Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant remove loadit.exe - Keep getting popup screen and system issues.


  • This topic is locked This topic is locked
15 replies to this topic

#1 Spaceace

Spaceace

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 14 December 2015 - 12:21 AM

I keep getting a popup "cant load 16 bit application. It points to "loadit.exe"

When I delete it, it keeps coming back.

 

 

A lot of things have stopped working on my system.

 

Appreciate any assistance.

 

Here are  logs;

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-12-2015
Ran by Owner (administrator) on OWNER-PC130426 (13-12-2015 21:05:07)
Running from C:\Users\Owner\Desktop\Virus 2015
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(RME) C:\Windows\System32\firefaceusb.exe
(RME) C:\Windows\System32\TotalMixFX.exe
() C:\Users\Owner\AppData\Roaming\autostarter.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(IObit) C:\Program Files (x86)\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [FirefaceUsbTray1] => C:\Windows\system32\firefaceusb.exe [91648 2013-05-22] (RME)
HKLM\...\Run: [FirefaceMixTray2] => C:\Windows\system32\TotalMixFX.exe [5417984 2013-05-22] (RME)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\...\MountPoints2: {858c1b64-1685-11e3-9fed-00224d7c7b24} - G:\setup.exe -a
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk [2015-12-05]
ShortcutTarget: AutoStarter.lnk -> C:\Users\Owner\AppData\Roaming\autostarter.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9C660B52-B659-4163-8C02-97F709D13616}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?type=531140&fr=spigot-yhp-ie
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.yahoo.com/
SearchScopes: HKU\S-1-5-21-1454793562-2284514846-3538862010-1001 -> {8A6F3B23-66A1-4C35-8677-FE9412FE93F5} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=531140&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit Uninstaller\UninstallExplorer.dll [2015-09-21] (IObit)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\eybeig3d.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxps://search.yahoo.com/?type=531140&fr=spigot-yhp-ff
hxxp://www.yahoo.com/
FF Keyword.URL: hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=531140&p=
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\eybeig3d.default\searchplugins\yahoo_ff.xml [2015-12-13]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\eybeig3d.default\extensions\iobitascsurfingprotection@iobit.com [not found]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-11-03] (SurfRight B.V.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe [71832 2009-04-22] (SiSoftware) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 firefaceu64; C:\Windows\System32\drivers\fireface_usb_64.sys [100736 2013-05-22] (RME)
R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [111696 2014-02-05] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-09-17] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633552 2012-09-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390224 2012-09-17] (Paragon)
S3 cpuz136; \??\C:\Users\Owner\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-13 20:48 - 2015-12-13 21:05 - 00000000 ____D C:\FRST
2015-12-13 20:46 - 2015-12-13 21:05 - 00000000 ____D C:\Users\Owner\Desktop\Virus 2015
2015-12-13 20:28 - 2015-12-13 20:52 - 00006589 _____ C:\Users\Owner\AppData\Roaming\loadit.exe
2015-12-13 15:28 - 2015-12-13 16:00 - 00001372 _____ C:\Users\Owner\Desktop\SpyHunter.lnk
2015-12-13 15:28 - 2015-12-13 15:28 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-12-13 15:28 - 2015-12-13 15:28 - 00003338 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-12-13 15:28 - 2015-12-13 15:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-12-13 15:28 - 2015-12-13 15:28 - 00000000 ____D C:\sh4ldr
2015-12-13 15:28 - 2015-12-13 15:28 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-12-13 15:28 - 2015-12-13 15:28 - 00000000 _____ C:\autoexec.bat
2015-12-13 14:59 - 2015-12-13 14:59 - 00001316 _____ C:\Users\Public\Desktop\eLicenser Control Center.lnk
2015-12-13 14:42 - 2015-12-13 14:43 - 00211966 _____ C:\Windows\ntbtlog.txt
2015-12-12 21:46 - 2015-12-13 13:48 - 00002151 _____ C:\Users\Owner\AppData\Roaming\05_2013_CS
2015-11-30 18:33 - 2015-12-13 13:51 - 00000000 ____D C:\Users\Owner\Desktop\I5 install
2015-11-27 23:08 - 2015-11-27 23:08 - 00001016 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
2015-11-27 23:08 - 2015-11-27 23:08 - 00000000 __HDC C:\ProgramData\{9179C0A4-3D98-4B5D-B8BD-BD155B46E0DD}
2015-11-27 23:07 - 2015-11-27 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2015-11-27 23:06 - 2015-11-27 23:06 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-27 23:01 - 2015-11-27 23:03 - 507720043 _____ C:\Users\Owner\Downloads\Kontakt_5_551_PC.zip
2015-11-27 22:55 - 2015-11-27 22:55 - 00000000 __HDC C:\ProgramData\{819B8AD7-B373-48C0-B834-A141BB936919}
2015-11-27 22:31 - 2015-11-27 22:52 - 00000000 ____D C:\Users\Owner\Downloads\NI Session Horns
2015-11-27 15:55 - 2015-11-27 15:58 - 1201227574 _____ C:\Users\Owner\Downloads\TT265_EZX_Rock_WIN.zip
2015-11-14 14:33 - 2015-11-14 14:33 - 00001056 _____ C:\Users\Owner\Desktop\TH2.lnk
2015-11-14 14:33 - 2015-11-14 14:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overloud
2015-11-14 14:33 - 2015-11-14 14:33 - 00000000 ____D C:\ProgramData\Overloud
2015-11-14 14:33 - 2015-11-14 14:33 - 00000000 ____D C:\Program Files (x86)\Overloud
2015-11-13 21:30 - 2015-11-13 21:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Media Player Classic

