Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Forced Chrome redirect to Utrack.pw and others


  • This topic is locked This topic is locked
20 replies to this topic

#1 Vanyel

Vanyel

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 08 November 2015 - 06:55 AM

Hello, as the topic title indicates I'm ever of often being redirected in Chrome to Utrack.pw and other sites. The other sites vary but is usually casino sites or the like. Examples of sites I get redirected to that is not Utrack.pw is:
hxxp://static.williamhillcasino.com/ 
hxxp://www.bet365.com/

hxxp://www.bo-investments.com/

hxxp://prruw.com/

hxxp://preg.conquer-media.com/

And others

 

It is usually from navigation onsite and almost never when opening a new tab.

 

I ran the farbar scan and the results are as follows:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Magnus (administrator) on VANYEL (08-11-2015 12:27:36)
Running from C:\Users\Magnus\Downloads
Loaded Profiles: Magnus (Available Profiles: Magnus & Administratör)
Platform: Windows 8.1 (X64) Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Spotify Ltd) C:\Users\Magnus\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-07] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\Run: [uTorrent] => C:\Users\Magnus\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-11-07] (BitTorrent Inc.)
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\Run: [Spotify Web Helper] => C:\Users\Magnus\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-17] (Spotify Ltd)
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48132736 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\MountPoints2: {032a3e78-57d6-11e4-bea3-94de80b1506b} - "F:\Startme.exe" 
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\MountPoints2: {0a4fa5e4-ec2d-11e4-be7a-94de80b1506b} - "F:\setup.exe" 
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\MountPoints2: {ebb357aa-49c9-11e5-be8d-94de80b1506b} - "F:\setup.exe" 
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\MountPoints2: {fccb3560-860d-11e3-824e-806e6f6e6963} - "E:\INFERNO_EN.EXE" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-07] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F9159DE3-85CB-4F26-8E6D-383E1394A941}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-07] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-08] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-24] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-08] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-07] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-08] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-08] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3334539264-3653351648-2627082213-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Magnus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-08]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-11-07]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=MF535A8F1-0253-45B1-9D49-9C7EAA2CE06B&SearchSource=55&CUI=&UM=5&UP=SP2B88BC06-CEB7-42BC-BEBA-30E0651C6EEA&SSPV=
CHR Profile: C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentationer) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-30]
CHR Extension: (Google Dokument) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-30]
CHR Extension: (Google Drive) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Google Search) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Kalkylark) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-30]
CHR Extension: (Google Dokument Offline) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-08]
CHR Extension: (AdBlock) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-07]
CHR Extension: (Avast Online Security) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-07]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-07] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5554152 2015-11-07] (Avast Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-06-12] (BitRaider, LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-07-16] (Foxit Software Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-07] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-06-12] (BitRaider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-08-24] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-11-07] (AVAST Software)
S3 Tdsshbecr; C:\Windows\system32\DRIVERS\shbecr.sys [50176 2008-09-22] (Todos Data System AB)
R3 ValFltr; C:\Windows\system32\drivers\ValoFltr.sys [14720 2009-04-10] (ROCCAT Development, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-11-07] (Avast Software)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2013-08-22] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-08 12:24 - 2015-11-08 12:27 - 00015356 _____ C:\Users\Magnus\Downloads\FRST.txt
2015-11-08 12:24 - 2015-11-08 12:24 - 00026598 _____ C:\Users\Magnus\Downloads\Addition.txt
2015-11-08 12:23 - 2015-11-08 12:27 - 00000000 ____D C:\FRST
2015-11-08 12:23 - 2015-11-08 12:23 - 02198528 _____ (Farbar) C:\Users\Magnus\Downloads\FRST64.exe
2015-11-08 12:12 - 2015-11-08 12:12 - 00000264 _____ C:\Users\Magnus\Downloads\debug.log
2015-11-08 00:45 - 2015-11-08 12:02 - 00000000 ____D C:\Users\Magnus\AppData\LocalLow\uTorrent
2015-11-08 00:45 - 2015-11-08 00:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-08 00:45 - 2015-11-08 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-08 00:29 - 2015-10-16 05:51 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-08 00:29 - 2015-10-16 05:51 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-08 00:24 - 2015-11-08 00:24 - 00000000 _____ C:\WINDOWS\SysWOW64\RENE317.tmp
2015-11-08 00:23 - 2015-11-08 00:23 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\Sun
2015-11-08 00:23 - 2015-11-08 00:23 - 00000000 ____D C:\Users\Magnus\AppData\LocalLow\Oracle
2015-11-08 00:23 - 2015-11-08 00:23 - 00000000 ____D C:\Users\Magnus\.oracle_jre_usage
2015-11-07 23:07 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-11-07 23:07 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-11-07 23:06 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-11-07 23:06 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-11-07 23:06 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-11-07 23:06 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-11-07 23:04 - 2015-09-29 13:24 - 00155480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-07 23:04 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-07 23:04 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-07 23:04 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-07 23:04 - 2014-11-15 20:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-11-07 23:04 - 2014-11-15 07:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-11-07 23:04 - 2014-11-14 07:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-07 23:04 - 2014-11-14 06:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-07 23:04 - 2014-11-10 19:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-07 23:04 - 2014-11-10 03:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-11-07 23:04 - 2014-11-10 02:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-11-07 23:04 - 2014-11-10 02:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-11-07 23:04 - 2014-11-10 01:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-11-07 23:04 - 2014-11-08 05:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-11-07 23:04 - 2014-11-08 04:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-11-07 23:04 - 2014-11-08 04:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-11-07 23:04 - 2014-11-08 04:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-11-07 23:04 - 2014-11-08 04:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-11-07 23:04 - 2014-11-08 04:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-11-07 23:04 - 2014-11-08 04:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-11-07 23:04 - 2014-11-08 04:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-11-07 23:04 - 2014-11-08 04:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-11-07 23:04 - 2014-11-08 03:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-11-07 23:04 - 2014-11-08 03:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-11-07 23:04 - 2014-11-08 03:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-11-07 23:04 - 2014-11-08 03:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-11-07 23:04 - 2014-11-08 02:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-11-07 23:04 - 2014-11-08 02:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-11-07 23:04 - 2014-11-07 04:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-11-07 23:04 - 2014-11-07 04:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-11-07 23:04 - 2014-11-05 03:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-11-07 23:04 - 2014-11-05 03:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-11-07 23:04 - 2014-11-05 03:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-11-07 23:04 - 2014-11-05 02:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-11-07 23:04 - 2014-11-05 02:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-11-07 23:04 - 2014-11-05 02:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-11-07 23:04 - 2014-11-05 02:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-11-07 23:04 - 2014-11-05 02:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-11-07 23:04 - 2014-11-05 02:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-11-07 23:04 - 2014-11-05 02:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-11-07 23:04 - 2014-11-05 02:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-11-07 23:04 - 2014-11-05 02:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-11-07 23:04 - 2014-11-04 20:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-11-07 23:04 - 2014-11-04 07:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-11-07 23:04 - 2014-11-04 06:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-11-07 23:04 - 2014-10-29 04:05 - 00551232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-11-07 23:04 - 2014-10-29 02:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-11-07 23:04 - 2014-10-29 02:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-11-07 23:04 - 2014-10-21 02:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-11-07 23:04 - 2014-10-21 02:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-11-07 23:04 - 2014-10-21 01:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-11-07 23:04 - 2014-10-21 01:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-11-07 23:04 - 2014-10-21 01:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-11-07 23:04 - 2014-10-21 01:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-11-07 23:04 - 2014-10-21 01:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-11-07 23:04 - 2014-10-17 05:56 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-11-07 23:04 - 2014-10-17 04:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-11-07 23:03 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-07 23:03 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-07 23:03 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-07 23:03 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-07 23:03 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-07 23:03 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-07 23:03 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-07 23:03 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-07 23:03 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-07 23:03 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-07 23:03 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-07 23:03 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-07 23:03 - 2015-09-30 00:42 - 01658536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-07 23:03 - 2015-09-30 00:42 - 01519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-07 23:03 - 2015-09-30 00:42 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-07 23:03 - 2015-09-30 00:42 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-07 23:03 - 2015-09-15 15:29 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-07 23:03 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-07 23:03 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-07 23:03 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-07 23:03 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-07 23:03 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-07 23:03 - 2015-08-10 19:15 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-07 23:03 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-07 23:03 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-07 23:03 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-07 23:03 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-07 23:03 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-07 23:03 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-11-07 23:03 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-11-07 23:03 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-11-07 23:03 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-11-07 23:03 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-11-07 23:03 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-11-07 23:01 - 2015-11-07 23:01 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-11-07 23:01 - 2015-11-07 23:01 - 00147088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys
2015-11-07 23:01 - 2015-11-07 23:01 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-11-07 22:58 - 2015-09-29 13:31 - 07457624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-07 22:58 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-11-07 22:58 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-11-07 22:58 - 2015-09-03 03:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-11-07 22:58 - 2015-09-03 03:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-11-07 22:58 - 2015-09-02 19:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-11-07 22:58 - 2015-09-02 18:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-11-07 22:58 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-11-07 22:58 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-11-07 22:58 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-11-07 22:58 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-11-07 22:58 - 2015-08-07 22:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-11-07 22:58 - 2015-08-07 22:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-11-07 22:58 - 2015-08-07 22:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-11-07 22:58 - 2015-08-07 15:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-11-07 22:58 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-11-07 22:58 - 2015-08-06 17:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-11-07 22:58 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-11-07 22:58 - 2015-08-06 17:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-11-07 22:58 - 2015-07-30 18:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-11-07 22:58 - 2015-07-30 17:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-11-07 22:58 - 2015-07-22 15:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-11-07 22:58 - 2015-07-22 14:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-11-07 22:58 - 2015-07-17 15:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-11-07 22:58 - 2015-07-17 15:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-11-07 22:58 - 2015-06-27 12:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-11-07 22:57 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-07 22:57 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-07 22:57 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-11-07 22:57 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-11-07 22:57 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-11-07 22:57 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-11-07 22:57 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-11-07 22:57 - 2015-09-10 19:02 - 25851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-07 22:57 - 2015-09-10 18:19 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-07 22:57 - 2015-09-10 18:18 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-07 22:57 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-11-07 22:57 - 2015-09-10 18:14 - 05990400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-07 22:57 - 2015-09-10 18:09 - 20358144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-07 22:57 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-11-07 22:57 - 2015-09-10 18:04 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-07 22:57 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-11-07 22:57 - 2015-09-10 17:39 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-07 22:57 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-11-07 22:57 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-11-07 22:57 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-11-07 22:57 - 2015-09-10 17:33 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-07 22:57 - 2015-09-10 17:28 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-07 22:57 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-11-07 22:57 - 2015-09-10 17:27 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-07 22:57 - 2015-09-10 17:24 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-07 22:57 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-11-07 22:57 - 2015-09-10 17:19 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-07 22:57 - 2015-09-10 17:19 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-07 22:57 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-11-07 22:57 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-11-07 22:57 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-11-07 22:57 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-11-07 22:57 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-11-07 22:57 - 2015-09-10 17:02 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-07 22:57 - 2015-09-10 17:01 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-07 22:57 - 2015-09-10 17:00 - 12853760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-07 22:57 - 2015-09-10 16:57 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-07 22:57 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-11-07 22:57 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-11-07 22:57 - 2015-09-10 16:55 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-07 22:57 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-11-07 22:57 - 2015-09-10 16:45 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-07 22:57 - 2015-09-10 16:34 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-07 22:57 - 2015-09-10 16:31 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-07 22:57 - 2015-09-10 16:27 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-07 22:57 - 2015-09-10 16:26 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-07 22:57 - 2015-09-02 03:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-11-07 22:57 - 2015-09-02 03:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-11-07 22:57 - 2015-09-02 03:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-11-07 22:57 - 2015-09-02 03:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-11-07 22:57 - 2015-08-03 22:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-11-07 22:57 - 2015-08-03 22:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-11-07 22:57 - 2015-08-01 15:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-11-07 22:57 - 2015-08-01 04:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-11-07 22:57 - 2015-08-01 04:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-11-07 22:57 - 2015-08-01 04:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-11-07 22:57 - 2015-08-01 04:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-11-07 22:57 - 2015-08-01 04:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-11-07 22:57 - 2015-07-22 15:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-11-07 22:57 - 2015-07-22 15:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-11-07 22:57 - 2015-07-22 15:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-11-07 22:57 - 2015-07-22 15:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-11-07 22:57 - 2015-07-18 19:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-11-07 22:57 - 2015-07-18 19:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-11-07 22:57 - 2015-07-18 19:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-11-07 22:57 - 2015-07-18 19:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-11-07 22:57 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-11-07 22:57 - 2015-07-14 04:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-11-07 22:57 - 2015-07-09 17:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-11-07 22:57 - 2015-06-19 18:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-08 12:27 - 2015-04-02 15:04 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\Skype
2015-11-08 12:12 - 2015-03-30 03:01 - 00000000 ____D C:\Users\Magnus\AppData\Local\Google
2015-11-08 12:02 - 2015-04-06 16:52 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\uTorrent
2015-11-08 12:00 - 2015-03-30 23:54 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-11-08 12:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-08 11:51 - 2015-03-30 03:01 - 00001012 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-08 01:09 - 2015-03-30 03:11 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-11-08 01:09 - 2015-03-30 03:11 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-11-08 01:05 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-08 00:58 - 2015-03-29 21:53 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3334539264-3653351648-2627082213-1002
2015-11-08 00:45 - 2013-09-04 20:35 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-08 00:45 - 2013-09-04 20:35 - 00000000 ____D C:\ProgramData\Skype
2015-11-08 00:42 - 2015-03-30 23:02 - 01972844 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-08 00:34 - 2014-11-21 09:49 - 01740478 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-08 00:34 - 2014-11-21 08:56 - 00732608 _____ C:\WINDOWS\system32\perfh01D.dat
2015-11-08 00:34 - 2014-11-21 08:56 - 00151960 _____ C:\WINDOWS\system32\perfc01D.dat
2015-11-08 00:28 - 2014-11-21 00:38 - 00124468 _____ C:\WINDOWS\PFRO.log
2015-11-08 00:28 - 2013-08-22 15:46 - 00333937 _____ C:\WINDOWS\setupact.log
2015-11-08 00:28 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-08 00:28 - 2013-08-22 15:44 - 00368752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-08 00:28 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-08 00:28 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-08 00:27 - 2015-03-30 23:54 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-11-08 00:27 - 2014-11-21 09:26 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-08 00:27 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-08 00:27 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-11-08 00:27 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\setup
2015-11-08 00:27 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-11-08 00:25 - 2015-05-10 13:10 - 00000000 ____D C:\ProgramData\Oracle
2015-11-08 00:24 - 2015-05-10 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-08 00:24 - 2013-09-04 20:36 - 00000000 ____D C:\Program Files\Java
2015-11-08 00:24 - 2013-09-04 20:36 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-08 00:23 - 2015-03-30 23:05 - 00000000 ____D C:\Users\Magnus
2015-11-08 00:23 - 2013-09-04 20:36 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-11-08 00:18 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-08 00:12 - 2015-03-29 23:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-07 23:10 - 2015-03-30 03:02 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-07 23:06 - 2015-04-16 00:49 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-07 23:06 - 2014-11-21 17:33 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-11-07 23:04 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-07 23:01 - 2015-03-30 03:10 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00154256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-11-07 22:57 - 2015-03-30 03:01 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-07 22:57 - 2015-03-30 03:01 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-07 22:57 - 2015-03-30 03:01 - 00001016 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
 
