DE67F4BE6003C7DC6879 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:26:29.0892 0x10b4  TCPIP6 - ok
13:26:29.0914 0x10b4  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
13:26:29.0938 0x10b4  tcpipreg - ok
13:26:29.0956 0x10b4  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
13:26:29.0984 0x10b4  tdx - ok
13:26:29.0995 0x10b4  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
13:26:30.0021 0x10b4  terminpt - ok
13:26:30.0090 0x10b4  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
13:26:30.0186 0x10b4  TermService - ok
13:26:30.0199 0x10b4  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
13:26:30.0230 0x10b4  Themes - ok
13:26:30.0242 0x10b4  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
13:26:30.0269 0x10b4  THREADORDER - ok
13:26:30.0290 0x10b4  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
13:26:30.0340 0x10b4  TimeBroker - ok
13:26:30.0362 0x10b4  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
13:26:30.0399 0x10b4  TPM - ok
13:26:30.0415 0x10b4  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
13:26:30.0452 0x10b4  TrkWks - ok
13:26:30.0464 0x10b4  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
13:26:30.0503 0x10b4  TrustedInstaller - ok
13:26:30.0518 0x10b4  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
13:26:30.0543 0x10b4  TsUsbFlt - ok
13:26:30.0554 0x10b4  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
13:26:30.0609 0x10b4  TsUsbGD - ok
13:26:30.0624 0x10b4  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
13:26:30.0661 0x10b4  tunnel - ok
13:26:30.0673 0x10b4  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
13:26:30.0693 0x10b4  uagp35 - ok
13:26:30.0707 0x10b4  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
13:26:30.0736 0x10b4  UASPStor - ok
13:26:30.0757 0x10b4  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
13:26:30.0792 0x10b4  UCX01000 - ok
13:26:30.0817 0x10b4  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
13:26:30.0860 0x10b4  udfs - ok
13:26:30.0872 0x10b4  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
13:26:30.0895 0x10b4  UEFI - ok
13:26:30.0913 0x10b4  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
13:26:30.0935 0x10b4  UI0Detect - ok
13:26:30.0946 0x10b4  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
13:26:30.0973 0x10b4  uliagpkx - ok
13:26:30.0986 0x10b4  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
13:26:31.0012 0x10b4  umbus - ok
13:26:31.0021 0x10b4  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
13:26:31.0044 0x10b4  UmPass - ok
13:26:31.0068 0x10b4  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
13:26:31.0122 0x10b4  UmRdpService - ok
13:26:31.0152 0x10b4  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
13:26:31.0204 0x10b4  upnphost - ok
13:26:31.0226 0x10b4  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
13:26:31.0260 0x10b4  usbccgp - ok
13:26:31.0276 0x10b4  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
13:26:31.0334 0x10b4  usbcir - ok
13:26:31.0350 0x10b4  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
13:26:31.0380 0x10b4  usbehci - ok
13:26:31.0421 0x10b4  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
13:26:31.0475 0x10b4  usbhub - ok
13:26:31.0517 0x10b4  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
13:26:31.0581 0x10b4  USBHUB3 - ok
13:26:31.0594 0x10b4  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
13:26:31.0620 0x10b4  usbohci - ok
13:26:31.0630 0x10b4  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
13:26:31.0657 0x10b4  usbprint - ok
13:26:31.0678 0x10b4  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
13:26:31.0709 0x10b4  USBSTOR - ok
13:26:31.0721 0x10b4  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
13:26:31.0745 0x10b4  usbuhci - ok
13:26:31.0771 0x10b4  [ 5C8F604F6DC74177CDD8372D7B1ADFF0, C1DE9A37A7A01CCCBFCE13C1E5B26683F620AB21EDA5A14C82022E2F49C84484 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
13:26:31.0841 0x10b4  usbvideo - ok
13:26:31.0875 0x10b4  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
13:26:31.0930 0x10b4  USBXHCI - ok
13:26:31.0941 0x10b4  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
13:26:31.0970 0x10b4  VaultSvc - ok
13:26:31.0981 0x10b4  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
13:26:32.0008 0x10b4  vdrvroot - ok
13:26:32.0088 0x10b4  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
13:26:32.0196 0x10b4  vds - ok
13:26:32.0217 0x10b4  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
13:26:32.0251 0x10b4  VerifierExt - ok
13:26:32.0301 0x10b4  [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638CB3D51FF5467DC7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
13:26:32.0378 0x10b4  vhdmp - ok
13:26:32.0388 0x10b4  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
13:26:32.0413 0x10b4  viaide - ok
13:26:32.0427 0x10b4  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
13:26:32.0452 0x10b4  vmbus - ok
13:26:32.0462 0x10b4  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
13:26:32.0486 0x10b4  VMBusHID - ok
13:26:32.0517 0x10b4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
13:26:32.0579 0x10b4  vmicguestinterface - ok
13:26:32.0616 0x10b4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
13:26:32.0672 0x10b4  vmicheartbeat - ok
13:26:32.0710 0x10b4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
13:26:32.0769 0x10b4  vmickvpexchange - ok
13:26:32.0806 0x10b4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
13:26:32.0872 0x10b4  vmicrdv - ok
13:26:32.0918 0x10b4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
13:26:32.0976 0x10b4  vmicshutdown - ok
13:26:33.0014 0x10b4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
13:26:33.0073 0x10b4  vmictimesync - ok
13:26:33.0110 0x10b4  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
13:26:33.0164 0x10b4  vmicvss - ok
13:26:33.0181 0x10b4  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
13:26:33.0212 0x10b4  volmgr - ok
13:26:33.0240 0x10b4  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
13:26:33.0291 0x10b4  volmgrx - ok
13:26:33.0324 0x10b4  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
13:26:33.0371 0x10b4  volsnap - ok
13:26:33.0383 0x10b4  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
13:26:33.0407 0x10b4  vpci - ok
13:26:33.0425 0x10b4  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
13:26:33.0460 0x10b4  vsmraid - ok
13:26:33.0543 0x10b4  [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C8AC78B8E3FCE18 ] VSS             C:\WINDOWS\system32\vssvc.exe
13:26:33.0671 0x10b4  VSS - ok
13:26:33.0695 0x10b4  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
13:26:33.0742 0x10b4  VSTXRAID - ok
13:26:33.0754 0x10b4  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
13:26:33.0779 0x10b4  vwifibus - ok
13:26:33.0792 0x10b4  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
13:26:33.0838 0x10b4  vwififlt - ok
13:26:33.0849 0x10b4  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
13:26:33.0896 0x10b4  vwifimp - ok
13:26:33.0929 0x10b4  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
13:26:33.0975 0x10b4  W32Time - ok
13:26:33.0988 0x10b4  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
13:26:34.0012 0x10b4  WacomPen - ok
13:26:34.0102 0x10b4  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
13:26:34.0229 0x10b4  wbengine - ok
13:26:34.0266 0x10b4  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
13:26:34.0321 0x10b4  WbioSrvc - ok
13:26:34.0350 0x10b4  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
13:26:34.0395 0x10b4  Wcmsvc - ok
13:26:34.0430 0x10b4  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
13:26:34.0486 0x10b4  wcncsvc - ok
13:26:34.0498 0x10b4  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
13:26:34.0542 0x10b4  WcsPlugInService - ok
13:26:34.0553 0x10b4  [ 1751F6B031ADAC34724511057D2E455D, BCBC77DE02718868302F7469E8FBB8F2E7E0F8A5D3E46A5B4D48713E829FBAF6 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
13:26:34.0580 0x10b4  WdBoot - ok
13:26:34.0638 0x10b4  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
13:26:34.0712 0x10b4  Wdf01000 - ok
13:26:34.0736 0x10b4  [ D296D0F0DB2CD1504F90405603664493, 9531034AE2E027B5C7366713AA9003085501800B35F971D1CE7FFB8E5DAE3825 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
13:26:34.0774 0x10b4  WdFilter - ok
13:26:34.0788 0x10b4  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
13:26:34.0827 0x10b4  WdiServiceHost - ok
13:26:34.0837 0x10b4  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
13:26:34.0871 0x10b4  WdiSystemHost - ok
13:26:34.0886 0x10b4  [ 9F4DF0043965808973023A9B51A11136, 3A799125CBC5C214D9FBB91C348B39563B1FDB7403B520270752E9A177464723 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
13:26:34.0915 0x10b4  WdNisDrv - ok
13:26:34.0922 0x10b4  WdNisSvc - ok
13:26:34.0944 0x10b4  [ 185E4111627F7AA6799E1366B5E91D65, 7A02C816DFBCCF47EDB49E5E2005A3D0B80719FAC94F9298D2DBAC63950EDA05 ] WebClient       C:\WINDOWS\System32\webclnt.dll
13:26:34.0991 0x10b4  WebClient - ok
13:26:35.0010 0x10b4  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
13:26:35.0054 0x10b4  Wecsvc - ok
13:26:35.0065 0x10b4  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
13:26:35.0091 0x10b4  WEPHOSTSVC - ok
13:26:35.0104 0x10b4  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
13:26:35.0147 0x10b4  wercplsupport - ok
13:26:35.0164 0x10b4  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
13:26:35.0202 0x10b4  WerSvc - ok
13:26:35.0219 0x10b4  [ BAB713B409258DB7B5D9F9693F802B0E, C0D0391EC4FDC07E0A07F4EEB2DC9CC5B2BE5D2E292E7D01929E8D39D6F73EA5 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
13:26:35.0254 0x10b4  WFPLWFS - ok
13:26:35.0267 0x10b4  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
13:26:35.0293 0x10b4  WiaRpc - ok
13:26:35.0302 0x10b4  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
13:26:35.0328 0x10b4  WIMMount - ok
13:26:35.0333 0x10b4  WinDefend - ok
13:26:35.0387 0x10b4  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
13:26:35.0471 0x10b4  WinHttpAutoProxySvc - ok
13:26:35.0496 0x10b4  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
13:26:35.0535 0x10b4  Winmgmt - ok
13:26:35.0679 0x10b4  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
13:26:35.0886 0x10b4  WinRM - ok
13:26:35.0915 0x10b4  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\System32\drivers\WinUsb.sys
13:26:35.0942 0x10b4  WinUsb - ok
13:26:36.0036 0x10b4  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
13:26:36.0172 0x10b4  WlanSvc - ok
13:26:36.0264 0x10b4  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
13:26:36.0406 0x10b4  wlidsvc - ok
13:26:36.0420 0x10b4  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
13:26:36.0442 0x10b4  WmiAcpi - ok
13:26:36.0463 0x10b4  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
13:26:36.0495 0x10b4  wmiApSrv - ok
13:26:36.0501 0x10b4  WMPNetworkSvc - ok
13:26:36.0520 0x10b4  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
13:26:36.0553 0x10b4  Wof - ok
13:26:36.0657 0x10b4  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
13:26:36.0798 0x10b4  workfolderssvc - ok
13:26:36.0813 0x10b4  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
13:26:36.0839 0x10b4  wpcfltr - ok
13:26:36.0849 0x10b4  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
13:26:36.0879 0x10b4  WPCSvc - ok
13:26:36.0892 0x10b4  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
13:26:36.0922 0x10b4  WPDBusEnum - ok
13:26:36.0932 0x10b4  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
13:26:36.0955 0x10b4  WpdUpFltr - ok
13:26:36.0965 0x10b4  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
13:26:36.0991 0x10b4  ws2ifsl - ok
13:26:37.0007 0x10b4  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
13:26:37.0045 0x10b4  wscsvc - ok
13:26:37.0053 0x10b4  WSearch - ok
13:26:37.0271 0x10b4  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
13:26:37.0596 0x10b4  WSService - ok
13:26:37.0822 0x10b4  [ 50CEC061C6D6FD2B9C89BECD08991CCB, 31EB1601426223E712C4E4AA29410EDFC81E020996A402BD3E850A2EAF127286 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
13:26:38.0082 0x10b4  wuauserv - ok
13:26:38.0104 0x10b4  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
13:26:38.0158 0x10b4  WudfPf - ok
13:26:38.0180 0x10b4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
13:26:38.0241 0x10b4  WUDFRd - ok
13:26:38.0255 0x10b4  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
13:26:38.0287 0x10b4  wudfsvc - ok
13:26:38.0309 0x10b4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\System32\drivers\WUDFRd.sys
13:26:38.0342 0x10b4  WUDFWpdFs - ok
13:26:38.0359 0x10b4  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\System32\drivers\WUDFRd.sys
13:26:38.0393 0x10b4  WUDFWpdMtp - ok
13:26:38.0425 0x10b4  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
13:26:38.0485 0x10b4  WwanSvc - ok
13:26:38.0502 0x10b4  [ 377F3E3467A8BFA3CDC921AD6425D513, 699271DA1D63E90FE1F9FE8AF3A8789CA588A0B7A2AFF5899EBA443361E041A5 ] XSplit_Dummy    C:\WINDOWS\system32\drivers\xspltspk.sys
13:26:38.0555 0x10b4  XSplit_Dummy - ok
13:26:38.0770 0x10b4  [ 8D809F4ECFE9E80723C49B427854068A, 4186B6C56BA70106A95D28371360C780F55FECA1A1C61966F091A07A390BA189 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
13:26:39.0093 0x10b4  ZeroConfigService - ok
13:26:39.0119 0x10b4  ================ Scan global ===============================
13:26:39.0130 0x10b4  [ 243F54DBA6EB48A369CA465E263ABA4A, 9D9F9DE783D000F3EA130EB68FD71319F21E4F1CD4232FB8B2F8A9A67E08F5F4 ] C:\WINDOWS\system32\basesrv.dll
13:26:39.0149 0x10b4  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
13:26:39.0171 0x10b4  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
13:26:39.0200 0x10b4  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
13:26:39.0226 0x10b4  [ Global ] - ok
13:26:39.0227 0x10b4  ================ Scan MBR ==================================
13:26:39.0490 0x10b4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:26:39.0560 0x10b4  \Device\Harddisk0\DR0 - ok
13:26:39.0566 0x10b4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
13:26:39.0759 0x10b4  \Device\Harddisk1\DR1 - ok
13:26:39.0766 0x10b4  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR3
13:26:40.0444 0x10b4  \Device\Harddisk2\DR3 - ok
13:26:40.0445 0x10b4  ================ Scan VBR ==================================
13:26:40.0449 0x10b4  [ 2F9373B97E1A37C9DE33C8B02C220ACE ] \Device\Harddisk0\DR0\Partition1
13:26:40.0523 0x10b4  \Device\Harddisk0\DR0\Partition1 - ok
13:26:40.0529 0x10b4  [ EB7B7DE28BB4C782E6460BB2374E85DE ] \Device\Harddisk1\DR1\Partition1
13:26:40.0532 0x10b4  \Device\Harddisk1\DR1\Partition1 - ok
13:26:40.0538 0x10b4  [ D04F1AD2F5E4402425C29BE1F805363C ] \Device\Harddisk1\DR1\Partition2
13:26:40.0542 0x10b4  \Device\Harddisk1\DR1\Partition2 - ok
13:26:40.0629 0x10b4  [ 8E289C8C8D4B644D88BFC40247ED7345 ] \Device\Harddisk2\DR3\Partition1
13:26:40.0682 0x10b4  \Device\Harddisk2\DR3\Partition1 - ok
13:26:40.0683 0x10b4  ================ Scan generic autorun ======================
13:26:40.0688 0x10b4  BTMTrayAgent - ok
13:26:40.0710 0x10b4  [ E6A3062BDB2E18EBDEB69CF7F7A3A070, 48AB0CCA0230DCBB47CCC765659E390A4A42AC7303A27B835B9FBB1168AC7BF1 ] D:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
13:26:40.0718 0x10b4  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
13:26:43.0252 0x10b4  Detect skipped due to KSN trusted
13:26:43.0252 0x10b4  IAStorIcon - ok
13:26:43.0266 0x10b4  [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001FF5A6BCB6650393 ] C:\WINDOWS\system32\RunDLL32.exe
13:26:43.0298 0x10b4  MBCfg64 - ok
13:26:43.0990 0x10b4  [ 812075D5302EDC5B0B7CFA2091A272AF, 13E440C750BF2DD44BBD718066F1232D118CA54EDE789B6168D1B46EFADEBC80 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
13:26:44.0894 0x10b4  RTHDVCPL - ok
13:26:45.0073 0x10b4  [ 0FD818A72C3602A8FCFD5189F1FE094C, D3D74DD361E4728B0EDA3B49F746ED6D1D22BDDDEF4739DFA97AB61ECAA3727A ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
13:26:45.0471 0x10b4  NvBackend - ok
13:26:45.0487 0x10b4  [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001FF5A6BCB6650393 ] C:\WINDOWS\system32\rundll32.exe
13:26:45.0517 0x10b4  ShadowPlay - ok
13:26:46.0216 0x10b4  [ 3F0B5EBDEB180C073E01A4A2DFA28C12, 0ACE6F70260E17284B8307D0DD0ACC9B59B379A99AE43429AB644B421ADAE8A7 ] C:\Program Files\Logitech Gaming Software\LCore.exe
13:26:47.0015 0x10b4  Launch LCore - ok
13:26:47.0140 0x10b4  [ E4F0625A7E2D31DAB6D46397BB7FE8A4, 61315577B30B89142812EE017242FC50C28920CE1BACFE399C095059067A000E ] C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
13:26:47.0663 0x10b4  Sound Blaster X-Fi MB 3 - detected UnsignedFile.Multi.Generic ( 1 )
13:26:50.0256 0x10b4  Detect skipped due to KSN trusted
13:26:50.0256 0x10b4  Sound Blaster X-Fi MB 3 - ok
13:26:50.0267 0x10b4  [ C419DF63E0121D72411285780C2FC6CC, F47F854D327C589D174D3BB5B55D5C05F5ACA73DF52A6BEF47596B9010190291 ] C:\WINDOWS\UpdReg.EXE
13:26:50.0278 0x10b4  UpdReg - detected UnsignedFile.Multi.Generic ( 1 )
13:26:52.0888 0x10b4  Detect skipped due to KSN trusted
13:26:52.0888 0x10b4  UpdReg - ok
13:26:53.0171 0x10b4  [ 38D198A2DD54A67120040566A38103BA, 01604BD91A5B2C0DDC7B52036511F8219952626716E75979D8464F2C56BA0114 ] D:\Program files(x86)\Microsoft Office\Office12\GrooveMonitor.exe
13:26:53.0182 0x10b4  GrooveMonitor - ok
13:26:53.0404 0x10b4  [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] d:\Program Files(x86)\DAEMON Tools Lite\DTLite.exe
13:26:54.0035 0x10b4  DAEMON Tools Lite - ok
13:26:54.0208 0x10b4  [ 8DACA62F3E15E45EBAF7AE51A609CBC1, 5FACF0EA36572E7228EB2808731ED00DD08B481937569E71C3A537D7E65022AD ] C:\Program Files (x86)\Steam\steam.exe
13:26:54.0394 0x10b4  Steam - ok
13:26:54.0562 0x10b4  [ 390679F7A217A5E73D756276C40AE887, 3EDFB645B2F58864E653C66516D6D48C4F9D691CFD51D91D4D88E316EE7B7177 ] d:\Program Files(x86)\Spybot - Search & Destroy\TeaTimer.exe
13:26:54.0711 0x10b4  SpybotSD TeaTimer - detected UnsignedFile.Multi.Generic ( 1 )
13:26:57.0337 0x10b4  Detect skipped due to KSN trusted
13:26:57.0337 0x10b4  SpybotSD TeaTimer - ok
13:26:57.0621 0x10b4  [ F73154E180105822A5F9B755BA933737, 1CD775B6CE3736A70EC5FC7A6B77A2FEDA70D59B49A66046CC20B341005501D9 ] d:\Program Files(x86)\DAEMON Tools Lite\DTLite.exe
13:26:57.0873 0x10b4  DAEMON Tools Lite - ok
13:26:57.0880 0x10b4  Auto - ok
13:26:58.0058 0x10b4  [ 8DACA62F3E15E45EBAF7AE51A609CBC1, 5FACF0EA36572E7228EB2808731ED00DD08B481937569E71C3A537D7E65022AD ] C:\Program Files (x86)\Steam\steam.exe
13:26:58.0282 0x10b4  Steam - ok
13:26:58.0290 0x10b4  Waiting for KSN requests completion. In queue: 5
13:26:59.0291 0x10b4  Waiting for KSN requests completion. In queue: 5
13:27:00.0292 0x10b4  Waiting for KSN requests completion. In queue: 5
13:27:01.0311 0x10b4  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x61100 ( enabled : updated )
13:27:01.0316 0x10b4  Win FW state via NFP2: enabled
13:27:03.0796 0x10b4  ============================================================
13:27:03.0796 0x10b4  Scan finished
13:27:03.0796 0x10b4  ============================================================
13:27:03.0815 0x0848  Detected object count: 1
13:27:03.0815 0x0848  Actual detected object count: 1
13:28:30.0977 0x0848  PowerBiosServer ( UnsignedFile.Multi.Generic ) - skipped by user
13:28:30.0977 0x0848  PowerBiosServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
 