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-13 20:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-13 20:30 - 2009-07-13 20:45 - 00024496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-13 20:30 - 2009-07-13 20:45 - 00024496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-13 20:28 - 2013-05-22 09:51 - 02626149 _____ C:\IFRToolLog.txt
2015-12-13 20:27 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-13 20:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-13 20:22 - 2012-08-30 09:36 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-12-13 20:22 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-13 15:59 - 2015-10-30 18:46 - 00002904 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Owner
2015-12-13 15:44 - 2015-10-30 18:46 - 00000000 ____D C:\Program Files (x86)\IObit Uninstaller
2015-12-13 14:59 - 2013-05-22 10:25 - 00000049 _____ C:\Windows\SysWOW64\SYNSOPOS.exe.cfg
2015-12-13 14:59 - 2013-05-22 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2015-12-13 14:59 - 2013-05-22 10:25 - 00000000 ____D C:\Program Files (x86)\eLicenser
2015-12-13 14:28 - 2015-10-24 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-13 14:24 - 2012-08-30 09:36 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-12-13 13:56 - 2014-12-26 13:35 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-13 13:52 - 2013-05-16 06:21 - 00000000 ____D C:\Users\Owner
2015-12-13 13:51 - 2015-10-30 18:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ProductData
2015-12-13 13:51 - 2015-10-30 18:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IObit
2015-12-13 13:51 - 2015-10-30 18:46 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\IObit
2015-12-13 13:51 - 2015-10-30 18:46 - 00000000 ____D C:\ProgramData\ProductData
2015-12-13 13:51 - 2015-10-24 12:25 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IrfanView
2015-12-13 13:51 - 2014-12-26 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-13 13:51 - 2014-12-26 13:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-13 13:51 - 2014-02-17 20:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2015-12-13 13:51 - 2011-04-12 00:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-13 13:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-12-13 13:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2015-12-05 16:03 - 2015-10-24 14:40 - 00000000 ____D C:\Users\Owner\Documents\Attachments
2015-11-29 17:00 - 2015-09-08 19:51 - 00000000 ____D C:\Users\Owner\Desktop\K
2015-11-29 14:59 - 2015-11-01 16:27 - 00000000 ____D C:\Users\Owner\AppData\Local\QuickPar
2015-11-29 01:00 - 2013-05-17 05:49 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2015-11-27 23:09 - 2013-06-23 16:53 - 00000016 _____ C:\Windows\SysWOW64\w3data.vss
2015-11-27 23:09 - 2013-06-23 16:53 - 00000016 _____ C:\Windows\SysWOW64\msvcsv60.dll
2015-11-27 23:09 - 2013-06-23 16:53 - 00000016 _____ C:\Windows\msocreg32.dat
2015-11-27 23:09 - 2013-06-23 16:53 - 00000016 _____ C:\Users\Owner\AppData\Roaming\msregsvv.dll
2015-11-27 23:09 - 2013-06-23 16:53 - 00000016 _____ C:\ProgramData\autobk.inc
2015-11-27 23:07 - 2014-02-05 19:05 - 00000000 ____D C:\Program Files\Native Instruments
2015-11-27 21:55 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-11-25 17:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-11-20 20:35 - 2015-09-09 20:10 - 00000193 _____ C:\Windows\WORDPAD.INI