==================== Files in the root of some directories =======
 
2015-04-06 16:48 - 2015-04-06 16:48 - 0000027 _____ () C:\Program Files\plugins.dat
 
Some files in TEMP:
====================
C:\Users\Magnus\AppData\Local\Temp\DAEMON Tools Lite.exe
C:\Users\Magnus\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Magnus\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Magnus\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Magnus\AppData\Local\Temp\vlc-2.2.1-win32.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-07 23:11
 
==================== End of FRST.txt ============================
 
[attachment=172621:Addition.txt]
 
Thanks in advance

Edited by xXToffeeXx, 08 November 2015 - 07:39 AM.
Edited to deactivate links~


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 PM

Posted 08 November 2015 - 02:39 PM

Hello 

Vanyel

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

2.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

 

Please include in your next reply

ADWcleaner log

Emisoft log

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Vanyel

Vanyel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 08 November 2015 - 07:31 PM

Hello. Thank you for taking on my case!

 

The log from ADWcleaner looks like this:
 

# AdwCleaner v5.019 - Logfile created 08/11/2015 at 22:05:19
# Updated 08/11/2015 by Xplode
# Database : 2015-11-08.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Magnus - VANYEL
# Running from : C:\Users\Magnus\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\Magnus\AppData\Local\28050
 
***** [ Files ] *****
 
File Found : C:\END
File Found : C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage
File Found : C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.pricepeep00.pricepeep.net_0.localstorage-journal
File Found : C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
File Found : C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://www.trovi.com/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=MF535A8F1-0253-45B1-9D49-9C7EAA2CE06B&SearchSource=55&CUI=&UM=5&UP=SP2B88BC06-CEB7-42BC-BEBA-30E0651C6EEA&SSPV=
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1748 bytes] ##########
 
Regarding the Emisoft log there is no option that is just named scan, there is quick scan, malware scan, and custom scan. Which one do you want me to use?

Regarding how it's working now:
getting pop-ups of gambling sites and other junk while navigating on sites and some utrack redirecting while testing

Edited by Vanyel, 09 November 2015 - 06:40 AM.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 PM

Posted 11 November 2015 - 06:33 PM

run a malware scan


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Vanyel

Vanyel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 14 November 2015 - 08:33 AM

All right, the resuukt from the emsisoft scan are as follows:

 

Emsisoft Emergency Kit - Version 10.0
Last update: 2015-11-08 22:23:54
User account: Vanyel\Magnus
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 2015-11-14 14:24:59
C:\Users\Magnus\AppData\Local\Temp\DAEMON Tools Lite.exe detected: Application.InstallAd (A)
C:\Users\Magnus\Downloads\CheatEngine63.exe detected: Application.Win32.AdSweet (A)
 
Scanned 82952
Found 2
 
Scan end: 2015-11-14 14:25:50
Scan time: 0:00:51
 
C:\Users\Magnus\Downloads\CheatEngine63.exe Quarantined Application.Win32.AdSweet (A)
C:\Users\Magnus\AppData\Local\Temp\DAEMON Tools Lite.exe Quarantined Application.InstallAd (A)
 
Quarantined 2
 
still getting junk popups and redirects in both chrome and when opening steam.


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 PM

Posted 15 November 2015 - 09:47 PM

Please run Frst as you did the first time and post the new FRST.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Vanyel

Vanyel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 16 November 2015 - 11:27 AM

Ok, here you go the FRST.txt :