 

 

 

''# AdwCleaner v4.110 - Logfile created 21/07/2015 at 13:23:22
# Updated 05/02/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Orochimaru - COMPUTER
# Running from : D:\Downloads\apps\adwcleaner_4.110.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Folder Found : C:\ProgramData\Trymedia

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vosteran.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WajIntEnhance
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Found : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 en-GB)


-\\ Google Chrome v


-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [16849 bytes] - [25/11/2014 06:18:42]
AdwCleaner[R1].txt - [13043 bytes] - [27/11/2014 07:24:09]
AdwCleaner[R2].txt - [5026 bytes] - [13/02/2015 07:46:26]
AdwCleaner[R3].txt - [1080 bytes] - [13/02/2015 07:50:27]
AdwCleaner[R4].txt - [1440 bytes] - [17/02/2015 17:46:08]
AdwCleaner[R5].txt - [2249 bytes] - [19/07/2015 23:57:12]
AdwCleaner[R6].txt - [2308 bytes] - [20/07/2015 00:00:45]
AdwCleaner[R7].txt - [1541 bytes] - [21/07/2015 13:23:22]
AdwCleaner[S0].txt - [12472 bytes] - [27/11/2014 07:32:54]
AdwCleaner[S1].txt - [4494 bytes] - [13/02/2015 07:48:45]
AdwCleaner[S2].txt - [1147 bytes] - [13/02/2015 07:52:26]
AdwCleaner[S3].txt - [1517 bytes] - [17/02/2015 18:12:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [1837 bytes] ##########

 

Attached Files


Edited by mastervv, 21 July 2015 - 02:26 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 23 July 2015 - 02:34 PM

Greetings mastervv and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. Please do not post your replies in quote boxes. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 mastervv

mastervv
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 25 July 2015 - 07:17 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Orochimaru (administrator) on COMPUTER on 25-07-2015 15:09:45
Running from C:\Users\Vladimir\Desktop
Loaded Profiles: Orochimaru (Available Profiles: Orochimaru & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Malwarebytes Corporation) D:\Program files(x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HotkeyService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer Networking Ltd.) D:\Program files(x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) D:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) D:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(BitTorrent Inc.) C:\Users\Vladimir\AppData\Roaming\uTorrent\uTorrent.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => D:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [MBCfg64] => C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13664984 2014-01-08] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2112000 2013-06-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => D:\Program files(x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKU\S-1-5-21-2782659349-1872183393-1444364079-1002\...\Run: [DAEMON Tools Lite] => d:\Program Files(x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2782659349-1872183393-1444364079-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-2782659349-1872183393-1444364079-1002\...\Run: [SpybotSD TeaTimer] => d:\Program Files(x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2014-11-19]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2782659349-1872183393-1444364079-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> D:\Program files(x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program files(x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
Handler-x32: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program files(x86)\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 217.27.32.196 217.27.50.125
Tcpip\..\Interfaces\{633E45E4-00A9-483E-85F4-1776460FC7FE}: [DhcpNameServer] 217.27.32.196 217.27.50.125