==================== Files in the root of some directories =======

2013-04-25 07:00 - 2013-04-25 07:00 - 1971200 _____ (Waves Audio Ltd.) C:\Program Files\WaveShell-VST 9.2_x64.dll
2013-04-25 07:00 - 2013-04-25 07:00 - 1495040 _____ (Waves Audio Ltd.) C:\Program Files (x86)\WaveShell-VST 9.2.dll
2015-12-12 21:46 - 2015-12-13 13:48 - 0002151 _____ () C:\Users\Owner\AppData\Roaming\05_2013_CS
2015-10-31 11:06 - 2014-09-22 23:52 - 121179863 _____ () C:\Users\Owner\AppData\Roaming\autostarter.exe
2015-12-13 20:28 - 2015-12-13 20:52 - 0006589 _____ () C:\Users\Owner\AppData\Roaming\loadit.exe
2013-06-23 16:53 - 2015-11-27 23:09 - 0000016 _____ () C:\Users\Owner\AppData\Roaming\msregsvv.dll
2005-04-07 18:16 - 2015-10-30 19:47 - 0004951 ____H () C:\Users\Owner\AppData\Roaming\Ownerlog.dat
2013-05-17 06:42 - 2013-05-21 09:07 - 14184448 _____ () C:\Users\Owner\AppData\Roaming\Sandra.mdb
2015-10-31 11:12 - 2015-10-31 11:12 - 0000043 _____ () C:\Users\Owner\AppData\Roaming\url.txt
2015-10-31 13:07 - 2015-10-31 13:07 - 0003584 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-23 16:53 - 2015-11-27 23:09 - 0000016 _____ () C:\ProgramData\autobk.inc
2014-07-13 12:12 - 2014-07-13 12:12 - 0000389 _____ () C:\ProgramData\RUNDLL32.EXE-1400-F.txt
2014-07-13 12:08 - 2014-07-13 12:09 - 0002148 _____ () C:\ProgramData\RUNDLL32.EXE-1628-F.txt
2014-07-13 12:15 - 2014-07-13 12:16 - 0001178 _____ () C:\ProgramData\RUNDLL32.EXE-1920-F.txt
2014-07-13 12:24 - 2014-07-13 12:35 - 0001498 _____ () C:\ProgramData\RUNDLL32.EXE-3196-F.txt
2014-07-13 12:11 - 2014-07-13 12:12 - 0001559 _____ () C:\ProgramData\RUNDLL32.EXE-3264-F.txt
2014-07-13 12:42 - 2014-07-13 12:48 - 0004813 _____ () C:\ProgramData\RUNDLL32.EXE-3360-F.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-11 22:21