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Magnus (administrator) on VANYEL (16-11-2015 17:25:34)
Running from C:\Users\Magnus\Downloads
Loaded Profiles: Magnus & Administratör (Available Profiles: Magnus & Administratör)
Platform: Windows 8.1 (X64) Language: Svenska (Sverige)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(BitTorrent Inc.) C:\Users\Magnus\AppData\Roaming\uTorrent\uTorrent.exe
(Spotify Ltd) C:\Users\Magnus\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(BitTorrent Inc.) C:\Users\Magnus\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(BitTorrent Inc.) C:\Users\Magnus\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-07] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\Run: [uTorrent] => C:\Users\Magnus\AppData\Roaming\uTorrent\uTorrent.exe [1822048 2015-11-07] (BitTorrent Inc.)
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\Run: [Spotify Web Helper] => C:\Users\Magnus\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-17] (Spotify Ltd)
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48132736 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\MountPoints2: {032a3e78-57d6-11e4-bea3-94de80b1506b} - "F:\Startme.exe" 
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\MountPoints2: {0a4fa5e4-ec2d-11e4-be7a-94de80b1506b} - "F:\setup.exe" 
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\MountPoints2: {ebb357aa-49c9-11e5-be8d-94de80b1506b} - "F:\setup.exe" 
HKU\S-1-5-21-3334539264-3653351648-2627082213-1002\...\MountPoints2: {fccb3560-860d-11e3-824e-806e6f6e6963} - "E:\INFERNO_EN.EXE" 
HKU\S-1-5-21-3334539264-3653351648-2627082213-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-07] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F9159DE3-85CB-4F26-8E6D-383E1394A941}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-08] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-07] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-08] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-24] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-08] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-07] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-08] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-08] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3334539264-3653351648-2627082213-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Magnus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-08]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-11-07]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=MF535A8F1-0253-45B1-9D49-9C7EAA2CE06B&SearchSource=55&CUI=&UM=5&UP=SP2B88BC06-CEB7-42BC-BEBA-30E0651C6EEA&SSPV=
CHR Profile: C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentationer) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-30]
CHR Extension: (Google Dokument) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-30]
CHR Extension: (Google Drive) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-07]
CHR Extension: (Google Search) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Google Kalkylark) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-30]
CHR Extension: (Google Dokument Offline) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-08]
CHR Extension: (AdBlock) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-11-07]
CHR Extension: (Hola Bättre Internet) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-11-14]
CHR Extension: (Avast Online Security) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-07]
CHR Extension: (Betalning via Chrome Web Store) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Gmail) - C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-07]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-07] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [5554152 2015-11-07] (Avast Software)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-06-12] (BitRaider, LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-07] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-07] (AVAST Software)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-06-12] (BitRaider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-08-24] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [147088 2015-11-07] (AVAST Software)
S3 Tdsshbecr; C:\Windows\system32\DRIVERS\shbecr.sys [50176 2008-09-22] (Todos Data System AB)
R3 ValFltr; C:\Windows\system32\drivers\ValoFltr.sys [14720 2009-04-10] (ROCCAT Development, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [310904 2015-11-07] (Avast Software)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [71680 2013-08-22] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-16 01:23 - 2015-11-16 01:24 - 31229216 _____ C:\Users\Magnus\Downloads\20151113-lifeorigins.m4a
2015-11-14 14:35 - 2015-11-14 14:35 - 37729103 _____ C:\Users\Magnus\Downloads\20151113-lakatos-feyerabend.m4a
2015-11-11 09:11 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 09:11 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 09:11 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-11 09:11 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-11 09:11 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 09:11 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 09:11 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-11 09:11 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 09:11 - 2015-10-30 23:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-11 09:11 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 09:11 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-11 09:11 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-11 09:11 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 09:11 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-11 09:11 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-11 09:11 - 2015-10-30 23:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-11 09:11 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-11 09:11 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 09:11 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 09:11 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-11 09:11 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-11 09:11 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 09:11 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-11 09:11 - 2015-10-17 15:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-11 09:11 - 2015-10-15 17:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 09:11 - 2015-10-15 16:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 09:11 - 2015-10-15 00:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 09:11 - 2015-10-15 00:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-11 09:11 - 2015-10-15 00:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-11 09:11 - 2015-10-15 00:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-11 09:11 - 2015-10-15 00:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-11 09:11 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 09:11 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 09:11 - 2015-10-13 16:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-11 09:11 - 2015-10-13 16:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-11 09:11 - 2015-10-13 16:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-11 09:11 - 2015-10-13 16:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-11 09:11 - 2015-10-13 16:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-11 09:11 - 2015-10-13 16:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-11 09:11 - 2015-10-11 07:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-11 09:11 - 2015-10-11 07:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-11 09:11 - 2015-10-10 19:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-11 09:11 - 2015-10-10 19:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-11 09:11 - 2015-10-10 19:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-11 09:11 - 2015-10-10 18:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-11 09:11 - 2015-10-10 18:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-11 09:11 - 2015-10-10 18:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-11 09:11 - 2015-10-10 17:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-11 09:11 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-08 22:23 - 2015-11-08 22:23 - 00000762 _____ C:\Users\Magnus\Desktop\Start Emsisoft Emergency Kit.lnk
2015-11-08 22:22 - 2015-11-14 14:24 - 00000000 ____D C:\EEK
2015-11-08 22:03 - 2015-11-08 22:06 - 00000000 ____D C:\AdwCleaner
2015-11-08 22:02 - 2015-11-08 22:03 - 169861072 _____ C:\Users\Magnus\Desktop\EmsisoftEmergencyKit.exe
2015-11-08 22:02 - 2015-11-08 22:02 - 01712128 _____ C:\Users\Magnus\Desktop\AdwCleaner.exe
2015-11-08 12:24 - 2015-11-16 17:25 - 00015232 _____ C:\Users\Magnus\Downloads\FRST.txt
2015-11-08 12:24 - 2015-11-08 12:28 - 00026449 _____ C:\Users\Magnus\Downloads\Addition.txt
2015-11-08 12:23 - 2015-11-16 17:25 - 00000000 ____D C:\FRST
2015-11-08 12:23 - 2015-11-08 12:23 - 02198528 _____ (Farbar) C:\Users\Magnus\Downloads\FRST64.exe
2015-11-08 12:12 - 2015-11-08 12:12 - 00000264 _____ C:\Users\Magnus\Downloads\debug.log
2015-11-08 00:45 - 2015-11-14 14:23 - 00000000 ____D C:\Users\Magnus\AppData\LocalLow\uTorrent
2015-11-08 00:45 - 2015-11-08 00:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-11-08 00:45 - 2015-11-08 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-08 00:29 - 2015-11-03 01:23 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-08 00:29 - 2015-11-03 01:23 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-08 00:24 - 2015-11-08 00:24 - 00000000 _____ C:\WINDOWS\SysWOW64\RENE317.tmp
2015-11-08 00:23 - 2015-11-08 00:23 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\Sun
2015-11-08 00:23 - 2015-11-08 00:23 - 00000000 ____D C:\Users\Magnus\AppData\LocalLow\Oracle
2015-11-08 00:23 - 2015-11-08 00:23 - 00000000 ____D C:\Users\Magnus\.oracle_jre_usage
2015-11-07 23:07 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-11-07 23:07 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-11-07 23:06 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-11-07 23:06 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-11-07 23:06 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-11-07 23:06 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-11-07 23:04 - 2015-09-29 13:24 - 00155480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-07 23:04 - 2015-09-04 20:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-07 23:04 - 2015-08-20 21:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-07 23:04 - 2015-08-20 18:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-07 23:04 - 2014-11-15 20:05 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-11-07 23:04 - 2014-11-15 07:29 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-11-07 23:04 - 2014-11-14 07:57 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-07 23:04 - 2014-11-14 06:03 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-07 23:04 - 2014-11-10 19:06 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-07 23:04 - 2014-11-10 03:57 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-11-07 23:04 - 2014-11-10 02:20 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-11-07 23:04 - 2014-11-10 02:08 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-11-07 23:04 - 2014-11-10 01:57 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-11-07 23:04 - 2014-11-08 05:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-11-07 23:04 - 2014-11-08 04:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-11-07 23:04 - 2014-11-08 04:56 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-11-07 23:04 - 2014-11-08 04:56 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-11-07 23:04 - 2014-11-08 04:56 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-11-07 23:04 - 2014-11-08 04:24 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-11-07 23:04 - 2014-11-08 04:13 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-11-07 23:04 - 2014-11-08 04:13 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-11-07 23:04 - 2014-11-08 04:13 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-11-07 23:04 - 2014-11-08 03:48 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-11-07 23:04 - 2014-11-08 03:38 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-11-07 23:04 - 2014-11-08 03:17 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-11-07 23:04 - 2014-11-08 03:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-11-07 23:04 - 2014-11-08 02:58 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-11-07 23:04 - 2014-11-08 02:49 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-11-07 23:04 - 2014-11-07 04:58 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-11-07 23:04 - 2014-11-07 04:20 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-11-07 23:04 - 2014-11-05 03:12 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-11-07 23:04 - 2014-11-05 03:12 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-11-07 23:04 - 2014-11-05 03:06 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-11-07 23:04 - 2014-11-05 02:44 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-11-07 23:04 - 2014-11-05 02:43 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-11-07 23:04 - 2014-11-05 02:39 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-11-07 23:04 - 2014-11-05 02:39 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-11-07 23:04 - 2014-11-05 02:33 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-11-07 23:04 - 2014-11-05 02:21 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-11-07 23:04 - 2014-11-05 02:20 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-11-07 23:04 - 2014-11-05 02:14 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-11-07 23:04 - 2014-11-05 02:06 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-11-07 23:04 - 2014-11-04 20:33 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-11-07 23:04 - 2014-11-04 07:27 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-11-07 23:04 - 2014-11-04 06:01 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-11-07 23:04 - 2014-10-29 04:05 - 00551232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-11-07 23:04 - 2014-10-29 02:55 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-11-07 23:04 - 2014-10-29 02:13 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-11-07 23:04 - 2014-10-21 02:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-11-07 23:04 - 2014-10-21 02:19 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-11-07 23:04 - 2014-10-21 01:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-11-07 23:04 - 2014-10-21 01:31 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-11-07 23:04 - 2014-10-21 01:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-11-07 23:04 - 2014-10-21 01:30 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-11-07 23:04 - 2014-10-21 01:20 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-11-07 23:04 - 2014-10-17 05:56 - 00039744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-11-07 23:04 - 2014-10-17 04:35 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-11-07 23:03 - 2015-10-20 22:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-07 23:03 - 2015-10-20 15:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-07 23:03 - 2015-10-20 15:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-07 23:03 - 2015-10-20 15:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-07 23:03 - 2015-10-20 15:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-07 23:03 - 2015-10-20 15:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-07 23:03 - 2015-10-20 15:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-07 23:03 - 2015-10-20 15:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-07 23:03 - 2015-10-20 15:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-07 23:03 - 2015-10-20 15:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-07 23:03 - 2015-10-20 15:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-07 23:03 - 2015-10-20 15:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-07 23:03 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-07 23:03 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-07 23:03 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-07 23:03 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-07 23:03 - 2015-08-28 23:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-07 23:03 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-07 23:03 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-07 23:03 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-07 23:03 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-07 23:03 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-07 23:03 - 2015-05-01 02:13 - 06521800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-11-07 23:03 - 2015-05-01 02:13 - 01488000 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-11-07 23:03 - 2015-05-01 02:13 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-11-07 23:03 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-11-07 23:03 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-11-07 23:03 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-11-07 23:01 - 2015-11-07 23:01 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-11-07 23:01 - 2015-11-07 23:01 - 00147088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\ngvss.sys
2015-11-07 23:01 - 2015-11-07 23:01 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-11-07 22:58 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-11-07 22:58 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-11-07 22:58 - 2015-09-03 03:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-11-07 22:58 - 2015-09-03 03:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-11-07 22:58 - 2015-09-02 19:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-11-07 22:58 - 2015-09-02 18:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-11-07 22:58 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-11-07 22:58 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-11-07 22:58 - 2015-08-07 22:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-11-07 22:58 - 2015-08-07 22:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-11-07 22:58 - 2015-08-07 22:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-11-07 22:58 - 2015-08-07 22:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-11-07 22:58 - 2015-08-07 22:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-11-07 22:58 - 2015-08-07 15:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-11-07 22:58 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-11-07 22:58 - 2015-08-06 17:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-11-07 22:58 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-11-07 22:58 - 2015-08-06 17:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-11-07 22:58 - 2015-07-30 18:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-11-07 22:58 - 2015-07-30 17:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-11-07 22:58 - 2015-07-22 15:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-11-07 22:58 - 2015-07-22 14:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-11-07 22:58 - 2015-07-17 15:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-11-07 22:58 - 2015-07-17 15:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-11-07 22:58 - 2015-06-27 12:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-11-07 22:57 - 2015-09-19 04:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-07 22:57 - 2015-09-18 14:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-07 22:57 - 2015-09-18 14:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-11-07 22:57 - 2015-09-18 14:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-11-07 22:57 - 2015-09-18 14:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-11-07 22:57 - 2015-09-18 14:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-11-07 22:57 - 2015-09-18 14:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-11-07 22:57 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-11-07 22:57 - 2015-09-10 18:06 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-11-07 22:57 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-11-07 22:57 - 2015-09-10 17:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-11-07 22:57 - 2015-09-10 17:37 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-11-07 22:57 - 2015-09-10 17:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-11-07 22:57 - 2015-09-10 17:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-11-07 22:57 - 2015-09-10 17:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-11-07 22:57 - 2015-09-10 17:19 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-11-07 22:57 - 2015-09-10 17:17 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-11-07 22:57 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-11-07 22:57 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-11-07 22:57 - 2015-09-10 17:05 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-11-07 22:57 - 2015-09-10 16:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-11-07 22:57 - 2015-09-10 16:55 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-11-07 22:57 - 2015-09-10 16:55 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-11-07 22:57 - 2015-09-02 03:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-11-07 22:57 - 2015-09-02 03:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-11-07 22:57 - 2015-09-02 03:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-11-07 22:57 - 2015-09-02 03:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-11-07 22:57 - 2015-08-22 14:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-11-07 22:57 - 2015-08-03 22:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-11-07 22:57 - 2015-08-03 22:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-11-07 22:57 - 2015-08-01 15:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-11-07 22:57 - 2015-08-01 04:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-11-07 22:57 - 2015-08-01 04:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-11-07 22:57 - 2015-08-01 04:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-11-07 22:57 - 2015-08-01 04:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-11-07 22:57 - 2015-08-01 04:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-11-07 22:57 - 2015-07-22 15:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-11-07 22:57 - 2015-07-22 15:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-11-07 22:57 - 2015-07-22 15:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-11-07 22:57 - 2015-07-22 15:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-11-07 22:57 - 2015-07-18 19:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-11-07 22:57 - 2015-07-18 19:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-11-07 22:57 - 2015-07-18 19:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-11-07 22:57 - 2015-07-18 19:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-11-07 22:57 - 2015-07-16 19:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-11-07 22:57 - 2015-07-14 04:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-11-07 22:57 - 2015-07-09 17:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-11-07 22:57 - 2015-06-19 18:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-16 17:25 - 2015-04-06 16:52 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\uTorrent
2015-11-16 17:21 - 2015-04-02 15:04 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\Skype
2015-11-16 17:20 - 2015-03-30 03:01 - 00001012 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-16 17:20 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-16 12:30 - 2015-03-30 23:02 - 01911639 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-16 02:37 - 2015-04-06 16:49 - 00000000 ____D C:\Users\Magnus\AppData\Roaming\vlc
2015-11-15 14:22 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-15 14:08 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-14 00:05 - 2014-11-21 09:49 - 01740478 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-14 00:05 - 2014-11-21 08:56 - 00732608 _____ C:\WINDOWS\system32\perfh01D.dat
2015-11-14 00:05 - 2014-11-21 08:56 - 00151960 _____ C:\WINDOWS\system32\perfc01D.dat
2015-11-13 23:59 - 2013-08-22 15:46 - 00334168 _____ C:\WINDOWS\setupact.log
2015-11-13 23:59 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-13 23:59 - 2013-08-22 15:44 - 00368752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-11 23:36 - 2015-03-29 21:53 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3334539264-3653351648-2627082213-1002
2015-11-11 22:42 - 2015-03-30 03:02 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 09:44 - 2015-03-29 23:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 09:42 - 2015-03-29 23:13 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-08 22:06 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-08 12:32 - 2015-03-30 03:11 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-11-08 12:32 - 2015-03-30 03:11 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-11-08 12:12 - 2015-03-30 03:01 - 00000000 ____D C:\Users\Magnus\AppData\Local\Google
2015-11-08 12:00 - 2015-03-30 23:54 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-11-08 00:45 - 2013-09-04 20:35 - 00002713 _____ C:\Users\Public\Desktop\Skype.lnk
2015-11-08 00:45 - 2013-09-04 20:35 - 00000000 ____D C:\ProgramData\Skype
2015-11-08 00:28 - 2014-11-21 00:38 - 00124468 _____ C:\WINDOWS\PFRO.log
2015-11-08 00:28 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-08 00:27 - 2015-03-30 23:54 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-11-08 00:27 - 2014-11-21 09:26 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-08 00:27 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-08 00:27 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-11-08 00:27 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\setup
2015-11-08 00:27 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-11-08 00:25 - 2015-05-10 13:10 - 00000000 ____D C:\ProgramData\Oracle
2015-11-08 00:24 - 2015-05-10 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-08 00:24 - 2013-09-04 20:36 - 00000000 ____D C:\Program Files\Java
2015-11-08 00:24 - 2013-09-04 20:36 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-08 00:23 - 2015-03-30 23:05 - 00000000 ____D C:\Users\Magnus
2015-11-08 00:23 - 2013-09-04 20:36 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-11-07 23:06 - 2015-04-16 00:49 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-07 23:06 - 2014-11-21 17:33 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-11-07 23:04 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-07 23:01 - 2015-03-30 03:10 - 01059656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00449992 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00154256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-11-07 23:01 - 2015-03-30 03:10 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-11-07 22:57 - 2015-03-30 03:01 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-07 22:57 - 2015-03-30 03:01 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-07 22:57 - 2015-03-30 03:01 - 00001016 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
 
==================== Files in the root of some directories =======
 
2015-04-06 16:48 - 2015-04-06 16:48 - 0000027 _____ () C:\Program Files\plugins.dat
 
Some files in TEMP:
====================
C:\Users\Magnus\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Magnus\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Magnus\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Magnus\AppData\Local\Temp\vlc-2.2.1-win32.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-07 23:11
 
==================== End of FRST.txt ============================


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 PM

Posted 18 November 2015 - 11:15 AM

1.

Please uninstall and reinstall google chrome. If it asks to delete personal files and folders please allow it to do so.

 

2.

Please unninstall and reinstall Skype

 

3.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

 

2.

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Vanyel

Vanyel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 18 November 2015 - 04:38 PM

ok the results are as follows:

 

ESET log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Update Init
Update Download
Update Finalize
Updated modules version: 26785

 

I hope that was what you needed from that program, the RougeKiller log looks like this:

 

RogueKiller V10.11.6.0 (x64) [Nov 16 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Magnus [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 11/18/2015 22:24:17

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 79 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 0.0.0.0.0
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 m.fr.a2dfp.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 mfr.a2dfp.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.a8.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 asy.a8ww.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 static.a-ads.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 atlas.aamedia.ro
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 abcstats.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad4.abradio.cz
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 a.abv.bg
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adserver.abv.bg
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adv.abv.bg
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bimg.abv.bg
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ca.abv.bg
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www2.a-counter.kiev.ua
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 track.acclaimnetwork.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 accuserveadsystem.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.accuserveadsystem.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 achmedia.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 csh.actiondesk.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.activepower.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 app.activetrail.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 traffic.acwebconnecting.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 office.ad1.ru
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 cms.ad2click.nl
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad2games.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.ad2games.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 content.ad20.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 core.ad20.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 banner.ad.nu
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 cl21.v4.adaction.se
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adadvisor.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 tag1.adaptiveads.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adbanner.ro
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 wad.adbasket.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.pop1.adbn.ru
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.top1.adbn.ru
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad.rich1.adbn.ru
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 james.adbutler.de #[Tracking.Cookie]
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adbutler.de
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adchimp.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 static.adclick.lt
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 engine.adclick.lv
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 show.adclick.lv
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 static.adclick.lv
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adclick.lv
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ad-clix.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.ad-clix.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 servedby.adcombination.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adcomplete.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adcomplete.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adhall.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 pool.adhese.be
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adhitzads.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.static.adhood.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 app.pubserver.adhood.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 app.winwords.adhood.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ssl3.adhost.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www2.adhost.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adfarm1.adition.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 imagesrv.adition.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adblockplus.org
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 easylist.adblockplus.org
[C:\Windows\System32\drivers\etc\hosts] 158.255.238.129 google-analytics.com
[C:\Windows\System32\drivers\etc\hosts] 158.255.238.129 www.google-analytics.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adk2cdn.cpmrocket.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 c1.popads.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 yieldmanager.adbooth.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adcash.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ads.adjalauto.com

¤¤¤ Antirootkit : 6 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x7ffa49a2075c (jmp 0xffffffff801943ab)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ kernel32.dll) ntdll!LdrLoadDll : Unknown @ 0x7ffa49a203a4 (jmp 0xffffffff80146f53)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x703fc (jmp 0x8857342c|jmp 0x6649d334)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x4103fc (jmp 0x8891342c|jmp 0x660fd334)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x3003fc (jmp 0x8880342c|jmp 0x6620d334)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x503fc (jmp 0x8855342c|jmp 0x664bd334)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 2b68a499789018f365cea6c2464ff3bd
[BSP] f084bed69a2ec584f125fbb40c890e4b : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM] Basic data partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 616448 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 821248 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1083392 | Size: 105594 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 217339904 | Size: 350 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 218056704 | Size: 8000 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 85c900678f825f3cd3d505cb94a0b936
[BSP] f61dffbf1f9844c1e4a07d54e1ae06d0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

 

what is next, should i let rougeKiller delete stuff? I didn't since you didn't specify. 