FireFox:
========
FF ProfilePath: C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\9gh5urc7.default
FF NewTab: www.google.com
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "backup.ftp", "118.97.115.130"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "118.97.115.130"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "118.97.115.130"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "202.154.63.42"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "202.154.63.42"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "202.154.63.42"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "202.154.63.42"
FF NetworkProxy: "ssl_port", 3128
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: placesmaintenancebonardonetec8030f7c20a464f9b0e13a3a9e97384 - C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\9gh5urc7.default\Extensions\places-maintenance@bonardo.net{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2014-11-24]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\9gh5urc7.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-11-19]
FF Extension: Alt-O-Magic Identifizer - C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\9gh5urc7.default\Extensions\jid1-OJBHGHRogDgOnQ@jetpack.xpi [2014-12-09]
FF Extension: TrafficLight - C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\9gh5urc7.default\Extensions\trafficlight@bitdefender.com.xpi [2015-02-13]
FF Extension: Google  Image Search - C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\9gh5urc7.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2015-03-10]
FF Extension: Adblock Plus - C:\Users\Vladimir\AppData\Roaming\Mozilla\Firefox\Profiles\9gh5urc7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-19]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR DefaultSearchKeyword: Default -> EC0692E4D6C74B9C294F8109976F10C963753F99CF3C7CEE32C99FD000732F03
CHR DefaultSearchURL: Default -> 9060041679CB6765ABD5B35486BABE260F8E6262A5D04C957EEBA061FFFE7B78
CHR Profile: C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-19]
CHR Extension: (Google Docs) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-19]
CHR Extension: (Google Drive) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-19]
CHR Extension: (Poper Blocker) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2014-11-19]
CHR Extension: (YouTube) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-19]
CHR Extension: (Google Search) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-19]
CHR Extension: (Google Sheets) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-19]
CHR Extension: (AdBlock) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-19]
CHR Extension: (legocaboiicfjgofnmlgnogcngeokmga) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\legocaboiicfjgofnmlgnogcngeokmga [2014-11-23]
CHR Extension: (Alt-O-Magic Identifizer) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhcnifflbjndominljlejmeheiiolfdp [2014-11-19]
CHR Extension: (Simply Block Ads!) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo [2014-11-19]
CHR Extension: (Google Wallet) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-19]
CHR Extension: (Gmail) - C:\Users\Vladimir\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-19]

Opera:
=======
StartMenuInternet: (HKLM) OperaStable - D:\Program Files(x86)\Opera\Launcher.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-12-15] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-12-15] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; D:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-06-06] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [345864 2015-03-19] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMScheduler; d:\Program Files(x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; d:\Program Files(x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 Microsoft Office Groove Audit Service; D:\Program files(x86)\Microsoft Office\Office12\GrooveAuditService.exe [65824 2006-10-27] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-14] (NVIDIA Corporation)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [23552 2014-05-27] (CLEVO CO.) [File not signed]
R2 SBSDWSCService; D:\Program Files(x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 SkypeUpdate; D:\Program files(x86)\Updater\Updater.exe [327296 2015-06-03] (Skype Technologies)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [26888 2013-06-27] (Insyde Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-04-22] (Motorola Solutions, Inc.)
U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-11-25] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-11-20] (Disc Soft Ltd)
R0 FPWinIo; C:\Windows\System32\drivers\FPWinIo.sys [83688 2013-08-08] (Egis Technology Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3446240 2014-06-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-12-20] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-11-25] (Duplex Secure Ltd.)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 SANDRA; \??\d:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2\WNt600x64\Sandra.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-25 15:09 - 2015-07-25 15:10 - 00021649 _____ C:\Users\Vladimir\Desktop\FRST.txt
2015-07-25 15:09 - 2015-07-25 15:09 - 00000000 ____D C:\FRST
2015-07-25 15:09 - 2015-07-21 22:32 - 02135552 _____ (Farbar) C:\Users\Vladimir\Desktop\FRST64.exe
2015-07-21 23:09 - 2015-07-25 15:00 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-21 23:08 - 2015-07-21 23:08 - 00000814 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-21 23:08 - 2015-07-21 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-21 23:08 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-21 23:08 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-21 23:08 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-21 21:56 - 2013-09-28 05:56 - 00285208 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-07-21 21:41 - 2015-07-21 21:41 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-07-21 18:31 - 2015-07-24 18:14 - 00003132 _____ C:\WINDOWS\setupact.log
2015-07-21 18:31 - 2015-07-21 23:33 - 00004922 _____ C:\WINDOWS\PFRO.log
2015-07-21 18:31 - 2015-07-21 18:31 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-21 16:26 - 2015-07-14 17:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-21 16:26 - 2015-07-14 17:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-21 16:26 - 2015-07-14 17:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-21 16:26 - 2015-07-14 17:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-20 00:04 - 2015-07-21 23:29 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-20 00:04 - 2015-07-20 00:04 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-20 00:04 - 2015-07-20 00:04 - 00000000 ____D C:\ProgramData\Mozilla
2015-07-20 00:04 - 2015-07-20 00:04 - 00000000 ____D c:\Program Files (x86)\Mozilla Firefox
2015-07-20 00:01 - 2015-07-03 07:28 - 00065896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-07-20 00:01 - 2015-07-03 07:28 - 00047976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-07-19 23:56 - 2015-07-21 21:40 - 00005844 _____ C:\Users\Vladimir\Desktop\Rkill.txt
2015-07-19 02:02 - 2015-07-25 14:47 - 01367633 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-19 02:02 - 2015-07-19 02:02 - 00000090 _____ C:\WINDOWS\wininit.ini
2015-07-19 01:15 - 2015-07-19 01:15 - 00000000 ____D C:\Users\Vladimir\AppData\Local\Skyrim
2015-07-19 01:07 - 2015-07-19 01:07 - 00001524 _____ C:\Users\Public\Desktop\The Elder Scrolls V Skyrim - Legendary Edition.lnk
2015-07-19 01:07 - 2015-07-19 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2015-07-18 23:25 - 2015-07-18 23:25 - 00000000 ____D c:\Program Files (x86)\Bethesda Softworks
2015-07-18 23:24 - 2015-07-18 23:24 - 00003388 _____ C:\WINDOWS\System32\Tasks\WINshell Event Logging
2015-07-15 17:20 - 2015-07-09 22:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 17:20 - 2015-07-09 21:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 17:20 - 2015-07-09 19:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 17:20 - 2015-07-09 18:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 17:20 - 2015-07-09 18:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 17:20 - 2015-07-09 18:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 17:20 - 2015-07-09 18:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 17:20 - 2015-07-09 18:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 17:20 - 2015-07-09 18:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 17:20 - 2015-07-09 18:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 17:20 - 2015-07-09 18:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 17:20 - 2015-07-09 18:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 17:20 - 2015-07-09 18:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 17:20 - 2015-06-27 06:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-15 17:20 - 2015-06-27 06:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-15 17:20 - 2015-06-27 05:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-15 17:19 - 2015-06-28 08:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-15 17:19 - 2015-06-28 08:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-15 17:19 - 2015-06-28 08:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-15 17:19 - 2015-06-28 08:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-15 17:19 - 2015-06-27 19:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-15 17:19 - 2015-06-27 06:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-15 17:19 - 2015-06-27 06:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-15 17:19 - 2015-06-27 06:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-15 17:19 - 2015-06-27 05:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-15 17:19 - 2015-06-27 05:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-15 17:19 - 2015-06-27 05:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-15 17:19 - 2015-06-27 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-15 17:19 - 2015-06-27 04:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-15 17:19 - 2015-06-25 05:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-15 17:19 - 2015-05-31 00:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 17:19 - 2015-05-30 22:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-15 17:19 - 2015-05-30 22:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-15 17:19 - 2015-04-30 02:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-15 17:18 - 2015-07-03 00:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 17:18 - 2015-07-02 23:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 17:18 - 2015-07-02 23:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 17:18 - 2015-07-02 23:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 17:18 - 2015-07-02 23:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 17:18 - 2015-07-02 22:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 17:18 - 2015-07-02 22:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 17:18 - 2015-07-02 21:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 17:18 - 2015-07-02 01:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 17:18 - 2015-07-02 00:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 17:18 - 2015-06-30 01:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-15 17:18 - 2015-06-29 18:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-15 17:18 - 2015-06-29 18:07 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-15 17:18 - 2015-06-29 18:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-15 17:18 - 2015-06-29 18:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-15 17:18 - 2015-06-29 18:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-15 17:18 - 2015-06-27 02:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-15 17:18 - 2015-06-27 02:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-15 17:18 - 2015-06-16 01:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-15 17:18 - 2015-06-16 01:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-15 17:18 - 2015-06-16 00:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-15 17:18 - 2015-06-16 00:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-15 17:18 - 2015-06-15 23:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-15 17:18 - 2015-06-15 22:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-15 17:18 - 2015-05-11 21:17 - 01201664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-15 17:18 - 2015-05-07 20:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-15 17:18 - 2015-05-07 20:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-15 17:18 - 2015-05-07 19:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-15 17:18 - 2015-05-07 19:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-15 17:18 - 2015-05-07 18:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-15 17:18 - 2015-05-07 18:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-15 17:18 - 2015-05-03 18:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 17:18 - 2015-05-03 17:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-15 17:18 - 2015-05-03 17:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-15 17:18 - 2015-05-03 17:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-15 17:18 - 2015-05-03 03:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-15 17:18 - 2015-04-25 05:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-15 17:18 - 2014-11-04 22:25 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-15 17:18 - 2014-11-04 22:25 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-15 17:18 - 2014-11-04 09:55 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-15 17:18 - 2014-11-04 09:54 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-15 17:18 - 2014-11-04 09:54 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-15 17:18 - 2014-11-04 09:54 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-15 17:16 - 2015-06-16 01:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 17:16 - 2015-06-16 01:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 17:16 - 2015-06-16 01:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 17:16 - 2015-06-16 01:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 17:16 - 2015-06-16 01:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 17:16 - 2015-06-16 00:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 17:16 - 2015-06-16 00:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 17:16 - 2015-06-16 00:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 17:16 - 2015-06-16 00:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 17:16 - 2015-06-16 00:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 17:16 - 2015-06-16 00:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 17:16 - 2015-06-16 00:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 17:16 - 2015-06-16 00:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 17:16 - 2015-06-16 00:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 17:16 - 2015-06-16 00:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 17:16 - 2015-06-16 00:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 17:16 - 2015-06-16 00:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 17:16 - 2015-06-16 00:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 17:16 - 2015-06-16 00:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 17:16 - 2015-06-15 23:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 17:16 - 2015-06-15 23:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 17:16 - 2015-06-15 23:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 17:16 - 2015-06-15 23:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 17:16 - 2015-06-15 23:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 17:16 - 2015-06-15 23:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 17:16 - 2015-06-15 23:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 17:16 - 2015-06-15 23:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 17:16 - 2015-06-15 23:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 17:16 - 2015-06-15 23:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 17:16 - 2015-06-15 23:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 17:16 - 2015-06-15 23:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 17:16 - 2015-06-15 23:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 17:16 - 2015-06-15 23:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 17:15 - 2015-06-16 08:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 17:15 - 2015-06-16 08:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 17:15 - 2015-06-11 06:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 17:15 - 2015-06-10 19:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 17:15 - 2015-05-12 16:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-15 17:15 - 2015-05-11 19:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-15 17:15 - 2015-05-07 19:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-15 17:15 - 2015-05-03 18:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-15 17:15 - 2015-05-03 17:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 17:15 - 2015-05-02 02:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-15 17:15 - 2015-04-28 16:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-15 17:15 - 2015-04-28 16:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-15 17:15 - 2015-04-23 18:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-15 17:15 - 2015-04-23 18:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-25 04:11 - 2015-06-25 04:11 - 00122480 _____ C:\Users\Vladimir\AppData\Local\GDIPFONTCACHEV1.DAT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-25 15:08 - 2014-11-20 15:52 - 00000000 ____D C:\Users\Vladimir\AppData\Roaming\uTorrent
2015-07-25 15:02 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-25 15:00 - 2015-02-27 14:33 - 00000000 ____D C:\Users\Vladimir\AppData\Roaming\vlc
2015-07-25 14:19 - 2014-11-28 14:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-25 14:18 - 2014-12-05 11:55 - 00000000 ____D C:\Users\Vladimir\Documents\Assassin's Creed Unity
2015-07-25 11:42 - 2015-04-09 08:44 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-25 11:38 - 2014-11-20 02:11 - 00016974 _____ C:\WINDOWS\SysWOW64\Gms.log
2015-07-24 23:58 - 2014-11-19 17:24 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2782659349-1872183393-1444364079-1002
2015-07-24 18:19 - 2013-09-12 18:49 - 00877960 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-24 18:13 - 2013-08-22 17:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-24 12:39 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-21 23:29 - 2015-01-24 07:02 - 00000000 ____D C:\Users\Vladimir\Desktop\games (1)
2015-07-21 23:29 - 2014-12-17 16:51 - 00000839 _____ C:\Users\Public\Desktop\Opera.lnk
2015-07-21 23:09 - 2015-03-03 00:32 - 00000000 ____D c:\Program Files (x86)\Steam
2015-07-21 23:01 - 2014-11-19 18:49 - 00000000 ____D C:\Users\Vladimir\AppData\Local\Deployment
2015-07-21 22:47 - 2015-02-11 11:18 - 00000000 ____D C:\Users\Vladimir\Documents\My Games
2015-07-21 22:47 - 2014-11-19 17:26 - 00000000 ___HD c:\Program Files (x86)\InstallShield Installation Information
2015-07-21 22:08 - 2014-11-26 12:35 - 00000000 __SHD C:\Users\Vladimir\AppData\Local\EmieUserList
2015-07-21 22:08 - 2014-11-26 12:35 - 00000000 __SHD C:\Users\Vladimir\AppData\Local\EmieSiteList
2015-07-21 22:08 - 2014-11-26 12:35 - 00000000 __SHD C:\Users\Vladimir\AppData\Local\EmieBrowserModeList
2015-07-21 22:06 - 2014-11-27 04:09 - 00381545 _____ C:\Users\Vladimir\AppData\Local\census.cache
2015-07-21 22:06 - 2014-11-27 04:09 - 00166989 _____ C:\Users\Vladimir\AppData\Local\ars.cache
2015-07-21 22:04 - 2014-11-27 03:30 - 00000010 _____ C:\Users\Vladimir\AppData\Local\sponge.last.runtime.cache
2015-07-21 21:49 - 2014-11-25 06:18 - 00000000 ____D C:\AdwCleaner
2015-07-21 21:20 - 2013-08-22 17:44 - 00482368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-21 21:19 - 2013-08-22 16:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-21 21:09 - 2013-08-22 18:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-21 13:15 - 2015-06-06 03:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-20 01:16 - 2014-12-11 00:11 - 00000000 ____D C:\Users\Vladimir\AppData\Roaming\OBS
2015-07-20 01:13 - 2014-12-11 00:11 - 00000000 ____D c:\Program Files (x86)\OBS
2015-07-20 00:02 - 2015-02-07 17:58 - 00001397 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2015-07-20 00:02 - 2014-11-19 17:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-19 01:22 - 2014-11-20 16:42 - 00000000 ____D C:\Users\Vladimir\AppData\Roaming\DAEMON Tools Lite
2015-07-19 01:16 - 2015-01-18 00:55 - 00000000 ____D c:\Program Files (x86)\R.G. Freedom
2015-07-18 23:27 - 2015-01-28 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2015-07-16 17:51 - 2015-01-19 05:35 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 17:42 - 2015-01-19 16:54 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-16 13:07 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-16 13:00 - 2014-11-20 17:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 17:30 - 2013-08-22 18:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-15 17:30 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-15 17:30 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-07-15 17:29 - 2015-04-15 18:18 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-15 17:29 - 2014-11-25 05:54 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-14 22:06 - 2015-02-07 17:58 - 01423120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-07-14 22:06 - 2015-02-07 17:58 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-07-14 22:05 - 2015-02-07 17:58 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-07-14 22:05 - 2015-02-07 17:58 - 01710056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-07-14 21:20 - 2014-11-28 14:25 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-07-14 20:26 - 2014-12-17 16:51 - 00003828 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1418824291
2015-07-14 20:26 - 2014-12-17 16:51 - 00000839 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-07-14 00:10 - 2013-08-22 18:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-14 00:10 - 2013-08-22 18:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-12 16:34 - 2015-05-09 05:51 - 00000000 ____D c:\Program Files (x86)\SystemRequirementsLab
2015-07-11 16:36 - 2015-04-09 08:44 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-07 07:49 - 2014-11-20 22:41 - 00000000 ____D C:\Users\Vladimir\AppData\Roaming\Skype
2015-07-07 05:18 - 2014-11-20 22:41 - 00000000 ____D C:\ProgramData\Skype
2015-07-05 13:08 - 2014-11-20 17:04 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-04 21:01 - 2015-04-10 16:10 - 00000401 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-07-03 08:43 - 2014-11-20 17:03 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-03 07:28 - 2015-02-07 17:56 - 00069992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2015-06-30 21:44 - 2015-06-06 01:15 - 00000000 ____D C:\Users\Vladimir\AppData\Local\ClassicShell
2015-06-25 11:45 - 2014-11-20 02:35 - 00002042 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-06-25 11:45 - 2014-11-20 02:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