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-12-2015
Ran by Owner (2015-12-13 21:05:27)
Running from C:\Users\Owner\Desktop\Virus 2015
Windows 7 Home Premium Service Pack 1 (X64) (2013-05-16 14:21:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1454793562-2284514846-3538862010-500 - Administrator - Disabled)
Guest (S-1-5-21-1454793562-2284514846-3538862010-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1454793562-2284514846-3538862010-1003 - Limited - Enabled)
Owner (S-1-5-21-1454793562-2284514846-3538862010-1001 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.3.300.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AmpliTube 3 version 3.10.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.10.0 - IK Multimedia)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2971 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5844 - CDBurnerXP)
Custom Shop version 1.3.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.3.0 - IK Multimedia)
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.9.2.1182 - Steinberg Media Technologies GmbH)
Fab Four (HKLM\...\{F586DE62-F465-4AFD-86DC-50E592C28AE6}) (Version: 1.0.028 - EastWest Sounds, Inc.)
FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft)
FLAC Frontend (HKLM-x32\...\{315E5E8B-0560-413A-B604-622A4C8BECBD}) (Version: 2.1.1 - Xiph.org)
Forté Agent (HKLM-x32\...\{9B867430-CF67-4989-A414-68DF625D5D15}) (Version: 8.00.1272 - Forté Internet Software, Inc.)
GForce MTP VSM PreRequisites (HKLM-x32\...\{BE7B805E-0B58-4B4E-863D-7A5ED5B1CFBE}) (Version: 1.0.0 - GForce Software)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
IK Multimedia Authorization Manager version 1.0.9 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.9 - IK Multimedia)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel® Network Connections 17.0.200.2 (HKLM\...\PROSetDX) (Version: 17.0.200.2 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.1.0.7 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1019 - Marvell)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
M-Tron Pro version 2.1 (HKLM-x32\...\M-Tron Pro_is1) (Version: 2.1 - GForce Software Ltd)
Native Instruments B4 II (HKLM-x32\...\Native Instruments B4 II) (Version:  - )
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.5.1.451 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version:  - Native Instruments)
Native Instruments Session Horns (HKLM-x32\...\Native Instruments Session Horns) (Version: 1.1.0.2 - Native Instruments)
Paragon Backup and Recovery™ 12 Home (HKLM-x32\...\{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}) (Version: 90.00.0003 - Paragon Software)
Play Update 3.0.47 (HKLM\...\{AC96CE19-9974-4E7A-8EB3-5B24515DE16E}) (Version: 3.0.47 - EastWest Sounds, Inc)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RAR File Open Knife - Free Opener (HKLM-x32\...\RAR File Open Knife - Free Opener) (Version: 6.50 - Philipp Winterberg)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
Riffstation version 1.4 (HKLM-x32\...\Riffstation_is1) (Version: 1.4 - Sonic Ladder Ltd)
RME Fireface USB (HKLM\...\FIREFACE_USB) (Version: 1.0.30.0 - RME Intelligent Audio Solutions)
SiSoftware Sandra Lite 2013.SP3a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.44.2013.5 - SiSoftware)
Steinberg Cubase 7 (HKLM-x32\...\{36035C23-2361-495A-9AE9-D1FF9A9F70B7}) (Version: 7.0.4 - Steinberg Media Technologies GmbH)
Steinberg Cubase 7 64bit (HKLM\...\{57FB2180-0FC7-41FC-8D76-3C4271CF4422}) (Version: 7.0.4 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Eucon Adapter 6.5 (HKLM-x32\...\{000F81EC-1EF7-4926-BE38-1B5E3A41E109}) (Version: 6.5.1 - Steinberg Media Technologies GmbH)
Steinberg Eucon Adapter 6.5 64bit (HKLM\...\{95D90857-61C2-4927-85FF-A317E46E7351}) (Version: 6.5.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Allen Morgan Signature Drums (HKLM-x32\...\{611A7035-0172-4B9B-8BB6-5046F6867D8A}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE (HKLM-x32\...\{EF7800A8-575E-4776-95A5-A9D904A85D5F}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.6.3 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content (HKLM-x32\...\{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}) (Version: 1.6.1 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 2.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg LoopMash Content 2 (HKLM-x32\...\{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg Padshop (HKLM-x32\...\{DC0A50F1-AD2A-4B8C-BD9E-C047B3D8F9E5}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg Padshop 64bit (HKLM\...\{75F15019-C0C2-4047-AA45-97B4BD313719}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg Retrologue (HKLM-x32\...\{0EB4D2B3-9410-4FB7-AD46-C48CE45B9498}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg Retrologue 64bit (HKLM\...\{4D65ECE6-131D-4B5F-8470-2750D3161619}) (Version: 1.1.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Superior Drummer 32-bit (HKLM-x32\...\{009AC76E-1A66-4682-82B7-417E77F3C648}) (Version: 2.3.1 - Toontrack)
Superior Drummer 64-bit (HKLM\...\{22029AEE-38DF-4E35-AEF4-FE8CA3F6667F}) (Version: 2.3.1 - Toontrack)
Toontrack solo 64 bit (HKLM\...\{FA9D0D8C-FDD1-45C2-8291-079FBA72D2CB}) (Version: 1.3.2 - Toontrack)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Waves Complete V9r11 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.11 - Waves)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