 

also the problems persisted and are apparently present in Internet Explorer as well (I'd forgotten i had IE at all)


Edited by Vanyel, 18 November 2015 - 05:20 PM.


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 PM

Posted 18 November 2015 - 09:24 PM

1.

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click HOSTsFix 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

 

2.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

 

3.

Please run MALWAREBYTES again and post the log


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Vanyel

Vanyel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 19 November 2015 - 07:01 AM

erm...  There is no promt for a button named HOSTsfix, there is a button to be found under one of the tabs called "Fix Hosts File" tho I can't see anything happening when I press it, regardless if I have checked any boxes on the found files. 

You have not had me run a program named MALWAREBYTES earlier, is it the one from malwarebytes .org ? 



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 PM

Posted 19 November 2015 - 05:55 PM

 

You have not had me run a program named MALWAREBYTES earlier, is it the one from malwarebytes .org ?

Yes that is the one.

 

Please post the TDDSKiller log


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Vanyel

Vanyel
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 19 November 2015 - 10:13 PM

okay TDSS:

 

04:01:14.0169 0x0e94  TDSS rootkit removing tool 3.1.0.6 Nov 16 2015 12:17:23
04:01:14.0169 0x0e94  UEFI system
04:01:22.0730 0x0e94  ============================================================
04:01:22.0730 0x0e94  Current date / time: 2015/11/20 04:01:22.0730
04:01:22.0730 0x0e94  SystemInfo:
04:01:22.0730 0x0e94  
04:01:22.0730 0x0e94  OS Version: 6.3.9600 ServicePack: 0.0
04:01:22.0730 0x0e94  Product type: Workstation
04:01:22.0730 0x0e94  ComputerName: VANYEL
04:01:22.0730 0x0e94  UserName: Magnus
04:01:22.0730 0x0e94  Windows directory: C:\WINDOWS
04:01:22.0730 0x0e94  System windows directory: C:\WINDOWS
04:01:22.0730 0x0e94  Running under WOW64
04:01:22.0730 0x0e94  Processor architecture: Intel x64
04:01:22.0730 0x0e94  Number of processors: 6
04:01:22.0730 0x0e94  Page size: 0x1000
04:01:22.0730 0x0e94  Boot type: Normal boot
04:01:22.0730 0x0e94  ============================================================
04:01:22.0745 0x0e94  KLMD registered as C:\WINDOWS\system32\drivers\75203627.sys
04:01:22.0855 0x0e94  System UUID: {9276EE69-01B0-A3FA-4752-09FCA28FC58D}
04:01:23.0261 0x0e94  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:01:23.0855 0x0e94  Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:01:23.0886 0x0e94  ============================================================
04:01:23.0886 0x0e94  \Device\Harddisk0\DR0:
04:01:23.0886 0x0e94  GPT partitions:
04:01:23.0886 0x0e94  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {59DA9968-E58A-4237-AFC0-46D6D216B13F}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x96000
04:01:23.0886 0x0e94  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {17796DBE-FF6D-4739-868A-F8E8025B6116}, Name: EFI system partition, StartLBA 0x96800, BlocksNum 0x32000
04:01:23.0886 0x0e94  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {5971E1D2-19D3-4301-AD3F-DFA12CBFC5C5}, Name: Microsoft reserved partition, StartLBA 0xC8800, BlocksNum 0x40000
04:01:23.0886 0x0e94  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5C4A778F-D844-49EF-928E-59E39B2305FD}, Name: Basic data partition, StartLBA 0x108800, BlocksNum 0xCE3D000
04:01:23.0886 0x0e94  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {CDAA1DCD-FE42-4500-A07B-FEAC24289400}, Name: , StartLBA 0xCF45800, BlocksNum 0xAF000
04:01:23.0886 0x0e94  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {77A1AEBC-E9B2-4C54-84C2-28E2671113B7}, Name: Basic data partition, StartLBA 0xCFF4800, BlocksNum 0xFA0000
04:01:23.0886 0x0e94  MBR partitions:
04:01:23.0886 0x0e94  \Device\Harddisk1\DR1:
04:01:23.0886 0x0e94  MBR partitions:
04:01:23.0886 0x0e94  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
04:01:23.0886 0x0e94  ============================================================
04:01:23.0886 0x0e94  C: <-> \Device\Harddisk0\DR0\Partition4
04:01:23.0917 0x0e94  D: <-> \Device\Harddisk1\DR1\Partition1
04:01:23.0933 0x0e94  ============================================================
04:01:23.0933 0x0e94  Initialize success
04:01:23.0933 0x0e94  ============================================================
04:01:43.0903 0x0d2c  ============================================================
04:01:43.0903 0x0d2c  Scan started
04:01:43.0903 0x0d2c  Mode: Manual; 
04:01:43.0903 0x0d2c  ============================================================
04:01:43.0903 0x0d2c  KSN ping started
04:01:43.0981 0x0d2c  KSN ping finished: true
04:01:44.0860 0x0d2c  ================ Scan system memory ========================
04:01:44.0860 0x0d2c  System memory - ok
04:01:44.0860 0x0d2c  ================ Scan services =============================
04:01:44.0907 0x0d2c  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
04:01:44.0907 0x0d2c  1394ohci - ok
04:01:44.0923 0x0d2c  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
04:01:44.0923 0x0d2c  3ware - ok
04:01:44.0939 0x0d2c  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
04:01:44.0954 0x0d2c  ACPI - ok
04:01:44.0970 0x0d2c  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
04:01:44.0970 0x0d2c  acpiex - ok
04:01:44.0970 0x0d2c  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
04:01:44.0970 0x0d2c  acpipagr - ok
04:01:44.0970 0x0d2c  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
04:01:44.0970 0x0d2c  AcpiPmi - ok
04:01:44.0985 0x0d2c  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
04:01:44.0985 0x0d2c  acpitime - ok
04:01:44.0985 0x0d2c  [ B1EA9681502EE57F87DB71D726288A5B, D17BD2CFAE72E92C77D183331D5CBA0FEA893BF54875920870E271940F40A8BB ] AdobeARMservice c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
04:01:44.0985 0x0d2c  AdobeARMservice - ok
04:01:45.0001 0x0d2c  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
04:01:45.0017 0x0d2c  ADP80XX - ok
04:01:45.0032 0x0d2c  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
04:01:45.0032 0x0d2c  AeLookupSvc - ok
04:01:45.0048 0x0d2c  [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3DEF5EA366B4513B ] AFD             C:\WINDOWS\system32\drivers\afd.sys
04:01:45.0064 0x0d2c  AFD - ok
04:01:45.0064 0x0d2c  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
04:01:45.0064 0x0d2c  agp440 - ok
04:01:45.0079 0x0d2c  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
04:01:45.0079 0x0d2c  ahcache - ok
04:01:45.0079 0x0d2c  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG             C:\WINDOWS\System32\alg.exe
04:01:45.0079 0x0d2c  ALG - ok
04:01:45.0095 0x0d2c  [ 6CF81DD5083D7F94A7E76E50429A949C, 19240502A6406924F889D1AFA975B975A300776D8B2D0557181DF13649622E2B ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
04:01:45.0095 0x0d2c  AMD External Events Utility - ok
04:01:45.0095 0x0d2c  AMD FUEL Service - ok
04:01:45.0110 0x0d2c  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
04:01:45.0110 0x0d2c  AmdK8 - ok
04:01:45.0392 0x0d2c  [ 71F8D8B977ACC5973FA042BF906E709F, 8106C5F5C8E40344CCCDB912845786DF287BDF068D7A6EF9D26B00FA1754C1BC ] amdkmdag        C:\WINDOWS\system32\DRIVERS\atikmdag.sys
04:01:45.0610 0x0d2c  amdkmdag - ok
04:01:45.0642 0x0d2c  [ 4AA027F91A8093B1CDF453B5394F6715, E6D15E959637C102A34F73F66BFDC38436575A2FEFFC3976ACF399A472F126A5 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
04:01:45.0657 0x0d2c  amdkmdap - ok
04:01:45.0657 0x0d2c  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
04:01:45.0673 0x0d2c  AmdPPM - ok
04:01:45.0673 0x0d2c  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
04:01:45.0673 0x0d2c  amdsata - ok
04:01:45.0673 0x0d2c  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
04:01:45.0689 0x0d2c  amdsbs - ok
04:01:45.0689 0x0d2c  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
04:01:45.0689 0x0d2c  amdxata - ok
04:01:45.0689 0x0d2c  [ E8CCB797DAF80779C768BD3A9FC8FCAF, 781BD878CA34D8B6D2FE238439CD173E95449260428859BEA92866D41B1284F4 ] AODDriver4.2.0  C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
04:01:45.0704 0x0d2c  AODDriver4.2.0 - ok
04:01:45.0704 0x0d2c  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID           C:\WINDOWS\system32\drivers\appid.sys
04:01:45.0704 0x0d2c  AppID - ok
04:01:45.0704 0x0d2c  [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
04:01:45.0720 0x0d2c  AppIDSvc - ok
04:01:45.0720 0x0d2c  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
04:01:45.0720 0x0d2c  Appinfo - ok
04:01:45.0735 0x0d2c  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
04:01:45.0751 0x0d2c  AppReadiness - ok
04:01:45.0782 0x0d2c  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
04:01:45.0798 0x0d2c  AppXSvc - ok
04:01:45.0814 0x0d2c  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
04:01:45.0814 0x0d2c  arcsas - ok
04:01:45.0814 0x0d2c  [ D34E4A194A595FDBCBB314B68C3DC833, D62134F8D90258DAD2376C8C69BB5324AB0B2F73CB62C2CF5E2CC7370F9FC138 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
04:01:45.0814 0x0d2c  aswHwid - ok
04:01:45.0829 0x0d2c  [ 7B2E6767FA25540C400CFDA8E7E4FB11, 9757C56BEABBBB26BB23D125D0DE7BF954585F7E987F48B0E20D52C32A6FADC1 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
04:01:45.0829 0x0d2c  aswMonFlt - ok
04:01:45.0829 0x0d2c  [ 6D1E4B74AA1E8C3C41EE601C2C8490ED, ED5AA1EB6172D57921C40422C5D44E5E6C86919880023B5FF452BD258C19A196 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
04:01:45.0829 0x0d2c  aswRdr - ok
04:01:45.0845 0x0d2c  [ 4ACDEA0ABC0EB8519E51D370F0D036FB, 9A13DF4AAEE76C38E2D7C1382E8C225F368CD829950B20221615F81D8C40DE35 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
04:01:45.0845 0x0d2c  aswRvrt - ok
04:01:45.0860 0x0d2c  [ ED9451A5BA5940D90A9464A901D08844, 455727645069C5F87DE91D650C043954BE21024F4986AE56893A0F4B108E2CB3 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
04:01:45.0892 0x0d2c  aswSnx - ok
04:01:45.0907 0x0d2c  [ F667A04F874F39125489984F36620CC2, AB69126160FA75E10B9FEFBF1F09FB12FA3E7E597146CEAEB6C8E0FB8A84F1BD ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
04:01:45.0907 0x0d2c  aswSP - ok
04:01:45.0923 0x0d2c  [ 9F3215B03BE9F28D1F2FDBECDE5302E1, DEF40008924A7453589939D49BC24EDE3CFC3A444EA0909EBAD6961DE66211E1 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
04:01:45.0923 0x0d2c  aswStm - ok
04:01:45.0939 0x0d2c  [ ADD0EC73AEFBC170E5B8C4734DB74AA0, D33665EB079C1BEC2CA65E97064375FB423118BD1D943B1339E9FA44F64FC4F4 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
04:01:45.0939 0x0d2c  aswVmm - ok
04:01:45.0939 0x0d2c  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
04:01:45.0939 0x0d2c  atapi - ok
04:01:45.0954 0x0d2c  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
04:01:45.0954 0x0d2c  AudioEndpointBuilder - ok
04:01:45.0985 0x0d2c  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
04:01:46.0001 0x0d2c  Audiosrv - ok
04:01:46.0001 0x0d2c  [ 199D3FA1AF32FCE46A38E8EB64FFF520, 49B15E568AAC2A7B4A322827F743BA9BC09D11E830F6C00F1F48B7C83A474626 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
04:01:46.0017 0x0d2c  avast! Antivirus - ok
04:01:46.0110 0x0d2c  [ DCDD3FDF6EF5F1D3B2B4BDA545E688B2, 2FB85A4903104A2E781207BBC7023E10B2541D86696D36004497E1AD77E62226 ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
04:01:46.0220 0x0d2c  AvastVBoxSvc - ok
04:01:46.0235 0x0d2c  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
04:01:46.0235 0x0d2c  AxInstSV - ok
04:01:46.0251 0x0d2c  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
04:01:46.0251 0x0d2c  b06bdrv - ok
04:01:46.0267 0x0d2c  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
04:01:46.0267 0x0d2c  BasicDisplay - ok
04:01:46.0267 0x0d2c  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
04:01:46.0267 0x0d2c  BasicRender - ok
04:01:46.0282 0x0d2c  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
04:01:46.0282 0x0d2c  bcmfn2 - ok
04:01:46.0298 0x0d2c  [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE98626226223E918 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
04:01:46.0298 0x0d2c  BDESVC - ok
04:01:46.0298 0x0d2c  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
04:01:46.0298 0x0d2c  Beep - ok
04:01:46.0329 0x0d2c  [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE             C:\WINDOWS\System32\bfe.dll
04:01:46.0345 0x0d2c  BFE - ok
04:01:46.0360 0x0d2c  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\WINDOWS\System32\qmgr.dll
04:01:46.0392 0x0d2c  BITS - ok
04:01:46.0392 0x0d2c  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
04:01:46.0392 0x0d2c  bowser - ok
04:01:46.0407 0x0d2c  [ 7487B46E104303E247F68D485C12326F, BAC6A4FFD5B4009B4B673479630FAA2784618438925DFB6489F07BF163188114 ] BRDriver64_1_3_3_E02B25FC C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys
04:01:46.0410 0x0d2c  BRDriver64_1_3_3_E02B25FC - ok
04:01:46.0417 0x0d2c  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
04:01:46.0417 0x0d2c  BrokerInfrastructure - ok
04:01:46.0432 0x0d2c  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser         C:\WINDOWS\System32\browser.dll
04:01:46.0432 0x0d2c  Browser - ok
04:01:46.0432 0x0d2c  [ 448917845F097FCE9D4554C3D2001EF3, BDCBEC01579D7CF28963E4E13CDC5B26E4B69CA24FA2CC4D6E24CAE0DDBCB3FE ] BRSptStub       C:\ProgramData\BitRaider\BRSptStub.exe
04:01:46.0448 0x0d2c  BRSptStub - ok
04:01:46.0448 0x0d2c  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
04:01:46.0448 0x0d2c  BthAvrcpTg - ok
04:01:46.0463 0x0d2c  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
04:01:46.0463 0x0d2c  BthHFEnum - ok
04:01:46.0463 0x0d2c  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
04:01:46.0463 0x0d2c  bthhfhid - ok
04:01:46.0479 0x0d2c  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
04:01:46.0495 0x0d2c  BthHFSrv - ok
04:01:46.0495 0x0d2c  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
04:01:46.0495 0x0d2c  BTHMODEM - ok
04:01:46.0510 0x0d2c  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv         C:\WINDOWS\system32\bthserv.dll
04:01:46.0510 0x0d2c  bthserv - ok
04:01:46.0510 0x0d2c  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
04:01:46.0526 0x0d2c  cdfs - ok
04:01:46.0526 0x0d2c  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
04:01:46.0526 0x0d2c  cdrom - ok
04:01:46.0542 0x0d2c  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
04:01:46.0542 0x0d2c  CertPropSvc - ok
04:01:46.0542 0x0d2c  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
04:01:46.0557 0x0d2c  circlass - ok
04:01:46.0557 0x0d2c  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
04:01:46.0573 0x0d2c  CLFS - ok
04:01:46.0588 0x0d2c  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
04:01:46.0588 0x0d2c  CmBatt - ok
04:01:46.0604 0x0d2c  [ 0DE32A0BB1FE2A773666572F79584520, C417C12476B937265BEDC9A2C3C3F6C50FD19AEC096362337B0921627A2A92EA ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
04:01:46.0604 0x0d2c  CNG - ok
04:01:46.0620 0x0d2c  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
04:01:46.0620 0x0d2c  CompositeBus - ok
04:01:46.0620 0x0d2c  COMSysApp - ok
04:01:46.0635 0x0d2c  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
04:01:46.0635 0x0d2c  condrv - ok
04:01:46.0651 0x0d2c  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
04:01:46.0651 0x0d2c  CryptSvc - ok
04:01:46.0651 0x0d2c  [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam             C:\WINDOWS\system32\drivers\dam.sys
04:01:46.0651 0x0d2c  dam - ok
04:01:46.0682 0x0d2c  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
04:01:46.0698 0x0d2c  DcomLaunch - ok
04:01:46.0713 0x0d2c  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
04:01:46.0729 0x0d2c  defragsvc - ok
04:01:46.0729 0x0d2c  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
04:01:46.0745 0x0d2c  DeviceAssociationService - ok
04:01:46.0760 0x0d2c  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
04:01:46.0760 0x0d2c  DeviceInstall - ok
04:01:46.0760 0x0d2c  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