==================== Files in the root of some directories =======

2014-11-27 04:09 - 2015-07-21 22:06 - 0166989 _____ () C:\Users\Vladimir\AppData\Local\ars.cache
2014-11-27 04:09 - 2015-07-21 22:06 - 0381545 _____ () C:\Users\Vladimir\AppData\Local\census.cache
2015-01-13 16:12 - 2015-01-13 16:12 - 0000096 _____ () C:\Users\Vladimir\AppData\Local\fusioncache.dat
2014-11-27 03:23 - 2014-11-27 03:23 - 0000036 _____ () C:\Users\Vladimir\AppData\Local\housecall.guid.cache
2014-11-25 03:06 - 2014-11-25 03:06 - 0002267 _____ () C:\Users\Vladimir\AppData\Local\recently-used.xbel
2014-11-25 06:20 - 2015-06-20 05:51 - 0007593 _____ () C:\Users\Vladimir\AppData\Local\Resmon.ResmonCfg
2014-11-27 03:30 - 2015-07-21 22:04 - 0000010 _____ () C:\Users\Vladimir\AppData\Local\sponge.last.runtime.cache
2015-02-08 23:36 - 2015-02-08 23:36 - 0189465 _____ () C:\ProgramData\1423427681.bdinstall.bin
2015-02-11 11:13 - 2015-02-11 11:13 - 0037740 _____ () C:\ProgramData\1423642391.bdinstall.bin
2015-02-11 11:13 - 2015-02-11 11:16 - 0042399 _____ () C:\ProgramData\1423642392.2424.bin
2015-02-11 11:13 - 2015-02-11 11:13 - 0003588 _____ () C:\ProgramData\1423642392.5724.bin
2015-02-11 11:13 - 2015-02-11 11:13 - 0004261 _____ () C:\ProgramData\1423642392.5916.bin
2015-02-11 11:13 - 2015-02-11 11:13 - 0045076 _____ () C:\ProgramData\1423642392.6336.bin

Some files in TEMP:
====================
C:\Users\Vladimir\AppData\Local\Temp\_is1DDB.exe
C:\Users\Vladimir\AppData\Local\Temp\_is348B.exe
C:\Users\Vladimir\AppData\Local\Temp\_is35F7.exe
C:\Users\Vladimir\AppData\Local\Temp\_is521A.exe
C:\Users\Vladimir\AppData\Local\Temp\_is6B6E.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-18 05:51

==================== End of log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Orochimaru at 2015-07-25 15:10:11
Running from C:\Users\Vladimir\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2782659349-1872183393-1444364079-500 - Administrator - Disabled) => C:\Users\Administrator
ASPNET (S-1-5-21-2782659349-1872183393-1444364079-1005 - Limited - Enabled)
Guest (S-1-5-21-2782659349-1872183393-1444364079-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2782659349-1872183393-1444364079-1004 - Limited - Enabled)
Orochimaru (S-1-5-21-2782659349-1872183393-1444364079-1002 - Administrator - Enabled) => C:\Users\Vladimir

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2782659349-1872183393-1444364079-1002\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Airplane Mode Hid Installer (HKLM-x32\...\InstallShield_{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 2.0.0.6 - )
Airplane Mode Hid Installer (x32 Version: 2.0.0.6 - ) Hidden
Barbarian Invasion (HKLM-x32\...\{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}) (Version: 1.4 - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (x32 Version:  - ) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CPUID HWMonitor 1.27 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
EgisTec Fingerprint Driver (HKLM-x32\...\InstallShield_{74AB6665-AFFE-4419-BC7D-7EB3A68DE5BC}) (Version: 3.2.7.0 - Egis Technology Inc.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
Fingerprint Driver (x32 Version: 3.2.7.0 - Egis Technology Inc.) Hidden
Free Mouse Auto Clicker 3.4.3 (HKLM-x32\...\{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1) (Version:  - Advanced Mouse Auto Clicker ltd.)
GameRanger (HKU\S-1-5-21-2782659349-1872183393-1444364079-1002\...\GameRanger) (Version:  - GameRanger Technologies)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hotkey 2.34.49 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 2.34.49 - )
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.3.0.0 - Insyde Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
IZArc 4.1.9 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.9 - Ivan Zahariev)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Mozilla Firefox 39.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-GB)) (Version: 39.0 - Mozilla)
NeoEE Patch (x32 Version: 2.0.0.2 - NeoEE Devlopment) Hidden
NVIDIA GeForce Experience 2.5.11.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.11.45 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.27047 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.)
Rome - Total War (HKLM-x32\...\{51D386C4-0227-46A9-AC45-61F0A50E7AFF}) (Version: 1.5 - The Creative Assembly)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.11.45 - NVIDIA Corporation) Hidden
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Sony PC Companion 2.10.259 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.259 - Sony)
Sound Blaster X-Fi MB3 (HKLM-x32\...\{3689CE39-3173-4952-B7AF-F1A9D6F9A288}) (Version: 1.00.04 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.0 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\{FEE1F166-EAE4-4C4B-8988-D82521F9F63F}) (Version: 6.1.5.0 - Husdawg, LLC)
The Elder Scrolls V Skyrim - Legendary Edition (HKLM-x32\...\The Elder Scrolls V Skyrim - Legendary Edition_is1) (Version:  - )
Total War: ROME II Emperor Edition (HKLM-x32\...\VG90YWxXYXJST01FSUk=_is1) (Version: 1 - )
Total War: ROME II Emperor Edition (HKLM-x32\...\VG90YWxXYXJST01FSUlFbXBlcm9yRWRpdGlvbg==_is1) (Version: 1 - )
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version:  - The Creative Assembly)
Uplay (HKLM-x32\...\Uplay) (Version: 4.9 - Ubisoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass  (07/01/2013 1.3.0.0) (HKLM\...\E38E8D276444640BFCE21B5A73FD63C479B76259) (Version: 07/01/2013 1.3.0.0 - Insyde)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2782659349-1872183393-1444364079-1002_Classes\CLSID\{77532e38-35d9-4605-b357-476b363e6c27}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2782659349-1872183393-1444364079-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