27-11-2015 23:06:29 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
05-12-2015 17:45:31 Scheduled Checkpoint
12-12-2015 23:22:27 Scheduled Checkpoint
13-12-2015 13:48:02 121315
13-12-2015 13:49:55 Restore Operation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {75F33012-9B08-4C9B-A01F-50F188D9AEAF} - System32\Tasks\Uninstaller_SkipUac_Owner => C:\Program Files (x86)\IObit Uninstaller\IObitUninstaler.exe [2015-10-20] (IObit)
Task: {9AA8533A-3C61-4F47-8679-EBFC66011C77} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {BB65CF5B-BF7F-4DE4-81B2-DDF9266247AE} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {D7494590-8C26-47C8-915C-E7720E9E1DC5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {F1F05AB1-D30E-461D-9596-3FF6B116F0B4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-08-30 09:36 - 2012-03-06 11:49 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2015-10-31 11:06 - 2014-09-22 23:52 - 121179863 _____ () C:\Users\Owner\AppData\Roaming\autostarter.exe
2012-06-11 08:45 - 2012-06-11 08:45 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-10-30 18:46 - 2015-09-21 09:49 - 00348960 _____ () C:\Program Files (x86)\IObit Uninstaller\madExcept_.bpl
2015-10-30 18:46 - 2015-09-21 09:49 - 00183584 _____ () C:\Program Files (x86)\IObit Uninstaller\madBasic_.bpl
2015-10-30 18:46 - 2015-09-21 09:49 - 00050976 _____ () C:\Program Files (x86)\IObit Uninstaller\madDisAsm_.bpl
2013-05-16 07:39 - 2013-05-16 07:39 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\2134117ca053ce1825bac39b909a2946\IsdiInterop.ni.dll
2012-08-30 09:27 - 2012-02-01 12:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-08-30 09:36 - 2012-03-06 11:27 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:SJsVS89VlJFm0C1HOcUEIw
AlternateDataStreams: C:\ProgramData\Microsoft:Sj1PQj8df9zYIK5Is3aq
AlternateDataStreams: C:\ProgramData\Microsoft:Y4RPBejZ8jouzD5Ujh7q
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temporary Internet Files:WTd5TmkzVv1xKdLSjuoPP5K8TH

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EDD0D289-7022-4176-8A24-1931AA19AC99}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{03EA1795-ECFB-4E1F-9107-E42E46BF6C06}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP2\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{28E4EE1D-64CB-45BC-A2F9-B790950A5E1B}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe
FirewallRules: [{3C0F29A3-99DD-412D-B2A9-BC9BC66B6C2E}] => (Allow) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\WNt500x64\RpcSandraSrv.exe
FirewallRules: [{7D9BC7C9-F8F3-4EDA-A19D-59CCC72A2638}] => (Allow) C:\Program Files\Steinberg\Cubase 7\Cubase7.exe
FirewallRules: [{472BCA0B-56D9-4F25-B0EC-4EFBFC746B70}] => (Allow) LPort=51113
FirewallRules: [{42AC7C1F-F4F8-4FC4-A01E-BE4E10D70496}] => (Allow) LPort=51112
FirewallRules: [{87ED1018-0043-4A09-BDA5-05E9A8E89F33}] => (Allow) LPort=51111
FirewallRules: [{BF20DDC0-4BC3-4348-9373-C650831DBD82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2A5F8B9B-EF17-425D-AC3C-9C8DA4DCFA7E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D0468240-D796-4459-8C5D-F3D685C2AA6B}C:\program files\steinberg\cubase 7\components\vstbridgeapp.exe] => (Block) C:\program files\steinberg\cubase 7\components\vstbridgeapp.exe
FirewallRules: [UDP Query User{05B61C86-C9E8-4734-8620-098CF728EF0D}C:\program files\steinberg\cubase 7\components\vstbridgeapp.exe] => (Block) C:\program files\steinberg\cubase 7\components\vstbridgeapp.exe
FirewallRules: [{5386A8EC-3278-462E-9BD0-8B0D711CDB8C}] => (Allow) C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CI0YYCVZ\WindowexeAllkiller-69883231.exe
FirewallRules: [{8060B299-0C12-4371-8CBE-D350D241301D}] => (Allow) C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CI0YYCVZ\WindowexeAllkiller-69883231.exe
FirewallRules: [{D0889C65-394C-4032-8FB8-AE954E9E17A3}] => (Allow) C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\230WKV2D\WindowexeAllkiller-69883344.exe
FirewallRules: [{4CDABD5A-D838-4D50-A900-19E173E9A9FC}] => (Allow) C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\230WKV2D\WindowexeAllkiller-69883344.exe
FirewallRules: [{FC14D02E-3607-4A47-B2B3-68DF3B0412AC}] => (Allow) E:\Cubase Projects\SFK\WindowexeAllkiller-69883637.exe
FirewallRules: [{2D2D56DE-D7E7-4C11-BF7D-6418A031AEC9}] => (Allow) E:\Cubase Projects\SFK\WindowexeAllkiller-69883637.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/13/2015 08:24:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2015 08:23:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2015 08:23:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2015 08:23:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2015 08:23:06 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2015 04:12:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/13/2015 04:11:13 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.8.2_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2015 04:10:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2015 04:10:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/13/2015 04:10:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".
Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/13/2015 08:22:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Advanced SystemCare Service 8 service failed to start due to the following error:
%%2