04:01:46.0776 0x0d2c  Dfsc - ok
04:01:46.0776 0x0d2c  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
04:01:46.0792 0x0d2c  Dhcp - ok
04:01:46.0823 0x0d2c  [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
04:01:46.0854 0x0d2c  DiagTrack - ok
04:01:46.0885 0x0d2c  [ 91DF13EC831BDCFA36A7A12CD13D66B9, 5054281FE91D4BE0DB446F6F30E3D59E669185555F6C20B988DEC250713FFCED ] Disc Soft Lite Bus Service C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
04:01:46.0901 0x0d2c  Disc Soft Lite Bus Service - ok
04:01:46.0917 0x0d2c  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
04:01:46.0917 0x0d2c  disk - ok
04:01:46.0932 0x0d2c  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
04:01:46.0932 0x0d2c  dmvsc - ok
04:01:46.0932 0x0d2c  [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
04:01:46.0948 0x0d2c  Dnscache - ok
04:01:46.0963 0x0d2c  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
04:01:46.0963 0x0d2c  dot3svc - ok
04:01:46.0979 0x0d2c  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS             C:\WINDOWS\system32\dps.dll
04:01:46.0979 0x0d2c  DPS - ok
04:01:46.0979 0x0d2c  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
04:01:46.0979 0x0d2c  drmkaud - ok
04:01:46.0995 0x0d2c  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
04:01:46.0995 0x0d2c  DsmSvc - ok
04:01:47.0010 0x0d2c  [ 496C3C6BC3D930D0960C9E75AA30F4A7, 3FE0E86DA8C2C6A990BB2F1B92C22BD3483882B8D69FF8025BB68A199362C234 ] dtlitescsibus   C:\WINDOWS\System32\drivers\dtlitescsibus.sys
04:01:47.0010 0x0d2c  dtlitescsibus - ok
04:01:47.0042 0x0d2c  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
04:01:47.0073 0x0d2c  DXGKrnl - ok
04:01:47.0073 0x0d2c  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
04:01:47.0088 0x0d2c  Eaphost - ok
04:01:47.0151 0x0d2c  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
04:01:47.0213 0x0d2c  ebdrv - ok
04:01:47.0213 0x0d2c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS             C:\WINDOWS\System32\lsass.exe
04:01:47.0229 0x0d2c  EFS - ok
04:01:47.0229 0x0d2c  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
04:01:47.0229 0x0d2c  EhStorClass - ok
04:01:47.0245 0x0d2c  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
04:01:47.0245 0x0d2c  EhStorTcgDrv - ok
04:01:47.0245 0x0d2c  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
04:01:47.0245 0x0d2c  ErrDev - ok
04:01:47.0276 0x0d2c  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem     C:\WINDOWS\system32\es.dll
04:01:47.0276 0x0d2c  EventSystem - ok
04:01:47.0292 0x0d2c  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
04:01:47.0292 0x0d2c  exfat - ok
04:01:47.0307 0x0d2c  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
04:01:47.0307 0x0d2c  fastfat - ok
04:01:47.0323 0x0d2c  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax             C:\WINDOWS\system32\fxssvc.exe
04:01:47.0338 0x0d2c  Fax - ok
04:01:47.0354 0x0d2c  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
04:01:47.0354 0x0d2c  fdc - ok
04:01:47.0354 0x0d2c  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
04:01:47.0370 0x0d2c  fdPHost - ok
04:01:47.0370 0x0d2c  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
04:01:47.0370 0x0d2c  FDResPub - ok
04:01:47.0385 0x0d2c  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
04:01:47.0385 0x0d2c  fhsvc - ok
04:01:47.0385 0x0d2c  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
04:01:47.0385 0x0d2c  FileInfo - ok
04:01:47.0401 0x0d2c  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
04:01:47.0401 0x0d2c  Filetrace - ok
04:01:47.0401 0x0d2c  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
04:01:47.0401 0x0d2c  flpydisk - ok
04:01:47.0417 0x0d2c  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
04:01:47.0432 0x0d2c  FltMgr - ok
04:01:47.0463 0x0d2c  [ 1E93CBB75D167CDF85501A8C790097A8, C9E5DD090C94E7855939CE1F416460DB408EFF897C2CD52E0D52A734D8ED18B7 ] FontCache       C:\WINDOWS\system32\FntCache.dll
04:01:47.0479 0x0d2c  FontCache - ok
04:01:47.0495 0x0d2c  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:01:47.0495 0x0d2c  FontCache3.0.0.0 - ok
04:01:47.0510 0x0d2c  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
04:01:47.0510 0x0d2c  FsDepends - ok
04:01:47.0510 0x0d2c  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
04:01:47.0510 0x0d2c  Fs_Rec - ok
04:01:47.0526 0x0d2c  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
04:01:47.0542 0x0d2c  fvevol - ok
04:01:47.0542 0x0d2c  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
04:01:47.0542 0x0d2c  FxPPM - ok
04:01:47.0557 0x0d2c  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
04:01:47.0557 0x0d2c  gagp30kx - ok
04:01:47.0557 0x0d2c  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
04:01:47.0557 0x0d2c  gencounter - ok
04:01:47.0573 0x0d2c  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
04:01:47.0573 0x0d2c  GPIOClx0101 - ok
04:01:47.0604 0x0d2c  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
04:01:47.0635 0x0d2c  gpsvc - ok
04:01:47.0651 0x0d2c  [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:01:47.0651 0x0d2c  gupdate - ok
04:01:47.0651 0x0d2c  [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:01:47.0651 0x0d2c  gupdatem - ok
04:01:47.0667 0x0d2c  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
04:01:47.0682 0x0d2c  HdAudAddService - ok
04:01:47.0698 0x0d2c  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
04:01:47.0698 0x0d2c  HDAudBus - ok
04:01:47.0698 0x0d2c  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
04:01:47.0698 0x0d2c  HidBatt - ok
04:01:47.0713 0x0d2c  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
04:01:47.0713 0x0d2c  HidBth - ok
04:01:47.0713 0x0d2c  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
04:01:47.0729 0x0d2c  hidi2c - ok
04:01:47.0729 0x0d2c  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
04:01:47.0729 0x0d2c  HidIr - ok
04:01:47.0745 0x0d2c  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv         C:\WINDOWS\system32\hidserv.dll
04:01:47.0745 0x0d2c  hidserv - ok
04:01:47.0745 0x0d2c  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
04:01:47.0745 0x0d2c  HidUsb - ok
04:01:47.0760 0x0d2c  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
04:01:47.0760 0x0d2c  hkmsvc - ok
04:01:47.0776 0x0d2c  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
04:01:47.0776 0x0d2c  HomeGroupListener - ok
04:01:47.0792 0x0d2c  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
04:01:47.0807 0x0d2c  HomeGroupProvider - ok
04:01:47.0807 0x0d2c  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
04:01:47.0823 0x0d2c  HpSAMD - ok
04:01:47.0838 0x0d2c  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
04:01:47.0854 0x0d2c  HTTP - ok
04:01:47.0870 0x0d2c  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
04:01:47.0870 0x0d2c  hwpolicy - ok
04:01:47.0870 0x0d2c  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
04:01:47.0885 0x0d2c  hyperkbd - ok
04:01:47.0885 0x0d2c  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
04:01:47.0885 0x0d2c  HyperVideo - ok
04:01:47.0901 0x0d2c  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
04:01:47.0901 0x0d2c  i8042prt - ok
04:01:47.0901 0x0d2c  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
04:01:47.0901 0x0d2c  iaLPSSi_GPIO - ok
04:01:47.0917 0x0d2c  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
04:01:47.0917 0x0d2c  iaLPSSi_I2C - ok
04:01:47.0932 0x0d2c  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
04:01:47.0948 0x0d2c  iaStorAV - ok
04:01:47.0963 0x0d2c  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
04:01:47.0979 0x0d2c  iaStorV - ok
04:01:47.0979 0x0d2c  IEEtwCollectorService - ok
04:01:48.0010 0x0d2c  [ AF8A43C376F83A4A1E7DA16461EDE114, EBA10519B074888355A4FC11D52FF1E6A52F88F754B7F1F9863A8313638645CB ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
04:01:48.0026 0x0d2c  IKEEXT - ok
04:01:48.0042 0x0d2c  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
04:01:48.0042 0x0d2c  intelide - ok
04:01:48.0057 0x0d2c  [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
04:01:48.0057 0x0d2c  intelpep - ok
04:01:48.0057 0x0d2c  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
04:01:48.0057 0x0d2c  intelppm - ok
04:01:48.0073 0x0d2c  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
04:01:48.0073 0x0d2c  IpFilterDriver - ok
04:01:48.0104 0x0d2c  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
04:01:48.0120 0x0d2c  iphlpsvc - ok
04:01:48.0120 0x0d2c  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
04:01:48.0135 0x0d2c  IPMIDRV - ok
04:01:48.0135 0x0d2c  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
04:01:48.0135 0x0d2c  IPNAT - ok
04:01:48.0151 0x0d2c  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
04:01:48.0151 0x0d2c  IRENUM - ok
04:01:48.0151 0x0d2c  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
04:01:48.0151 0x0d2c  isapnp - ok
04:01:48.0167 0x0d2c  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
04:01:48.0182 0x0d2c  iScsiPrt - ok
04:01:48.0182 0x0d2c  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
04:01:48.0182 0x0d2c  kbdclass - ok
04:01:48.0198 0x0d2c  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
04:01:48.0198 0x0d2c  kbdhid - ok
04:01:48.0213 0x0d2c  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
04:01:48.0213 0x0d2c  kdnic - ok
04:01:48.0213 0x0d2c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\WINDOWS\system32\lsass.exe
04:01:48.0213 0x0d2c  KeyIso - ok
04:01:48.0229 0x0d2c  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
04:01:48.0229 0x0d2c  KSecDD - ok
04:01:48.0245 0x0d2c  [ 35C19AF2116F67914712D7C4CBE47B8C, 5F976726880A6E51D7ABFA7E3EF7294C6FB7F383DC5710A2C2EC8DD26DAEC204 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
04:01:48.0245 0x0d2c  KSecPkg - ok
04:01:48.0260 0x0d2c  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
04:01:48.0260 0x0d2c  ksthunk - ok
04:01:48.0276 0x0d2c  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
04:01:48.0276 0x0d2c  KtmRm - ok
04:01:48.0292 0x0d2c  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
04:01:48.0307 0x0d2c  LanmanServer - ok
04:01:48.0307 0x0d2c  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
04:01:48.0323 0x0d2c  LanmanWorkstation - ok
04:01:48.0338 0x0d2c  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
04:01:48.0354 0x0d2c  lfsvc - ok
04:01:48.0370 0x0d2c  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
04:01:48.0370 0x0d2c  lltdio - ok
04:01:48.0385 0x0d2c  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
04:01:48.0385 0x0d2c  lltdsvc - ok
04:01:48.0401 0x0d2c  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
04:01:48.0401 0x0d2c  lmhosts - ok
04:01:48.0420 0x0d2c  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
04:01:48.0423 0x0d2c  LSI_SAS - ok
04:01:48.0424 0x0d2c  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
04:01:48.0424 0x0d2c  LSI_SAS2 - ok
04:01:48.0440 0x0d2c  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
04:01:48.0440 0x0d2c  LSI_SAS3 - ok
04:01:48.0456 0x0d2c  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
04:01:48.0456 0x0d2c  LSI_SSS - ok
04:01:48.0471 0x0d2c  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM             C:\WINDOWS\System32\lsm.dll
04:01:48.0487 0x0d2c  LSM - ok
04:01:48.0503 0x0d2c  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
04:01:48.0503 0x0d2c  luafv - ok
04:01:48.0518 0x0d2c  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
04:01:48.0518 0x0d2c  megasas - ok
04:01:48.0534 0x0d2c  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
04:01:48.0534 0x0d2c  megasr - ok
04:01:48.0549 0x0d2c  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS           C:\WINDOWS\system32\mmcss.dll
04:01:48.0549 0x0d2c  MMCSS - ok
04:01:48.0565 0x0d2c  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
04:01:48.0565 0x0d2c  Modem - ok
04:01:48.0565 0x0d2c  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
04:01:48.0581 0x0d2c  monitor - ok
04:01:48.0581 0x0d2c  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
04:01:48.0581 0x0d2c  mouclass - ok
04:01:48.0600 0x0d2c  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
04:01:48.0602 0x0d2c  mouhid - ok
04:01:48.0611 0x0d2c  [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
04:01:48.0614 0x0d2c  mountmgr - ok
04:01:48.0617 0x0d2c  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
04:01:48.0617 0x0d2c  mpsdrv - ok
04:01:48.0648 0x0d2c  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
04:01:48.0664 0x0d2c  MpsSvc - ok
04:01:48.0664 0x0d2c  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
04:01:48.0679 0x0d2c  MRxDAV - ok
04:01:48.0695 0x0d2c  [ 89DE71940A0E7F5BA617AE08321EF5C3, BD056C9E18E902D6F118E59A6AC68415BFA0690A02D2B360F6C111CE3B5EAC67 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
04:01:48.0695 0x0d2c  mrxsmb - ok
04:01:48.0710 0x0d2c  [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
04:01:48.0710 0x0d2c  mrxsmb10 - ok
04:01:48.0726 0x0d2c  [ EE16457030175F449BAB0ABD279F4B6A, DF627054136079553A24AD12DC7374F1ACEEAD782EFFDC278996AD7BCCE98877 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
04:01:48.0726 0x0d2c  mrxsmb20 - ok
04:01:48.0742 0x0d2c  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
04:01:48.0742 0x0d2c  MsBridge - ok
04:01:48.0757 0x0d2c  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
04:01:48.0757 0x0d2c  MSDTC - ok
04:01:48.0773 0x0d2c  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
04:01:48.0773 0x0d2c  Msfs - ok
04:01:48.0788 0x0d2c  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
04:01:48.0788 0x0d2c  msgpiowin32 - ok
04:01:48.0804 0x0d2c  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
04:01:48.0804 0x0d2c  mshidkmdf - ok
04:01:48.0804 0x0d2c  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
04:01:48.0804 0x0d2c  mshidumdf - ok
04:01:48.0820 0x0d2c  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
04:01:48.0820 0x0d2c  msisadrv - ok
04:01:48.0835 0x0d2c  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
04:01:48.0835 0x0d2c  MSiSCSI - ok
04:01:48.0835 0x0d2c  msiserver - ok
04:01:48.0851 0x0d2c  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
04:01:48.0851 0x0d2c  MSKSSRV - ok
04:01:48.0867 0x0d2c  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
04:01:48.0867 0x0d2c  MsLldp - ok
04:01:48.0867 0x0d2c  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
04:01:48.0867 0x0d2c  MSPCLOCK - ok
04:01:48.0882 0x0d2c  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
04:01:48.0882 0x0d2c  MSPQM - ok
04:01:48.0898 0x0d2c  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
04:01:48.0898 0x0d2c  MsRPC - ok
04:01:48.0913 0x0d2c  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
04:01:48.0913 0x0d2c  mssmbios - ok
04:01:48.0929 0x0d2c  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
04:01:48.0929 0x0d2c  MSTEE - ok
04:01:48.0929 0x0d2c  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
04:01:48.0945 0x0d2c  MTConfig - ok
04:01:48.0945 0x0d2c  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
04:01:48.0945 0x0d2c  Mup - ok
04:01:48.0960 0x0d2c  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
04:01:48.0960 0x0d2c  mvumis - ok
04:01:48.0976 0x0d2c  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\WINDOWS\system32\qagentRT.dll
04:01:48.0992 0x0d2c  napagent - ok
04:01:49.0007 0x0d2c  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
04:01:49.0007 0x0d2c  NativeWifiP - ok
04:01:49.0023 0x0d2c  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
04:01:49.0023 0x0d2c  NcaSvc - ok
04:01:49.0038 0x0d2c  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\WINDOWS\System32\ncbservice.dll
04:01:49.0038 0x0d2c  NcbService - ok
04:01:49.0054 0x0d2c  [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
04:01:49.0054 0x0d2c  NcdAutoSetup - ok
04:01:49.0085 0x0d2c  [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
04:01:49.0101 0x0d2c  NDIS - ok
04:01:49.0117 0x0d2c  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
04:01:49.0117 0x0d2c  NdisCap - ok
04:01:49.0132 0x0d2c  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
04:01:49.0132 0x0d2c  NdisImPlatform - ok