18-07-2015 23:26:11 Removed League of Legends
21-07-2015 22:34:37 Removed Call of Duty® 4 - Modern Warfare™

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-06-06 20:20 - 2015-06-06 20:27 - 00449892 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02582AA0-5A5B-4C98-83DC-F8AE132CD89D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {10198D2D-CDDB-4234-8065-3CAE9028A499} - System32\Tasks\WINshell Event Notification => C:\Users\Vladimir\AppData\Local\Temp\SBCint2.exe <==== ATTENTION
Task: {10BD32ED-F079-4D79-9A63-2B194F2C6C2B} - System32\Tasks\Opera scheduled Autoupdate 1418824291 => D:\Program Files(x86)\Opera\launcher.exe [2015-07-10] (Opera Software)
Task: {2A6B066B-E332-4ED1-8924-1F6BE3AFD311} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {2C5E809E-698A-4005-A5F5-1F1D66172E77} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {2E6BD1B8-EADE-42D2-96A7-ACF56D68205B} - System32\Tasks\WINshell Event Logging => C:\Users\Vladimir\AppData\Local\Temp\Dscp1.exe <==== ATTENTION
Task: {3A629316-3BD6-4229-B216-8031097A5E2A} - System32\Tasks\{054A9C62-2103-43ED-8AF1-2FF9A9E71CF0} => pcalua.exe -a "D:\Program files(x86)\GOG.com\Empire Earth II\EE2.exe" -d "d:\Program Files(x86)\GOG.com\Empire Earth II\"
Task: {4C86385C-9434-440E-9E5D-A17FE3FA1B10} - System32\Tasks\Origin => C:\Users\Vladimir\AppData\Roaming\Origin\update.vbe <==== ATTENTION
Task: {5428FA73-7AAE-49CB-B6C6-FA8EE96B09C9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-20] (Synaptics Incorporated)
Task: {596572C3-A2C5-4ECA-A3CA-B21C33793FC7} - System32\Tasks\{BCF9C0F4-9A2C-4E9D-B368-016CB66BBC4E} => pcalua.exe -a "D:\Program files(x86)\GOG.com\Empire Earth II\EE2.exe" -d "d:\Program Files(x86)\GOG.com\Empire Earth II\"
Task: {604C7F77-6D63-4142-9A04-F214D3E57075} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {7B397345-B356-43B1-B02A-0E0DF4DE783A} - System32\Tasks\{E3A2A229-4F91-44DF-BDA6-9287C860C9D2} => pcalua.exe -a "D:\Program files(x86)\MagicISO\UNWISE.EXE" -d "D:\Program files(x86)\MagicISO"
Task: {855DBB46-4F3E-44FD-B590-93729A9C34E3} - System32\Tasks\{6733C72B-BF93-4491-B74D-02ACCDA0F0B6} => pcalua.exe -a "C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe" -d "C:\Program Files (x86)\World of Warcraft"
Task: {B017560E-0C56-4425-9E13-C699EC21BE94} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {BAB95F30-EB33-460B-8A8C-1C9163943116} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {C359D733-AE5E-42D2-AFE1-084D6CF75B9A} - System32\Tasks\{2257B529-F7DF-4CD2-8E0A-7A063F92CDD2} => pcalua.exe -a "D:\Downloads\apps\BUG-FIXER v3.36.exe" -d D:\Downloads\apps
Task: {D14BDDCB-0641-4DAA-913B-B87A104C29C0} - System32\Tasks\{27976154-AAFD-4271-85EC-6CEC19B5D422} => Firefox.exe http://ui.skype.com/ui/0/6.22.64.106/en/abandoninstall?source=lightinstaller&amp;page=tsMain
Task: {D1D53881-A716-4B47-8440-1B54FA57CF88} - System32\Tasks\{94FAA77C-C9B7-4033-A9EA-D3C0F6B16C5A} => pcalua.exe -a E:\setup.exe -d E:\
Task: {F34146C7-EA3A-4F63-984E-42CABF436739} - System32\Tasks\{01F0FB6E-8C38-474F-AED5-1F9215BF9406} => pcalua.exe -a "C:\Program Files (x86)\Activision\Rome - Total War\RomeTW.exe" -d "C:\Program Files (x86)\Activision\Rome - Total War"
Task: {F8CCFED9-0765-4523-AEA8-E464C09B9E63} - \SPBIW_UpdateTask_Time_3334343530353739332d4a4a5b415a34782a456c375a No Task File <==== ATTENTION
Task: {FA492435-6456-40B4-BE04-3C99B8B0D278} - \Installer_iwebar No Task File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-02-07 17:57 - 2015-05-28 07:15 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-25 05:41 - 2012-07-20 15:39 - 02469888 _____ () d:\Program Files(x86)\IZArc\IZArcCM64.dll
2014-10-03 18:36 - 2015-03-19 21:02 - 00393480 _____ () C:\WINDOWS\system32\igfxTray.exe
2014-12-15 21:46 - 2013-01-25 12:08 - 00089600 _____ () C:\WINDOWS\SYSTEM32\CmdRtr64.DLL
2014-12-15 21:46 - 2013-01-25 12:06 - 00328704 _____ () C:\WINDOWS\SYSTEM32\APOMgr64.DLL
2014-09-18 10:23 - 2014-09-18 10:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-03-12 21:23 - 2015-03-12 21:23 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 10:23 - 2014-09-18 10:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-03-12 21:23 - 2015-03-12 21:23 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-03-20 12:43 - 2014-03-20 12:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-04-10 16:02 - 2015-07-14 22:06 - 00011920 _____ () c:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Vladimir\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2782659349-1872183393-1444364079-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Vladimir\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 217.27.32.196 - 217.27.50.125
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Hotkey.lnk"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "UpdReg"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-2782659349-1872183393-1444364079-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2782659349-1872183393-1444364079-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2782659349-1872183393-1444364079-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2782659349-1872183393-1444364079-1002\...\StartupApproved\Run: => "SpybotSD TeaTimer"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{70ADE140-C634-4624-9705-6AF461EB4115}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{16A60174-4416-4B99-9C7C-A2C76519CC46}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F01F2ACE-BA25-4C81-AF1F-F68060C2CA35}] => (Allow) C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe
FirewallRules: [{D9026902-5A72-4A60-8DA2-5990AEDEDDD0}] => (Allow) C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe
FirewallRules: [{947BE0B1-ADA0-4789-9D36-7794569E61B2}] => (Allow) C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe
FirewallRules: [{3A8503FB-3055-4CB2-8D15-D32402F27F43}] => (Allow) C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe
FirewallRules: [{127FE02D-0B8B-4214-BFF6-E83847267409}] => (Allow) D:\Program files(x86)\Battlenet\Hearthstone\Hearthstone\Hearthstone.exe
FirewallRules: [{EB0BC901-DC93-4692-94C0-74BA9CAFE7AA}] => (Allow) D:\Program files(x86)\Battlenet\Hearthstone\Hearthstone\Hearthstone.exe
FirewallRules: [{4CD9A3A3-0521-4B5E-ADFA-D579F76B5705}] => (Allow) D:\Program files(x86)\Phone\Skype.exe
FirewallRules: [TCP Query User{8F8AC2E2-4DF4-46B2-9C4F-FD623CF178C2}D:\program files(x86)\total war rome ii\rome2.exe] => (Allow) D:\program files(x86)\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{9EE7121E-A4E4-4395-9075-BF59788F9850}D:\program files(x86)\total war rome ii\rome2.exe] => (Allow) D:\program files(x86)\total war rome ii\rome2.exe
FirewallRules: [TCP Query User{1C699225-5552-4ACD-9AAE-4F86DCF6623F}D:\downloads\apps\utorrent plus v3.4.2 build 33023 stable\utorrent.exe] => (Allow) D:\downloads\apps\utorrent plus v3.4.2 build 33023 stable\utorrent.exe
FirewallRules: [UDP Query User{164A6A83-B5DE-4EB0-A411-29D520D0C869}D:\downloads\apps\utorrent plus v3.4.2 build 33023 stable\utorrent.exe] => (Allow) D:\downloads\apps\utorrent plus v3.4.2 build 33023 stable\utorrent.exe
FirewallRules: [{DB6B472A-BFCF-4F7D-9337-0727BF8CA03E}] => (Allow) D:\Program files(x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed Unity\ACU.exe
FirewallRules: [{2832B2BE-EDE8-4D64-87A6-E6793FD24B28}] => (Allow) D:\Program files(x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed Unity\ACU.exe
FirewallRules: [TCP Query User{7F2A25D2-718C-4DFB-B8D1-FE58C2282958}D:\downloads\apps\utorrent plus v3.4.2 build 33023 stable\utorrent.exe] => (Allow) D:\downloads\apps\utorrent plus v3.4.2 build 33023 stable\utorrent.exe
FirewallRules: [UDP Query User{E1CD2E35-4DCC-451A-B5FA-158009FD5F5C}D:\downloads\apps\utorrent plus v3.4.2 build 33023 stable\utorrent.exe] => (Allow) D:\downloads\apps\utorrent plus v3.4.2 build 33023 stable\utorrent.exe
FirewallRules: [TCP Query User{811531B0-3A12-49DB-A623-E12ADDB7A75B}D:\downloads\apps\utorrent plus v3.4.2 stable build 33080\utorrent.exe] => (Allow) D:\downloads\apps\utorrent plus v3.4.2 stable build 33080\utorrent.exe
FirewallRules: [UDP Query User{994A5A91-4FEF-4924-A32B-E47531B0567D}D:\downloads\apps\utorrent plus v3.4.2 stable build 33080\utorrent.exe] => (Allow) D:\downloads\apps\utorrent plus v3.4.2 stable build 33080\utorrent.exe
FirewallRules: [{37449210-2F33-4895-88B9-49DCCFC19BDA}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth ™ II\game.dat
FirewallRules: [{ECF717DC-0C4A-43BB-ADEE-B27F57442AAC}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth ™ II\game.dat
FirewallRules: [{978BEDF1-D3BA-43C7-9600-B68FE46CC10C}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat
FirewallRules: [{86A94E24-A8EB-42E3-8EF9-9E8624D2D1BB}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat
FirewallRules: [{C9DAC418-74F5-4F76-87D0-46630DB00166}] => (Allow) C:\Users\Vladimir\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8AD3E352-3EC1-45D7-9E8A-1ABB0031492E}] => (Allow) C:\Users\Vladimir\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{01C7DD55-682F-42F0-950C-6B7BD5E00127}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth ™ II\game.dat
FirewallRules: [{3E388E94-9D29-463F-936F-4BC5D4EBABD9}] => (Allow) C:\Program Files (x86)\Electronic Arts\The Battle for Middle-earth ™ II\game.dat
FirewallRules: [{096650C6-BB00-4B43-8169-32F09B50CD8C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D90DCFDD-6EBF-4E12-997C-87FBC03F451E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{24F6355A-BABA-4E4E-8511-0092010C9B21}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D1E5F4CF-B426-4CB0-AC67-FE6F5C04C415}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8E5FA59C-6708-485C-B267-95D3EA97C146}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{62AA0960-8F6E-4431-B4FE-9B89CF5C723E}D:\program files(x86)\mozilla firefox\firefox.exe] => (Allow) D:\program files(x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{AB1BDD17-0A41-4C1D-BCF0-699C1A615811}D:\program files(x86)\mozilla firefox\firefox.exe] => (Allow) D:\program files(x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{7781906A-DA69-4166-AFD6-19CBCF674A54}D:\program files(x86)\total war rome ii\rome2.exe] => (Allow) D:\program files(x86)\total war rome ii\rome2.exe
FirewallRules: [UDP Query User{0FD063E7-6C0D-4D23-8920-C69DAFC477FE}D:\program files(x86)\total war rome ii\rome2.exe] => (Allow) D:\program files(x86)\total war rome ii\rome2.exe
FirewallRules: [{9C4910DB-D368-4344-8FA7-F976A5FFD7F9}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{E4E70073-244B-456E-A29B-FD030FE5CBC5}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{78D4B427-2C5E-499A-BB8A-0D6040AB7481}] => (Allow) D:\Program files(x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{834F6B39-C683-4DF6-B57D-FDC3FF01F4A9}] => (Allow) D:\Program files(x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{05A2356F-C14F-4919-9BD2-79ABA09C9404}] => (Allow) D:\Program files(x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{0B8C7DD2-A680-4761-B202-7E17F022C63E}] => (Allow) D:\Program files(x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{53F06387-6479-4ADA-ACBD-F4071A007833}] => (Allow) D:\Program files(x86)\Microsoft Office\Office12\outlook.exe
FirewallRules: [{6CF433C5-3ACD-4095-820C-7BD5C328355E}] => (Allow) D:\Program files(x86)\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{D464F3D2-7A4F-4865-B590-9415106EADAD}] => (Allow) D:\Program files(x86)\Microsoft Office\Office12\GROOVE.EXE
FirewallRules: [{5E11B437-2A56-4AD2-8FA1-F80D5D7C25F2}] => (Allow) D:\Program files(x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{76782602-5E81-49C7-AD00-2606B71AB430}] => (Allow) D:\Program files(x86)\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [TCP Query User{6C760115-5373-4F4D-98B3-613BF92C6A87}C:\users\vladimir\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\vladimir\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{2B5B5AF3-F987-4E39-987F-204417B29199}C:\users\vladimir\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\vladimir\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [{7C676F2E-6A0D-4EA1-939D-42BA37ECF3C8}] => (Allow) d:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2\WNt600x64\RpcSandraSrv.exe
FirewallRules: [TCP Query User{83BDABFF-350B-4B7A-BCAA-7BF158B1BA01}D:\program files(x86)\battlenet\hots\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) D:\program files(x86)\battlenet\hots\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{944B165E-2522-4D04-8D54-6280353BF5D5}D:\program files(x86)\battlenet\hots\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) D:\program files(x86)\battlenet\hots\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [{529AB92A-971D-4CDD-BD7A-B9A722356F52}] => (Allow) D:\Program files(x86)\SteamLibrary\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [{A9D91320-8C43-4882-9B46-95D01415852B}] => (Allow) D:\Program files(x86)\SteamLibrary\steamapps\common\Total War SHOGUN 2\Shogun2.exe
FirewallRules: [TCP Query User{8E510061-80FC-4071-BEEB-2E31801EB543}D:\downloads\torrents\empire earth\empire earth.exe] => (Block) D:\downloads\torrents\empire earth\empire earth.exe
FirewallRules: [UDP Query User{2673D5C2-305F-4711-BBDB-44817B67C0DB}D:\downloads\torrents\empire earth\empire earth.exe] => (Block) D:\downloads\torrents\empire earth\empire earth.exe
FirewallRules: [TCP Query User{0032CC8F-2CD6-44B2-BFB3-9DE93AA1C4B1}C:\gog games\empire earth gold edition\empire earth\empire earth.exe] => (Allow) C:\gog games\empire earth gold edition\empire earth\empire earth.exe
FirewallRules: [UDP Query User{49EA1510-9913-4ED3-A895-760BFE072141}C:\gog games\empire earth gold edition\empire earth\empire earth.exe] => (Allow) C:\gog games\empire earth gold edition\empire earth\empire earth.exe
FirewallRules: [TCP Query User{AC6993A9-7445-4F5C-AF75-7785B00457C9}C:\gog games\empire earth gold edition\empire earth - the art of conquest\ee-aoc.exe] => (Allow) C:\gog games\empire earth gold edition\empire earth - the art of conquest\ee-aoc.exe
FirewallRules: [UDP Query User{3B682932-BC0D-4487-BEE6-FEDAFF8A152E}C:\gog games\empire earth gold edition\empire earth - the art of conquest\ee-aoc.exe] => (Allow) C:\gog games\empire earth gold edition\empire earth - the art of conquest\ee-aoc.exe
FirewallRules: [TCP Query User{D1BD015F-3412-4558-8345-D5EE55260BFB}D:\program files(x86)\empire earth\empire earth.exe] => (Allow) D:\program files(x86)\empire earth\empire earth.exe
FirewallRules: [UDP Query User{78418E53-580D-4712-98B9-17B7E0AC94CD}D:\program files(x86)\empire earth\empire earth.exe] => (Allow) D:\program files(x86)\empire earth\empire earth.exe
FirewallRules: [TCP Query User{2EF78A0F-9595-4EDC-81B2-8BB1067C7556}D:\program files(x86)\empire earth gold edition\empire earth\empire earth.exe] => (Allow) D:\program files(x86)\empire earth gold edition\empire earth\empire earth.exe
FirewallRules: [UDP Query User{C48213BB-113A-41E8-90EC-3094B13C272E}D:\program files(x86)\empire earth gold edition\empire earth\empire earth.exe] => (Allow) D:\program files(x86)\empire earth gold edition\empire earth\empire earth.exe
FirewallRules: [{A9860BD3-557B-4E92-B8E8-F2B0399EC71D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{76300EF5-9193-4A77-9179-64B3F89C6EFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{974632D8-E41D-43D8-B338-77772DAA152D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4CEC7A93-F4B0-4001-8AC8-23782911CE04}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{28119CB7-3EF4-4269-A002-3AFE9FAD364D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{411715C8-1FB1-4D76-9C64-6AA77BF57A6D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{30EB67E9-CCEA-4449-81C7-673603449E34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/24/2015 08:55:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvcplui.exe, version: 8.1.800.0, time stamp: 0x556691d8
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc000041d
Fault offset: 0x000000000003563f
Faulting process ID: 0x574
Faulting application start time: 0xnvcplui.exe0
Faulting application path: nvcplui.exe1
Faulting module path: nvcplui.exe2
Report ID: nvcplui.exe3
Faulting package full name: nvcplui.exe4
Faulting package-relative application ID: nvcplui.exe5