04:01:49.0148 0x0d2c  [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
04:01:49.0148 0x0d2c  NdisTapi - ok
04:01:49.0148 0x0d2c  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
04:01:49.0148 0x0d2c  Ndisuio - ok
04:01:49.0164 0x0d2c  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
04:01:49.0164 0x0d2c  NdisVirtualBus - ok
04:01:49.0179 0x0d2c  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:01:49.0179 0x0d2c  NdisWan - ok
04:01:49.0195 0x0d2c  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
04:01:49.0195 0x0d2c  NdisWanLegacy - ok
04:01:49.0210 0x0d2c  [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
04:01:49.0210 0x0d2c  NDProxy - ok
04:01:49.0226 0x0d2c  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
04:01:49.0226 0x0d2c  Ndu - ok
04:01:49.0226 0x0d2c  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
04:01:49.0226 0x0d2c  NetBIOS - ok
04:01:49.0242 0x0d2c  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
04:01:49.0257 0x0d2c  NetBT - ok
04:01:49.0257 0x0d2c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\WINDOWS\system32\lsass.exe
04:01:49.0273 0x0d2c  Netlogon - ok
04:01:49.0273 0x0d2c  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\WINDOWS\System32\netman.dll
04:01:49.0288 0x0d2c  Netman - ok
04:01:49.0304 0x0d2c  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
04:01:49.0320 0x0d2c  netprofm - ok
04:01:49.0335 0x0d2c  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:01:49.0335 0x0d2c  NetTcpPortSharing - ok
04:01:49.0351 0x0d2c  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\WINDOWS\System32\drivers\netvsc63.sys
04:01:49.0351 0x0d2c  netvsc - ok
04:01:49.0367 0x0d2c  [ 978B07454FFE135E971130BF200530DB, 40DA06804570264BD3FCD8EA30C8730FACEAC0005CEE7FA7AF579F266E916E11 ] ngvss           C:\WINDOWS\system32\drivers\ngvss.sys
04:01:49.0367 0x0d2c  ngvss - ok
04:01:49.0382 0x0d2c  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
04:01:49.0398 0x0d2c  NlaSvc - ok
04:01:49.0398 0x0d2c  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
04:01:49.0398 0x0d2c  Npfs - ok
04:01:49.0413 0x0d2c  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
04:01:49.0413 0x0d2c  npsvctrig - ok
04:01:49.0429 0x0d2c  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi             C:\WINDOWS\system32\nsisvc.dll
04:01:49.0429 0x0d2c  nsi - ok
04:01:49.0445 0x0d2c  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
04:01:49.0445 0x0d2c  nsiproxy - ok
04:01:49.0507 0x0d2c  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
04:01:49.0538 0x0d2c  Ntfs - ok
04:01:49.0554 0x0d2c  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
04:01:49.0554 0x0d2c  Null - ok
04:01:49.0570 0x0d2c  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
04:01:49.0570 0x0d2c  nvraid - ok
04:01:49.0585 0x0d2c  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
04:01:49.0585 0x0d2c  nvstor - ok
04:01:49.0601 0x0d2c  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
04:01:49.0601 0x0d2c  nv_agp - ok
04:01:49.0617 0x0d2c  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
04:01:49.0632 0x0d2c  p2pimsvc - ok
04:01:49.0648 0x0d2c  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
04:01:49.0648 0x0d2c  p2psvc - ok
04:01:49.0663 0x0d2c  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
04:01:49.0663 0x0d2c  Parport - ok
04:01:49.0679 0x0d2c  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
04:01:49.0679 0x0d2c  partmgr - ok
04:01:49.0695 0x0d2c  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
04:01:49.0710 0x0d2c  PcaSvc - ok
04:01:49.0726 0x0d2c  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
04:01:49.0742 0x0d2c  pci - ok
04:01:49.0742 0x0d2c  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
04:01:49.0742 0x0d2c  pciide - ok
04:01:49.0757 0x0d2c  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
04:01:49.0757 0x0d2c  pcmcia - ok
04:01:49.0773 0x0d2c  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
04:01:49.0773 0x0d2c  pcw - ok
04:01:49.0788 0x0d2c  [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
04:01:49.0788 0x0d2c  pdc - ok
04:01:49.0804 0x0d2c  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
04:01:49.0820 0x0d2c  PEAUTH - ok
04:01:49.0851 0x0d2c  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
04:01:49.0867 0x0d2c  PerfHost - ok
04:01:49.0929 0x0d2c  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla             C:\WINDOWS\system32\pla.dll
04:01:49.0960 0x0d2c  pla - ok
04:01:49.0960 0x0d2c  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
04:01:49.0976 0x0d2c  PlugPlay - ok
04:01:49.0976 0x0d2c  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
04:01:49.0992 0x0d2c  PNRPAutoReg - ok
04:01:50.0007 0x0d2c  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
04:01:50.0007 0x0d2c  PNRPsvc - ok
04:01:50.0023 0x0d2c  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
04:01:50.0038 0x0d2c  PolicyAgent - ok
04:01:50.0054 0x0d2c  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power           C:\WINDOWS\system32\umpo.dll
04:01:50.0054 0x0d2c  Power - ok
04:01:50.0132 0x0d2c  [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494E2DAED63F1D4B5 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
04:01:50.0179 0x0d2c  PrintNotify - ok
04:01:50.0195 0x0d2c  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
04:01:50.0195 0x0d2c  Processor - ok
04:01:50.0210 0x0d2c  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
04:01:50.0226 0x0d2c  ProfSvc - ok
04:01:50.0242 0x0d2c  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
04:01:50.0242 0x0d2c  Psched - ok
04:01:50.0257 0x0d2c  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE           C:\WINDOWS\system32\qwave.dll
04:01:50.0257 0x0d2c  QWAVE - ok
04:01:50.0273 0x0d2c  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
04:01:50.0273 0x0d2c  QWAVEdrv - ok
04:01:50.0288 0x0d2c  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
04:01:50.0288 0x0d2c  RasAcd - ok
04:01:50.0304 0x0d2c  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
04:01:50.0304 0x0d2c  RasAuto - ok
04:01:50.0320 0x0d2c  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\WINDOWS\System32\rasmans.dll
04:01:50.0335 0x0d2c  RasMan - ok
04:01:50.0351 0x0d2c  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
04:01:50.0351 0x0d2c  RasPppoe - ok
04:01:50.0367 0x0d2c  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
04:01:50.0382 0x0d2c  rdbss - ok
04:01:50.0398 0x0d2c  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
04:01:50.0398 0x0d2c  rdpbus - ok
04:01:50.0413 0x0d2c  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
04:01:50.0413 0x0d2c  RDPDR - ok
04:01:50.0436 0x0d2c  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
04:01:50.0436 0x0d2c  RdpVideoMiniport - ok
04:01:50.0452 0x0d2c  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
04:01:50.0467 0x0d2c  rdyboost - ok
04:01:50.0483 0x0d2c  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
04:01:50.0499 0x0d2c  ReFS - ok
04:01:50.0514 0x0d2c  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
04:01:50.0530 0x0d2c  RemoteAccess - ok
04:01:50.0546 0x0d2c  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
04:01:50.0546 0x0d2c  RemoteRegistry - ok
04:01:50.0561 0x0d2c  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
04:01:50.0561 0x0d2c  RpcEptMapper - ok
04:01:50.0577 0x0d2c  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\WINDOWS\system32\locator.exe
04:01:50.0577 0x0d2c  RpcLocator - ok
04:01:50.0608 0x0d2c  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
04:01:50.0624 0x0d2c  RpcSs - ok
04:01:50.0639 0x0d2c  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
04:01:50.0639 0x0d2c  rspndr - ok
04:01:50.0655 0x0d2c  [ 19764658C1468C2C0CEF133D28414A6B, 87AD4056F6C67052433A366B200B75613148B69B9B9D502AD926A7F7F037B8DE ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
04:01:50.0671 0x0d2c  RTL8168 - ok
04:01:50.0686 0x0d2c  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
04:01:50.0686 0x0d2c  s3cap - ok
04:01:50.0702 0x0d2c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs           C:\WINDOWS\system32\lsass.exe
04:01:50.0702 0x0d2c  SamSs - ok
04:01:50.0717 0x0d2c  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
04:01:50.0717 0x0d2c  sbp2port - ok
04:01:50.0733 0x0d2c  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
04:01:50.0733 0x0d2c  SCardSvr - ok
04:01:50.0749 0x0d2c  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
04:01:50.0749 0x0d2c  ScDeviceEnum - ok
04:01:50.0764 0x0d2c  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
04:01:50.0764 0x0d2c  scfilter - ok
04:01:50.0796 0x0d2c  [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
04:01:50.0827 0x0d2c  Schedule - ok
04:01:50.0842 0x0d2c  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
04:01:50.0842 0x0d2c  SCPolicySvc - ok
04:01:50.0858 0x0d2c  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
04:01:50.0874 0x0d2c  sdbus - ok
04:01:50.0889 0x0d2c  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
04:01:50.0889 0x0d2c  sdstor - ok
04:01:50.0889 0x0d2c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
04:01:50.0905 0x0d2c  secdrv - ok
04:01:50.0905 0x0d2c  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\WINDOWS\system32\seclogon.dll
04:01:50.0905 0x0d2c  seclogon - ok
04:01:50.0921 0x0d2c  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\WINDOWS\System32\sens.dll
04:01:50.0936 0x0d2c  SENS - ok
04:01:50.0936 0x0d2c  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
04:01:50.0952 0x0d2c  SensrSvc - ok
04:01:50.0967 0x0d2c  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
04:01:50.0967 0x0d2c  SerCx - ok
04:01:50.0983 0x0d2c  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
04:01:50.0983 0x0d2c  SerCx2 - ok
04:01:50.0999 0x0d2c  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
04:01:50.0999 0x0d2c  Serenum - ok
04:01:51.0014 0x0d2c  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
04:01:51.0014 0x0d2c  Serial - ok
04:01:51.0014 0x0d2c  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
04:01:51.0030 0x0d2c  sermouse - ok
04:01:51.0061 0x0d2c  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
04:01:51.0077 0x0d2c  SessionEnv - ok
04:01:51.0092 0x0d2c  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
04:01:51.0092 0x0d2c  sfloppy - ok
04:01:51.0108 0x0d2c  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
04:01:51.0124 0x0d2c  SharedAccess - ok
04:01:51.0139 0x0d2c  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
04:01:51.0155 0x0d2c  ShellHWDetection - ok
04:01:51.0171 0x0d2c  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
04:01:51.0171 0x0d2c  SiSRaid2 - ok
04:01:51.0186 0x0d2c  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
04:01:51.0186 0x0d2c  SiSRaid4 - ok
04:01:51.0202 0x0d2c  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
04:01:51.0202 0x0d2c  SkypeUpdate - ok
04:01:51.0217 0x0d2c  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost         C:\WINDOWS\System32\smphost.dll
04:01:51.0217 0x0d2c  smphost - ok
04:01:51.0249 0x0d2c  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
04:01:51.0249 0x0d2c  SNMPTRAP - ok
04:01:51.0280 0x0d2c  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
04:01:51.0280 0x0d2c  spaceport - ok
04:01:51.0296 0x0d2c  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
04:01:51.0296 0x0d2c  SpbCx - ok
04:01:51.0327 0x0d2c  [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler         C:\WINDOWS\System32\spoolsv.exe
04:01:51.0342 0x0d2c  Spooler - ok
04:01:51.0483 0x0d2c  [ 46549AF7CB672BC8138264CC4100E9F8, 6434249FADB07A033FD40C37DF2B775CF0617CF0C3E7C170F2984BD3CE423794 ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
04:01:51.0592 0x0d2c  sppsvc - ok
04:01:51.0624 0x0d2c  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
04:01:51.0624 0x0d2c  srv - ok
04:01:51.0655 0x0d2c  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
04:01:51.0671 0x0d2c  srv2 - ok
04:01:51.0686 0x0d2c  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
04:01:51.0686 0x0d2c  srvnet - ok
04:01:51.0702 0x0d2c  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
04:01:51.0718 0x0d2c  SSDPSRV - ok
04:01:51.0718 0x0d2c  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
04:01:51.0733 0x0d2c  SstpSvc - ok
04:01:51.0749 0x0d2c  [ 5852D5FADD589643B6C1B5BE9D257A50, 38DC6CEB0AA6AF4FD046A9CF7571E345E52D30471E248E2B99FC6D5622257145 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
04:01:51.0764 0x0d2c  Steam Client Service - ok
04:01:51.0780 0x0d2c  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
04:01:51.0780 0x0d2c  stexstor - ok
04:01:51.0811 0x0d2c  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
04:01:51.0827 0x0d2c  stisvc - ok
04:01:51.0842 0x0d2c  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
04:01:51.0842 0x0d2c  storahci - ok
04:01:51.0858 0x0d2c  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
04:01:51.0858 0x0d2c  storflt - ok
04:01:51.0874 0x0d2c  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
04:01:51.0874 0x0d2c  stornvme - ok
04:01:51.0874 0x0d2c  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
04:01:51.0889 0x0d2c  StorSvc - ok
04:01:51.0905 0x0d2c  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
04:01:51.0905 0x0d2c  storvsc - ok
04:01:51.0905 0x0d2c  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc           C:\WINDOWS\system32\svsvc.dll
04:01:51.0921 0x0d2c  svsvc - ok
04:01:51.0921 0x0d2c  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
04:01:51.0921 0x0d2c  swenum - ok
04:01:51.0952 0x0d2c  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv           C:\WINDOWS\System32\swprv.dll
04:01:51.0968 0x0d2c  swprv - ok
04:01:51.0999 0x0d2c  [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain         C:\WINDOWS\system32\sysmain.dll
04:01:52.0030 0x0d2c  SysMain - ok
04:01:52.0046 0x0d2c  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
04:01:52.0061 0x0d2c  SystemEventsBroker - ok
04:01:52.0077 0x0d2c  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
04:01:52.0077 0x0d2c  TabletInputService - ok
04:01:52.0092 0x0d2c  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
04:01:52.0108 0x0d2c  TapiSrv - ok
04:01:52.0155 0x0d2c  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
04:01:52.0202 0x0d2c  Tcpip - ok
04:01:52.0264 0x0d2c  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
04:01:52.0296 0x0d2c  TCPIP6 - ok
04:01:52.0327 0x0d2c  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
04:01:52.0327 0x0d2c  tcpipreg - ok
04:01:52.0358 0x0d2c  [ 03E62CD83A62859F4F796434EE6C385E, B5D9C38A207DDFF485A323F86E0926AC8A676733A98BF4A1A2BBA28B74B613CF ] Tdsshbecr       C:\WINDOWS\system32\DRIVERS\shbecr.sys
04:01:52.0358 0x0d2c  Tdsshbecr - ok
04:01:52.0374 0x0d2c  [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA7332B3D97908C3D90 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
04:01:52.0374 0x0d2c  tdx - ok
04:01:52.0389 0x0d2c  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
04:01:52.0389 0x0d2c  terminpt - ok
04:01:52.0421 0x0d2c  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService     C:\WINDOWS\System32\termsrv.dll
04:01:52.0445 0x0d2c  TermService - ok
04:01:52.0467 0x0d2c  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\WINDOWS\system32\themeservice.dll
04:01:52.0467 0x0d2c  Themes - ok
04:01:52.0483 0x0d2c  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
04:01:52.0483 0x0d2c  THREADORDER - ok
04:01:52.0498 0x0d2c  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
04:01:52.0514 0x0d2c  TimeBroker - ok
04:01:52.0529 0x0d2c  [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B1798DFA476981385 ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
04:01:52.0529 0x0d2c  TPM - ok
04:01:52.0545 0x0d2c  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
04:01:52.0545 0x14c4  Object required for P2P: [ 199D3FA1AF32FCE46A38E8EB64FFF520 ] avast! Antivirus
04:01:52.0545 0x0d2c  TrkWks - ok
04:01:52.0561 0x0d2c  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
04:01:52.0561 0x0d2c  TrustedInstaller - ok
04:01:52.0592 0x0d2c  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
04:01:52.0592 0x0d2c  TsUsbFlt - ok
04:01:52.0608 0x0d2c  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
04:01:52.0608 0x0d2c  TsUsbGD - ok
04:01:52.0623 0x0d2c  [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C96B3B2AD70413F3 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
04:01:52.0623 0x0d2c  tunnel - ok
04:01:52.0639 0x0d2c  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
04:01:52.0639 0x0d2c  uagp35 - ok
04:01:52.0654 0x0d2c  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
04:01:52.0654 0x0d2c  UASPStor - ok
04:01:52.0670 0x0d2c  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
04:01:52.0670 0x0d2c  UCX01000 - ok
04:01:52.0686 0x0d2c  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
04:01:52.0701 0x0d2c  udfs - ok
04:01:52.0701 0x14c4  Object send P2P result: true
04:01:52.0733 0x0d2c  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
04:01:52.0748 0x0d2c  UEFI - ok
04:01:52.0795 0x0d2c  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
04:01:52.0795 0x0d2c  UI0Detect - ok
04:01:52.0811 0x0d2c  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
04:01:52.0811 0x0d2c  uliagpkx - ok
04:01:52.0826 0x0d2c  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
04:01:52.0826 0x0d2c  umbus - ok
04:01:52.0842 0x0d2c  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
04:01:52.0842 0x0d2c  UmPass - ok
04:01:52.0858 0x0d2c  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
04:01:52.0873 0x0d2c  UmRdpService - ok
04:01:52.0889 0x0d2c  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\WINDOWS\System32\upnphost.dll
04:01:52.0904 0x0d2c  upnphost - ok
04:01:52.0920 0x0d2c  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
04:01:52.0920 0x0d2c  usbccgp - ok
04:01:52.0936 0x0d2c  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
04:01:52.0936 0x0d2c  usbcir - ok
04:01:52.0951 0x0d2c  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
04:01:52.0951 0x0d2c  usbehci - ok
04:01:52.0983 0x0d2c  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
04:01:52.0998 0x0d2c  usbhub - ok
04:01:53.0014 0x0d2c  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
04:01:53.0029 0x0d2c  USBHUB3 - ok
04:01:53.0045 0x0d2c  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
04:01:53.0045 0x0d2c  usbohci - ok
04:01:53.0061 0x0d2c  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
04:01:53.0061 0x0d2c  usbprint - ok
04:01:53.0076 0x0d2c  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
04:01:53.0092 0x0d2c  USBSTOR - ok
04:01:53.0108 0x0d2c  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
04:01:53.0108 0x0d2c  usbuhci - ok
04:01:53.0123 0x0d2c  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
04:01:53.0139 0x0d2c  USBXHCI - ok
04:01:53.0154 0x0d2c  [ A85B07AF8B98E8C5C7711BF37910A88D, 1182E5C3BF2FD0032BCF773C5FCE074516F7089B65E438CF8D5A71DBF69C23A5 ] ValFltr         C:\WINDOWS\system32\drivers\ValoFltr.sys
04:01:53.0154 0x0d2c  ValFltr - ok
04:01:53.0170 0x0d2c  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\WINDOWS\system32\lsass.exe
04:01:53.0170 0x0d2c  VaultSvc - ok
04:01:53.0186 0x0d2c  [ 1999B15CE2B8776B463561B7F939C8C5, 8EAB82F4B259BE13597E775B3798D5B539840ADE045E1C0BCF2B7B8E39409C83 ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
04:01:53.0186 0x0d2c  VBoxAswDrv - ok
04:01:53.0201 0x0d2c  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
04:01:53.0201 0x0d2c  vdrvroot - ok
04:01:53.0248 0x0d2c  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds             C:\WINDOWS\System32\vds.exe
04:01:53.0264 0x0d2c  vds - ok
04:01:53.0295 0x0d2c  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
04:01:53.0295 0x0d2c  VerifierExt - ok
04:01:53.0311 0x0d2c  [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
04:01:53.0326 0x0d2c  vhdmp - ok
04:01:53.0342 0x0d2c  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
04:01:53.0342 0x0d2c  viaide - ok
04:01:53.0358 0x0d2c  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
04:01:53.0358 0x0d2c  vmbus - ok
04:01:53.0373 0x0d2c  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
04:01:53.0373 0x0d2c  VMBusHID - ok
04:01:53.0389 0x0d2c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
04:01:53.0404 0x0d2c  vmicguestinterface - ok
04:01:53.0436 0x0d2c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
04:01:53.0436 0x0d2c  vmicheartbeat - ok
04:01:53.0451 0x0d2c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
04:01:53.0467 0x0d2c  vmickvpexchange - ok
04:01:53.0483 0x0d2c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
04:01:53.0498 0x0d2c  vmicrdv - ok
04:01:53.0514 0x0d2c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
04:01:53.0529 0x0d2c  vmicshutdown - ok
04:01:53.0545 0x0d2c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
04:01:53.0561 0x0d2c  vmictimesync - ok
04:01:53.0576 0x0d2c  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
04:01:53.0592 0x0d2c  vmicvss - ok
04:01:53.0608 0x0d2c  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
04:01:53.0608 0x0d2c  volmgr - ok
04:01:53.0623 0x0d2c  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
04:01:53.0639 0x0d2c  volmgrx - ok
04:01:53.0654 0x0d2c  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
04:01:53.0670 0x0d2c  volsnap - ok
04:01:53.0686 0x0d2c  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
04:01:53.0686 0x0d2c  vpci - ok
04:01:53.0701 0x0d2c  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
04:01:53.0701 0x0d2c  vsmraid - ok
04:01:53.0733 0x0d2c  [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS             C:\WINDOWS\system32\vssvc.exe
04:01:53.0764 0x0d2c  VSS - ok
04:01:53.0795 0x0d2c  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
04:01:53.0795 0x0d2c  VSTXRAID - ok
04:01:53.0811 0x0d2c  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
04:01:53.0811 0x0d2c  vwifibus - ok
04:01:53.0842 0x0d2c  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time         C:\WINDOWS\system32\w32time.dll
04:01:53.0858 0x0d2c  W32Time - ok
04:01:53.0873 0x0d2c  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
04:01:53.0873 0x0d2c  WacomPen - ok
04:01:53.0904 0x0d2c  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
04:01:53.0936 0x0d2c  wbengine - ok
04:01:53.0967 0x0d2c  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
04:01:53.0983 0x0d2c  WbioSrvc - ok
04:01:53.0998 0x0d2c  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
04:01:54.0014 0x0d2c  Wcmsvc - ok
04:01:54.0029 0x0d2c  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
04:01:54.0045 0x0d2c  wcncsvc - ok
04:01:54.0061 0x0d2c  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
04:01:54.0061 0x0d2c  WcsPlugInService - ok
04:01:54.0076 0x0d2c  [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
04:01:54.0076 0x0d2c  WdBoot - ok
04:01:54.0108 0x0d2c  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
04:01:54.0123 0x0d2c  Wdf01000 - ok
04:01:54.0139 0x0d2c  [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
04:01:54.0139 0x0d2c  WdFilter - ok
04:01:54.0154 0x0d2c  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
04:01:54.0170 0x0d2c  WdiServiceHost - ok
04:01:54.0170 0x0d2c  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
04:01:54.0186 0x0d2c  WdiSystemHost - ok
04:01:54.0201 0x0d2c  [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
04:01:54.0201 0x0d2c  WdNisDrv - ok
04:01:54.0217 0x0d2c  WdNisSvc - ok
04:01:54.0233 0x0d2c  [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient       C:\WINDOWS\System32\webclnt.dll
04:01:54.0233 0x0d2c  WebClient - ok
04:01:54.0264 0x0d2c  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
04:01:54.0264 0x0d2c  Wecsvc - ok
04:01:54.0279 0x0d2c  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
04:01:54.0279 0x0d2c  WEPHOSTSVC - ok
04:01:54.0295 0x0d2c  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
04:01:54.0295 0x0d2c  wercplsupport - ok
04:01:54.0311 0x0d2c  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
04:01:54.0326 0x0d2c  WerSvc - ok
04:01:54.0342 0x0d2c  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
04:01:54.0342 0x0d2c  WFPLWFS - ok
04:01:54.0358 0x0d2c  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
04:01:54.0358 0x0d2c  WiaRpc - ok
04:01:54.0373 0x0d2c  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
04:01:54.0373 0x0d2c  WIMMount - ok
04:01:54.0389 0x0d2c  WinDefend - ok
04:01:54.0436 0x0d2c  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
04:01:54.0459 0x0d2c  WinHttpAutoProxySvc - ok
04:01:54.0475 0x0d2c  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
04:01:54.0491 0x0d2c  Winmgmt - ok
04:01:54.0553 0x0d2c  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
04:01:54.0616 0x0d2c  WinRM - ok
04:01:54.0647 0x0d2c  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\system32\DRIVERS\WinUsb.sys
04:01:54.0662 0x0d2c  WinUsb - ok
04:01:54.0694 0x0d2c  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
04:01:54.0725 0x0d2c  WlanSvc - ok
04:01:54.0772 0x0d2c  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
04:01:54.0803 0x0d2c  wlidsvc - ok
04:01:54.0834 0x0d2c  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
04:01:54.0834 0x0d2c  WmiAcpi - ok
04:01:54.0850 0x0d2c  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
04:01:54.0866 0x0d2c  wmiApSrv - ok
04:01:54.0866 0x0d2c  WMPNetworkSvc - ok
04:01:54.0897 0x0d2c  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
04:01:54.0897 0x0d2c  Wof - ok
04:01:54.0944 0x0d2c  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
04:01:54.0975 0x0d2c  workfolderssvc - ok
04:01:55.0006 0x0d2c  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
04:01:55.0006 0x0d2c  wpcfltr - ok
04:01:55.0022 0x0d2c  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
04:01:55.0022 0x0d2c  WPCSvc - ok
04:01:55.0037 0x0d2c  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
04:01:55.0037 0x0d2c  WPDBusEnum - ok
04:01:55.0053 0x0d2c  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
04:01:55.0053 0x0d2c  WpdUpFltr - ok
04:01:55.0069 0x0d2c  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
04:01:55.0069 0x0d2c  ws2ifsl - ok
04:01:55.0084 0x0d2c  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
04:01:55.0100 0x0d2c  wscsvc - ok
04:01:55.0116 0x0d2c  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
04:01:55.0116 0x0d2c  WSDPrintDevice - ok
04:01:55.0131 0x0d2c  WSearch - ok
04:01:55.0209 0x0d2c  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService       C:\WINDOWS\System32\WSService.dll
04:01:55.0287 0x0d2c  WSService - ok
04:01:55.0366 0x0d2c  [ 4BD3138EF061E24F9FDC722B49274B40, F9339F6AA8822E5E1334E41BE4140F9E8E5B24D1CD85B4C746D714AFDD485B49 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
04:01:55.0444 0x0d2c  wuauserv - ok
04:01:55.0475 0x0d2c  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
04:01:55.0475 0x0d2c  WudfPf - ok
04:01:55.0500 0x0d2c  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
04:01:55.0505 0x0d2c  WUDFRd - ok
04:01:55.0514 0x0d2c  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
04:01:55.0514 0x0d2c  wudfsvc - ok
04:01:55.0529 0x0d2c  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
04:01:55.0545 0x0d2c  WUDFWpdFs - ok
04:01:55.0561 0x0d2c  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
04:01:55.0561 0x0d2c  WUDFWpdMtp - ok
04:01:55.0592 0x0d2c  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
04:01:55.0592 0x0d2c  WwanSvc - ok
04:01:55.0639 0x0d2c  ================ Scan global ===============================
04:01:55.0639 0x0d2c  [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\WINDOWS\system32\basesrv.dll
04:01:55.0654 0x0d2c  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\WINDOWS\system32\winsrv.dll
04:01:55.0654 0x0d2c  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\WINDOWS\system32\sxssrv.dll
04:01:55.0670 0x0d2c  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\WINDOWS\system32\services.exe
04:01:55.0686 0x0d2c  [ Global ] - ok
04:01:55.0686 0x0d2c  ================ Scan MBR ==================================
04:01:55.0686 0x0d2c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
04:01:55.0701 0x0d2c  \Device\Harddisk0\DR0 - ok
04:01:56.0328 0x0d2c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
04:01:56.0344 0x0d2c  \Device\Harddisk1\DR1 - ok
04:01:56.0344 0x0d2c  ================ Scan VBR ==================================
04:01:56.0344 0x0d2c  [ 415B924A6D08BC098EADD229E3F8836C ] \Device\Harddisk0\DR0\Partition1
04:01:56.0359 0x0d2c  \Device\Harddisk0\DR0\Partition1 - ok
04:01:56.0359 0x0d2c  [ 04039ED76C99768269802EB72110659B ] \Device\Harddisk0\DR0\Partition2
04:01:56.0359 0x0d2c  \Device\Harddisk0\DR0\Partition2 - ok
04:01:56.0359 0x0d2c  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
04:01:56.0359 0x0d2c  \Device\Harddisk0\DR0\Partition3 - ok
04:01:56.0375 0x0d2c  [ E618891A32166949C8C3A4BC8B5ACBB3 ] \Device\Harddisk0\DR0\Partition4
04:01:56.0375 0x0d2c  \Device\Harddisk0\DR0\Partition4 - ok
04:01:56.0375 0x0d2c  [ 1408CAD40B5A47A74A7AF861AD042AFC ] \Device\Harddisk0\DR0\Partition5
04:01:56.0375 0x0d2c  \Device\Harddisk0\DR0\Partition5 - ok
04:01:56.0375 0x0d2c  [ E998462B5BA99B976BD1F3FF1E00ADB5 ] \Device\Harddisk0\DR0\Partition6
04:01:56.0375 0x0d2c  \Device\Harddisk0\DR0\Partition6 - ok
04:01:56.0390 0x0d2c  [ 4129DE607816A97C8680632740E55161 ] \Device\Harddisk1\DR1\Partition1
04:01:56.0422 0x0d2c  \Device\Harddisk1\DR1\Partition1 - ok
04:01:56.0422 0x0d2c  ================ Scan generic autorun ======================
04:01:56.0459 0x0d2c  [ 73F1B07CF82235B25BCC3E9A7522ACCB, 47221B8DFF5A44050AFB0AB5A249FEECE36BE2E000D6529E099128EEDFA647DA ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
04:01:56.0463 0x0d2c  StartCCC - ok
04:01:56.0478 0x0d2c  [ FE821F6FA60E9DF9FDEE69A23488BBAB, 98D9926152FDA45705F5E208D7236E467CAEEF83D756A14B4104EBF804644B29 ] c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
04:01:56.0494 0x0d2c  Adobe ARM - ok
04:01:56.0650 0x0d2c  [ 2F722690B624C9AD160EDC24DCA880DF, DB0D8B6A929550F8A7B0B518CEBFCAB077B07CECA55B2800C1A752F990B05E7C ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
04:01:56.0775 0x0d2c  AvastUI.exe - ok
04:01:56.0791 0x0d2c  [ FCEC6F664FA7E5FE323165FBC9314470, 4E5AB1E6C3D2881D95E74F2F28649A7DBC4919CA249829A0E4CD9804E401A025 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
04:01:56.0806 0x0d2c  SunJavaUpdateSched - ok
04:01:56.0838 0x0d2c  [ E17E53F297560C31631C4AC549385AE3, 7A5A6895D7DEF32B4CC7EF037E15CF5C4B01E28A3903F30686910C4AA89835A5 ] C:\Users\Magnus\AppData\Roaming\uTorrent\uTorrent.exe
04:01:56.0869 0x0d2c  uTorrent - ok
04:01:56.0916 0x0d2c  [ 005B2B63719E6B3E8E2E1446A9278F8E, 0A34046B0205A2FEEE5E2867765D171D7BA420A1527E49472A35B484219BD377 ] C:\Users\Magnus\AppData\Roaming\Spotify\SpotifyWebHelper.exe
04:01:56.0947 0x0d2c  Spotify Web Helper - ok
04:01:57.0041 0x0d2c  [ 3D5D4137594D2EBA8868EAD504B89366, D5FEB5B8303B083A79A4617E59B2FB34FAD71BE72F3F8DD6E4B69B3D03FE658A ] C:\Program Files\DAEMON Tools Lite\DTAgent.exe
04:01:57.0119 0x0d2c  DAEMON Tools Lite Automount - ok
04:01:57.0119 0x0d2c  Skype - ok
04:01:57.0134 0x0d2c  [ 369993D4B8C009393A2F9BCBB7BD2587, DD9FBF8C32BB3A29F7062BABA23B84FB9F7395A4AB3FB7001071154CDE92F7D5 ] C:\Program Files (x86)\Windows Mail\wab.exe
04:01:57.0134 0x0d2c  WAB Migrate - ok
04:01:57.0150 0x0d2c  Waiting for KSN requests completion. In queue: 109
04:01:57.0306 0x1898  Object required for P2P: [ 2F722690B624C9AD160EDC24DCA880DF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
04:01:57.0494 0x1898  Object send P2P result: true
04:01:58.0213 0x0d2c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
04:01:58.0213 0x0d2c  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2241.1482 ), 0x41000 ( enabled : updated )
04:01:58.0213 0x0d2c  Win FW state via NFP2: enabled ( trusted )
04:01:58.0338 0x0d2c  ============================================================
04:01:58.0338 0x0d2c  Scan finished
04:01:58.0338 0x0d2c  ============================================================
04:01:58.0338 0x1cb4  Detected object count: 0
04:01:58.0338 0x1cb4  Actual detected object count: 0
 