Error: (07/24/2015 08:55:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvcplui.exe, version: 8.1.800.0, time stamp: 0x556691d8
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000005
Fault offset: 0x000000000003563f
Faulting process ID: 0x574
Faulting application start time: 0xnvcplui.exe0
Faulting application path: nvcplui.exe1
Faulting module path: nvcplui.exe2
Report ID: nvcplui.exe3
Faulting package full name: nvcplui.exe4
Faulting package-relative application ID: nvcplui.exe5

Error: (07/24/2015 06:24:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.2.1.0, time stamp: 0x00000004
Faulting module name: libqt4_plugin.dll, version: 2.2.1.0, time stamp: 0x00020002
Exception code: 0x40000015
Fault offset: 0x007ca10a
Faulting process ID: 0xbf8
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report ID: vlc.exe3
Faulting package full name: vlc.exe4
Faulting package-relative application ID: vlc.exe5

Error: (07/23/2015 03:05:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RomeTW.exe, version: 1.0.0.0, time stamp: 0x00564544
Faulting module name: RomeTW.exe, version: 1.0.0.0, time stamp: 0x00564544
Exception code: 0xc0000005
Fault offset: 0x00584fa1
Faulting process ID: 0x10bc
Faulting application start time: 0xRomeTW.exe0
Faulting application path: RomeTW.exe1
Faulting module path: RomeTW.exe2
Report ID: RomeTW.exe3
Faulting package full name: RomeTW.exe4
Faulting package-relative application ID: RomeTW.exe5

Error: (07/23/2015 01:38:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RomeTW.exe, version: 1.0.0.0, time stamp: 0x00564544
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process ID: 0xae4
Faulting application start time: 0xRomeTW.exe0
Faulting application path: RomeTW.exe1
Faulting module path: RomeTW.exe2
Report ID: RomeTW.exe3
Faulting package full name: RomeTW.exe4
Faulting package-relative application ID: RomeTW.exe5

Error: (07/23/2015 12:41:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RomeTW.exe, version: 1.0.0.0, time stamp: 0x00564544
Faulting module name: RomeTW.exe, version: 1.0.0.0, time stamp: 0x00564544
Exception code: 0xc0000005
Fault offset: 0x000af633
Faulting process ID: 0x1684
Faulting application start time: 0xRomeTW.exe0
Faulting application path: RomeTW.exe1
Faulting module path: RomeTW.exe2
Report ID: RomeTW.exe3
Faulting package full name: RomeTW.exe4
Faulting package-relative application ID: RomeTW.exe5

Error: (07/20/2015 01:16:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OBS.exe, version: 0.6.5.2, time stamp: 0x559f798e
Faulting module name: OBSApi.dll, version: 0.6.5.1, time stamp: 0x5512511b
Exception code: 0xc0000005
Fault offset: 0x00026141
Faulting process ID: 0x17f8
Faulting application start time: 0xOBS.exe0
Faulting application path: OBS.exe1
Faulting module path: OBS.exe2
Report ID: OBS.exe3
Faulting package full name: OBS.exe4
Faulting package-relative application ID: OBS.exe5

Error: (07/20/2015 01:16:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OBS.exe, version: 0.6.5.2, time stamp: 0x559f798e
Faulting module name: OBSApi.dll, version: 0.6.5.1, time stamp: 0x5512511b
Exception code: 0xc0000005
Fault offset: 0x00024d9d
Faulting process ID: 0x17f8
Faulting application start time: 0xOBS.exe0
Faulting application path: OBS.exe1
Faulting module path: OBS.exe2
Report ID: OBS.exe3
Faulting package full name: OBS.exe4
Faulting package-relative application ID: OBS.exe5

Error: (07/18/2015 11:18:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Rome2.exe, version: 2.2.0.0, time stamp: 0x548edfdb
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000005
Fault offset: 0x00040fb2
Faulting process ID: 0x1118
Faulting application start time: 0xRome2.exe0
Faulting application path: Rome2.exe1
Faulting module path: Rome2.exe2
Report ID: Rome2.exe3
Faulting package full name: Rome2.exe4
Faulting package-relative application ID: Rome2.exe5

Error: (07/16/2015 12:29:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000024c0fd8
Faulting process ID: 0xa00
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report ID: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5


System errors:
=============
Error: (07/24/2015 06:06:43 PM) (Source: DCOM) (EventID: 10010) (User: Computer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/24/2015 06:06:13 PM) (Source: DCOM) (EventID: 10010) (User: Computer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/23/2015 01:08:54 PM) (Source: DCOM) (EventID: 10010) (User: Computer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/23/2015 01:08:24 PM) (Source: DCOM) (EventID: 10010) (User: Computer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/23/2015 11:16:31 AM) (Source: DCOM) (EventID: 10010) (User: Computer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/23/2015 11:16:01 AM) (Source: DCOM) (EventID: 10010) (User: Computer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/23/2015 10:25:57 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/23/2015 09:10:54 AM) (Source: DCOM) (EventID: 10010) (User: Computer)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/23/2015 09:10:24 AM) (Source: DCOM) (EventID: 10010) (User: Computer)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/22/2015 12:02:27 AM) (Source: DCOM) (EventID: 10005) (User: Computer)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}


Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-07-24 18:05:49.508
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-24 18:05:49.334
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-23 09:10:04.327
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-23 09:10:04.192
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-21 15:28:20.477
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-21 15:28:20.046
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-21 15:28:19.519
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-21 15:28:19.109
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-21 15:28:18.564
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-21 15:28:18.144
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4810MQ CPU @ 2.80GHz
Percentage of memory in use: 15%
Total physical RAM: 16300.26 MB
Available physical RAM: 13712.32 MB
Total Virtual: 18732.26 MB
Available Virtual: 15368.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.23 GB) (Free:130.37 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:693.92 GB) NTFS
Drive g: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:298.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 733BBDCC)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 733BBDDB)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 0F46F92B)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of log ============================

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 25 July 2015 - 01:38 PM

Greetings,

I would like you to consider and do this please.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 SANDRA; \??\d:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2\WNt600x64\Sandra.sys [X]
C:\Users\Vladimir\AppData\Local\Temp\_is1DDB.exe
C:\Users\Vladimir\AppData\Local\Temp\_is348B.exe
C:\Users\Vladimir\AppData\Local\Temp\_is35F7.exe
C:\Users\Vladimir\AppData\Local\Temp\_is521A.exe
C:\Users\Vladimir\AppData\Local\Temp\_is6B6E.exe
Task: {10198D2D-CDDB-4234-8065-3CAE9028A499} - System32\Tasks\WINshell Event Notification => C:\Users\Vladimir\AppData\Local\Temp\SBCint2.exe <==== ATTENTION
Task: {2E6BD1B8-EADE-42D2-96A7-ACF56D68205B} - System32\Tasks\WINshell Event Logging => C:\Users\Vladimir\AppData\Local\Temp\Dscp1.exe <==== ATTENTION
Task: {3A629316-3BD6-4229-B216-8031097A5E2A} - System32\Tasks\{054A9C62-2103-43ED-8AF1-2FF9A9E71CF0} => pcalua.exe -a "D:\Program files(x86)\GOG.com\Empire Earth II\EE2.exe" -d "d:\Program Files(x86)\GOG.com\Empire Earth II\"
Task: {4C86385C-9434-440E-9E5D-A17FE3FA1B10} - System32\Tasks\Origin => C:\Users\Vladimir\AppData\Roaming\Origin\update.vbe <==== ATTENTION
Task: {D1D53881-A716-4B47-8440-1B54FA57CF88} - System32\Tasks\{94FAA77C-C9B7-4033-A9EA-D3C0F6B16C5A} => pcalua.exe -a E:\setup.exe -d E:\
Task: {F8CCFED9-0765-4523-AEA8-E464C09B9E63} - \SPBIW_UpdateTask_Time_3334343530353739332d4a4a5b415a34782a456c375a No Task File <==== ATTENTION
Task: {FA492435-6456-40B4-BE04-3C99B8B0D278} - \Installer_iwebar No Task File <==== ATTENTION
C:\Users\Vladimir\AppData\Roaming\Origin\update.vbe
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Vladimir\SkyDrive:ms-properties
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 mastervv

mastervv
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 26 July 2015 - 01:44 AM

Thanks for the quick reply, I will uninstall utorrent as it's bloated with junkware, I think I got infected by clicking an ad on that app.

Will do that in a day or two and do the fixlist.txt thing, can't today due to RL

BTW: Not sure if you can see in logs or something but before you first replied, my uncle who is into pc stuff downloaded this app called free malwarebytes and did a scan and it said it cleaned the infection and the app stopped launching (on task manager) but it still is a bit laggy when I launch games and the windows launches slowly (like 20 sec stuck on desktop when login)


Edited by mastervv, 26 July 2015 - 01:48 AM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 26 July 2015 - 08:18 AM

Thanks. If additional work is done other than what I have posted it causes me to be unsure of the state of your computer and as a result the steps I want to take may or may not be good ones. If you can hold off on running things on your own that will help us.

When you are able to post the fixlog we will go from there.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 mastervv

mastervv
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 28 July 2015 - 01:52 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:26-07-2015
Ran by Orochimaru at 2015-07-28 09:48:55 Run:1
Running from C:\Users\Vladimir\Desktop
Loaded Profiles: Orochimaru (Available Profiles: Orochimaru & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 SANDRA; \??\d:\Program Files\SiSoftware\SiSoftware Sandra Lite 2015.SP2\WNt600x64\Sandra.sys [X]
C:\Users\Vladimir\AppData\Local\Temp\_is1DDB.exe
C:\Users\Vladimir\AppData\Local\Temp\_is348B.exe
C:\Users\Vladimir\AppData\Local\Temp\_is35F7.exe
C:\Users\Vladimir\AppData\Local\Temp\_is521A.exe
C:\Users\Vladimir\AppData\Local\Temp\_is6B6E.exe
Task: {10198D2D-CDDB-4234-8065-3CAE9028A499} - System32\Tasks\WINshell Event Notification => C:\Users\Vladimir\AppData\Local\Temp\SBCint2.exe <==== ATTENTION
Task: {2E6BD1B8-EADE-42D2-96A7-ACF56D68205B} - System32\Tasks\WINshell Event Logging => C:\Users\Vladimir\AppData\Local\Temp\Dscp1.exe <==== ATTENTION
Task: {3A629316-3BD6-4229-B216-8031097A5E2A} - System32\Tasks\{054A9C62-2103-43ED-8AF1-2FF9A9E71CF0} => pcalua.exe -a "D:\Program files(x86)\GOG.com\Empire Earth II\EE2.exe" -d "d:\Program Files(x86)\GOG.com\Empire Earth II\"
Task: {4C86385C-9434-440E-9E5D-A17FE3FA1B10} - System32\Tasks\Origin => C:\Users\Vladimir\AppData\Roaming\Origin\update.vbe <==== ATTENTION
Task: {D1D53881-A716-4B47-8440-1B54FA57CF88} - System32\Tasks\{94FAA77C-C9B7-4033-A9EA-D3C0F6B16C5A} => pcalua.exe -a E:\setup.exe -d E:\
Task: {F8CCFED9-0765-4523-AEA8-E464C09B9E63} - \SPBIW_UpdateTask_Time_3334343530353739332d4a4a5b415a34782a456c375a No Task File <==== ATTENTION
Task: {FA492435-6456-40B4-BE04-3C99B8B0D278} - \Installer_iwebar No Task File <==== ATTENTION
C:\Users\Vladimir\AppData\Roaming\Origin\update.vbe
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
AlternateDataStreams: C:\Users\Vladimir\SkyDrive:ms-properties
emptytemp:
*****************

"HKLM\SOFTWARE\Policies\Google" => key removed successfully
SANDRA => service removed successfully
C:\Users\Vladimir\AppData\Local\Temp\_is1DDB.exe => moved successfully.
C:\Users\Vladimir\AppData\Local\Temp\_is348B.exe => moved successfully.
C:\Users\Vladimir\AppData\Local\Temp\_is35F7.exe => moved successfully.
C:\Users\Vladimir\AppData\Local\Temp\_is521A.exe => moved successfully.
C:\Users\Vladimir\AppData\Local\Temp\_is6B6E.exe => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10198D2D-CDDB-4234-8065-3CAE9028A499}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10198D2D-CDDB-4234-8065-3CAE9028A499}" => key removed successfully
C:\Windows\System32\Tasks\WINshell Event Notification => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WINshell Event Notification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E6BD1B8-EADE-42D2-96A7-ACF56D68205B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E6BD1B8-EADE-42D2-96A7-ACF56D68205B}" => key removed successfully
C:\Windows\System32\Tasks\WINshell Event Logging => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WINshell Event Logging" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A629316-3BD6-4229-B216-8031097A5E2A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A629316-3BD6-4229-B216-8031097A5E2A}" => key removed successfully
C:\Windows\System32\Tasks\{054A9C62-2103-43ED-8AF1-2FF9A9E71CF0} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{054A9C62-2103-43ED-8AF1-2FF9A9E71CF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C86385C-9434-440E-9E5D-A17FE3FA1B10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C86385C-9434-440E-9E5D-A17FE3FA1B10}" => key removed successfully
C:\Windows\System32\Tasks\Origin => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D1D53881-A716-4B47-8440-1B54FA57CF88}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1D53881-A716-4B47-8440-1B54FA57CF88}" => key removed successfully
C:\Windows\System32\Tasks\{94FAA77C-C9B7-4033-A9EA-D3C0F6B16C5A} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{94FAA77C-C9B7-4033-A9EA-D3C0F6B16C5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8CCFED9-0765-4523-AEA8-E464C09B9E63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8CCFED9-0765-4523-AEA8-E464C09B9E63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_3334343530353739332d4a4a5b415a34782a456c375a" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA492435-6456-40B4-BE04-3C99B8B0D278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA492435-6456-40B4-BE04-3C99B8B0D278}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_iwebar" => key removed successfully
"C:\Users\Vladimir\AppData\Roaming\Origin\update.vbe" => File/Folder not found.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.
"C:\Users\Vladimir\SkyDrive" => ":ms-properties" ADS not found.
EmptyTemp: => 411.2 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 09:49:08 ====



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 28 July 2015 - 08:36 AM

That cleaned up a lot of stuff, thanks. Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 mastervv

mastervv
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 29 July 2015 - 11:01 AM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir    Win32/ELEX.BM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir    Win32/ELEX.BM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir    Win32/ELEX.BM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir    Win32/ELEX.BM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir    Win32/ELEX.BM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir    Win32/ELEX.BM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir    a variant of Win32/ELEX.BM potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir    a variant of Win32/ELEX.BH potentially unwanted application
C:\AdwCleaner\Quarantine\C\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\omiga-plus\UninstallManager.exe.vir    a variant of Win32/ELEX.CP potentially unwanted application
C:\Program Files (x86)\Bethesda Softworks\The Elder Scrolls V Skyrim - Legendary Edition\steam_api.dll    Win32/HackTool.Crack.BQ potentially unsafe application
C:\Users\Vladimir\Desktop\Total War Rome 2 Emperor Edition V2.2.0 Trainer +14 Build 15539 MrAntiFun.EXE    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
C:\Users\Vladimir\Desktop\games (1)\Total War Shogun 2 V1.1.0.0 Trainer +8 MrAntiFun B.EXE    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
D:\Downloads\apps\CheatEngine64.exe    a variant of Win32/OpenCandy.C potentially unsafe application
D:\Downloads\apps\uTorrent.exe    a variant of Win32/OpenCandy.C potentially unsafe application
D:\Downloads\rometotalwar2patch\Total.War.ROME.II.Emperor.Edition.Update.v2.2.0.Incl.DLC-RELOADED\Crack\steam_api.dll    a variant of Win32/HackTool.Crack.CS potentially unsafe application
D:\Downloads\Torrents\Rome Total War\Apps\daemon4123-lite.exe    Win32/Adware.Toolbar.Shopper application
D:\Program files(x86)\Cheat Engine 6.4\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
D:\Program files(x86)\Total War Rome II\steam_api.dll    a variant of Win32/HackTool.Crack.CS potentially unsafe application
D:\Program files(x86)\Total War Rome II\Total War Rome 2 Emperor Edition V2.0.0 Trainer +15 Build 13903 MrAntiFun.EXE    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
Operating memory    a variant of Win32/HackTool.Crack.CS potentially unsafe application

 

 

 

 

 

 

 Results of screen317's Security Check version 1.006  
   x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 Java 8 Update 45  
 Java version 32-bit out of Date!
 Adobe Flash Player     18.0.0.209  
 Adobe Reader XI  
 Mozilla Firefox (39.0)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
 Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

Computer is running with no noticeable difference. BTW did Eset clean up the detections? I see quarantines from my uncles experiment -.-? Also I am 100% sure cheat engine as a standalone is not a hack program...use it to cheat sometimes in games


Edited by mastervv, 29 July 2015 - 11:03 AM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 29 July 2015 - 11:23 AM

It does not look like ESET quarantined the items, at least that what the results indicate.

Are there any remaining issues or questions you may have?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 mastervv

mastervv
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 30 July 2015 - 06:10 AM

What do you mean? shall I repeat some process?



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 30 July 2015 - 03:09 PM

Not sure if we need to. Please do this.

===================================================

ESET Online Scanner Log

--------------------
  • Press the Windows Key + E at the same time
  • Please navigate to the below listed file location

C:\Program Files\ESET\ESET Online Scanner\log.txt

  • Double click log.txt and a Notepad document will open
  • Copy and paste that information into your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 mastervv

mastervv
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 31 July 2015 - 07:48 AM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bfa151fab76ce44d946e9f8c691bdfd1
# end=init
# utc_time=2015-07-29 03:06:35
# local_time=2015-07-29 06:06:35 (+0200, E. Europe Summer Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 25031
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bfa151fab76ce44d946e9f8c691bdfd1
# end=updated
# utc_time=2015-07-29 03:15:11
# local_time=2015-07-29 06:15:11 (+0200, E. Europe Summer Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=bfa151fab76ce44d946e9f8c691bdfd1
# engine=25031
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-29 03:43:07
# local_time=2015-07-29 06:43:07 (+0200, E. Europe Summer Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 3425 15266979 0 0
# scanned=239624
# found=20
# cleaned=0
# scan_time=1676
sh=497D88F38E21229D95650E02708207190CB6849E ft=1 fh=64a74ba51bf40770 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=5468230F587DE9F869DB9E22083131DCFD9451F2 ft=1 fh=07a842c13464288e vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=599F4EB498D7C05A680386C1D3E1FC3DD68A8FA9 ft=1 fh=bd87bce3b868a7f1 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=6F2DDAFE7B526A4CC60D75CCB1D4EBEA6F5D0DDC ft=1 fh=a836ee7136df2313 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=1DFF39C0F7B7617C8292510F1833B282CD0A1F21 ft=1 fh=18ddbd645dd0ae9c vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=DF7B974F73F65FDF917E9C3AB8B8EC9FD97FC2A0 ft=1 fh=0e3a711fc1c46ea8 vn="Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=606D4414333C04E362F60B505926C78BB0B6C694 ft=1 fh=2f7c44d7fdd8d932 vn="a variant of Win32/ELEX.BM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir"
sh=0641D63D85DA4259B27FA455972E762B6FC04092 ft=1 fh=b7e7d2287abcc02c vn="a variant of Win32/ELEX.BH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=4CF9EF4D739C2F8A1F3909A2720274527EC29E1F ft=1 fh=c71c001143f2d9bd vn="a variant of Win32/ELEX.CP potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\omiga-plus\UninstallManager.exe.vir"
sh=7D85A8A8F04013DFA9E895999CED80D31475C29E ft=1 fh=6ea06a1e9519710f vn="Win32/HackTool.Crack.BQ potentially unsafe application" ac=I fn="C:\Program Files (x86)\Bethesda Softworks\The Elder Scrolls V Skyrim - Legendary Edition\steam_api.dll"
sh=5ED5144C2B5C70248285F6B8B311449E46283517 ft=1 fh=c0b9ed8dc043cf43 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application" ac=I fn="C:\Users\Vladimir\Desktop\Total War Rome 2 Emperor Edition V2.2.0 Trainer +14 Build 15539 MrAntiFun.EXE"
sh=489EF766511521076A1DE2062D4515BEFA2558A7 ft=1 fh=c0b9ed8d0db6c2c7 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application" ac=I fn="C:\Users\Vladimir\Desktop\games (1)\Total War Shogun 2 V1.1.0.0 Trainer +8 MrAntiFun B.EXE"
sh=D8E8343D73BE7A378E89C07A637633362D0AF34C ft=1 fh=b6abfa551f58a607 vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="D:\Downloads\apps\CheatEngine64.exe"
sh=7640F0FFD9CD55C5DB9F3C6D85901E896CDA71A1 ft=1 fh=2a204a354971ddfe vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="D:\Downloads\apps\uTorrent.exe"
sh=414FDA85ECB96B5E9C45E5D9E06924A94E3FE816 ft=1 fh=8fc058e5afe66dc6 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application" ac=I fn="D:\Downloads\rometotalwar2patch\Total.War.ROME.II.Emperor.Edition.Update.v2.2.0.Incl.DLC-RELOADED\Crack\steam_api.dll"
sh=6E46A0A077930B1B9D25C3105F629D399CB8EBD1 ft=1 fh=88cd3388df6e5029 vn="Win32/Adware.Toolbar.Shopper application" ac=I fn="D:\Downloads\Torrents\Rome Total War\Apps\daemon4123-lite.exe"
sh=860EFD5893E4DD4E820227B7DEAD144F974456AC ft=1 fh=c0b9ed8dfe12ffb8 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application" ac=I fn="D:\Program files(x86)\Cheat Engine 6.4\standalonephase1.dat"
sh=414FDA85ECB96B5E9C45E5D9E06924A94E3FE816 ft=1 fh=8fc058e5afe66dc6 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application" ac=I fn="D:\Program files(x86)\Total War Rome II\steam_api.dll"
sh=C533A807DC98C46EC7D6FE60B37E4CEDEB303C03 ft=1 fh=c0b9ed8dd9e08e82 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application" ac=I fn="D:\Program files(x86)\Total War Rome II\Total War Rome 2 Emperor Edition V2.0.0 Trainer +15 Build 13903 MrAntiFun.EXE"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application" ac=I fn="${Memory}"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bfa151fab76ce44d946e9f8c691bdfd1
# end=init
# utc_time=2015-07-29 04:04:31
# local_time=2015-07-29 07:04:31 (+0200, E. Europe Summer Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 25031
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bfa151fab76ce44d946e9f8c691bdfd1
# end=updated
# utc_time=2015-07-29 04:05:13
# local_time=2015-07-29 07:05:13 (+0200, E. Europe Summer Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=bfa151fab76ce44d946e9f8c691bdfd1
# engine=25031
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-29 04:24:01
# local_time=2015-07-29 07:24:01 (+0200, E. Europe Summer Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 5879 15269433 0 0
# scanned=239872
# found=11
# cleaned=11
# scan_time=1127
sh=497D88F38E21229D95650E02708207190CB6849E ft=1 fh=64a74ba51bf40770 vn="Win32/ELEX.BM potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=5468230F587DE9F869DB9E22083131DCFD9451F2 ft=1 fh=07a842c13464288e vn="Win32/ELEX.BM potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=599F4EB498D7C05A680386C1D3E1FC3DD68A8FA9 ft=1 fh=bd87bce3b868a7f1 vn="Win32/ELEX.BM potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=6F2DDAFE7B526A4CC60D75CCB1D4EBEA6F5D0DDC ft=1 fh=a836ee7136df2313 vn="Win32/ELEX.BM potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=1DFF39C0F7B7617C8292510F1833B282CD0A1F21 ft=1 fh=18ddbd645dd0ae9c vn="Win32/ELEX.BM potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=DF7B974F73F65FDF917E9C3AB8B8EC9FD97FC2A0 ft=1 fh=0e3a711fc1c46ea8 vn="Win32/ELEX.BM potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=606D4414333C04E362F60B505926C78BB0B6C694 ft=1 fh=2f7c44d7fdd8d932 vn="a variant of Win32/ELEX.BM potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir"
sh=0641D63D85DA4259B27FA455972E762B6FC04092 ft=1 fh=b7e7d2287abcc02c vn="a variant of Win32/ELEX.BH potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=4CF9EF4D739C2F8A1F3909A2720274527EC29E1F ft=1 fh=c71c001143f2d9bd vn="a variant of Win32/ELEX.CP potentially unwanted application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\omiga-plus\UninstallManager.exe.vir"
sh=7D85A8A8F04013DFA9E895999CED80D31475C29E ft=1 fh=6ea06a1e9519710f vn="a variant of Win32/Packed.VMProtect.AAH trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Bethesda Softworks\The Elder Scrolls V Skyrim - Legendary Edition\steam_api.dll"
sh=6E46A0A077930B1B9D25C3105F629D399CB8EBD1 ft=1 fh=88cd3388df6e5029 vn="Win32/Adware.Toolbar.Shopper application (cleaned by deleting - quarantined)" ac=C fn="D:\$RECYCLE.BIN\S-1-5-21-2782659349-1872183393-1444364079-1002\$R7DDTH8.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bfa151fab76ce44d946e9f8c691bdfd1
# end=init
# utc_time=2015-07-29 04:32:33
# local_time=2015-07-29 07:32:33 (+0200, E. Europe Summer Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 25031
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=bfa151fab76ce44d946e9f8c691bdfd1
# end=updated
# utc_time=2015-07-29 04:33:05
# local_time=2015-07-29 07:33:05 (+0200, E. Europe Summer Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=bfa151fab76ce44d946e9f8c691bdfd1
# engine=25031
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-29 05:00:04
# local_time=2015-07-29 08:00:04 (+0200, E. Europe Summer Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8042 15271596 0 0
# scanned=240514
# found=9
# cleaned=9
# scan_time=1618
sh=7D85A8A8F04013DFA9E895999CED80D31475C29E ft=1 fh=6ea06a1e9519710f vn="Win32/HackTool.Crack.BQ potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files (x86)\Bethesda Softworks\The Elder Scrolls V Skyrim - Legendary Edition\steam_api.dll"
sh=5ED5144C2B5C70248285F6B8B311449E46283517 ft=1 fh=c0b9ed8dc043cf43 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Vladimir\Desktop\Total War Rome 2 Emperor Edition V2.2.0 Trainer +14 Build 15539 MrAntiFun.EXE"
sh=489EF766511521076A1DE2062D4515BEFA2558A7 ft=1 fh=c0b9ed8d0db6c2c7 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Vladimir\Desktop\games (1)\Total War Shogun 2 V1.1.0.0 Trainer +8 MrAntiFun B.EXE"
sh=D8E8343D73BE7A378E89C07A637633362D0AF34C ft=1 fh=b6abfa551f58a607 vn="a variant of Win32/OpenCandy.C potentially unsafe application (deleted - quarantined)" ac=C fn="D:\Downloads\apps\CheatEngine64.exe"
sh=7640F0FFD9CD55C5DB9F3C6D85901E896CDA71A1 ft=1 fh=2a204a354971ddfe vn="a variant of Win32/OpenCandy.C potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="D:\Downloads\apps\uTorrent.exe"
sh=414FDA85ECB96B5E9C45E5D9E06924A94E3FE816 ft=1 fh=8fc058e5afe66dc6 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="D:\Downloads\rometotalwar2patch\Total.War.ROME.II.Emperor.Edition.Update.v2.2.0.Incl.DLC-RELOADED\Crack\steam_api.dll"
sh=860EFD5893E4DD4E820227B7DEAD144F974456AC ft=1 fh=c0b9ed8dfe12ffb8 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="D:\Program files(x86)\Cheat Engine 6.4\standalonephase1.dat"
sh=414FDA85ECB96B5E9C45E5D9E06924A94E3FE816 ft=1 fh=8fc058e5afe66dc6 vn="a variant of Win32/HackTool.Crack.CS potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="D:\Program files(x86)\Total War Rome II\steam_api.dll"
sh=C533A807DC98C46EC7D6FE60B37E4CEDEB303C03 ft=1 fh=c0b9ed8dd9e08e82 vn="a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="D:\Program files(x86)\Total War Rome II\Total War Rome 2 Emperor Edition V2.0.0 Trainer +15 Build 13903 MrAntiFun.EXE"
 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,376 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 31 July 2015 - 09:18 AM

Looks like we are all set. Are you experiencing any issues or have any questions before I provide some final instructions/information for you?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 mastervv

mastervv
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 31 July 2015 - 10:26 AM

no the cpu is down cooler and better and i dont get the svc host everytime






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users