 
Malwarebytes:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2015-11-20
Scan Time: 04:05
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.19.05
Rootkit Database: v2015.11.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Magnus
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398977
Time Elapsed: 6 min, 11 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
PUP.Optional.OptimizerPro, C:\Users\Magnus\Documents\Optimizer Pro, , [06db106f2a613df9d68a652710f314ec], 
 
Files: 6
PUP.Optional.OpenCandy, C:\Users\Magnus\Downloads\DTLite4481-0347.exe, , [4f922a5538530630ca7e4c26dc28ce32], 
PUP.Optional.OptimizerPro, C:\Users\Magnus\Documents\Optimizer Pro\CookiesException.txt, , [06db106f2a613df9d68a652710f314ec], 
PUP.Optional.PricePeep, C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, , [07da86f9d0bb50e66a7de9a63dc60cf4], 
PUP.Optional.PricePeep, C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, , [9f42522d8dfe61d5e4032a65d132a759], 
PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage, , [1dc4730c414ab18515423b74aa594ab6], 
PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\Magnus\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal, , [e3fe7708404beb4be6717837aa59847c], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by Vanyel, 19 November 2015 - 10:15 PM.


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 PM

Posted 19 November 2015 - 10:36 PM

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:23 PM

Posted 22 November 2015 - 07:00 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users