Error: (12/13/2015 04:10:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Advanced SystemCare Service 8 service failed to start due to the following error:
%%2

Error: (12/13/2015 02:46:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Advanced SystemCare Service 8 service failed to start due to the following error:
%%2

Error: (12/13/2015 02:43:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/13/2015 02:43:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/13/2015 02:43:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/13/2015 02:43:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/13/2015 02:43:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/13/2015 02:43:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/13/2015 02:43:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8158.43 MB
Available physical RAM: 6189.71 MB
Total Virtual: 16315.04 MB
Available Virtual: 13868.53 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:440.69 GB) (Free:342.71 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (AUDIO) (Fixed) (Total:931.51 GB) (Free:923.84 GB) NTFS
Drive f: (SAMPLES) (Fixed) (Total:931.51 GB) (Free:892.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B121B258)
Partition 1: (Active) - (Size=440.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=25.1 GB) - (Type=BC)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F9A11D00)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F9A11D03)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:03 AM

Posted 14 December 2015 - 01:08 PM

Hello 

Spaceace

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

Please do the following:

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

 

3.

Please run FRST again and post the new FRST.txt log along with how the computer is running now.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Spaceace

Spaceace
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 14 December 2015 - 11:17 PM

Thank you for the assistance. Currently I'm still getting the same pop up for loadit.exe

 

located in:   C:\Users\Owner\AppData\Roaming\loadit.exe

 

I ran the scans. Logs are below. Please let me know how to proceed.

 

Appreciate it.

 

 

# AdwCleaner v5.025 - Logfile created 14/12/2015 at 19:53:12
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Owner - OWNER-PC130426
# Running from : C:\Users\Owner\Desktop\Virus 2015\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\533BF4C11C72B8D477AD967B5EB67218
[-] Folder Deleted : C:\Users\Owner\Documents\Play

***** [ Files ] *****

[-] File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\eybeig3d.default\searchplugins\yahoo_ff.xml

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\distromatic
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A6F3B23-66A1-4C35-8677-FE9412FE93F5}

***** [ Web browsers ] *****

[-] [C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\eybeig3d.default\prefs.js] [Preference] Deleted : user_pref("browser.startup.homepage", "hxxps://search.yahoo.com/?type=531140&fr=spigot-yhp-ffhxxp://www.yahoo.com/");
[-] [C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\eybeig3d.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=531140&p=");

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1965 bytes] ##########

 

 

 

 

 

 

Emsisoft Emergency Kit - Version 10.0
Last update: 12/14/2015 8:02:03 PM
User account: Owner-PC130426\Owner

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 12/14/2015 8:03:14 PM

Scanned 71200
Found 0

Scan end: 12/14/2015 8:05:52 PM
Scan time: 0:02:38

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-12-2015
Ran by Owner (administrator) on OWNER-PC130426 (14-12-2015 20:09:21)
Running from C:\Users\Owner\Desktop\Virus 2015
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(RME) C:\Windows\System32\firefaceusb.exe
(RME) C:\Windows\System32\TotalMixFX.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Users\Owner\AppData\Roaming\autostarter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(IObit) C:\Program Files (x86)\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [FirefaceUsbTray1] => C:\Windows\system32\firefaceusb.exe [91648 2013-05-22] (RME)
HKLM\...\Run: [FirefaceMixTray2] => C:\Windows\system32\TotalMixFX.exe [5417984 2013-05-22] (RME)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\...\MountPoints2: {858c1b64-1685-11e3-9fed-00224d7c7b24} - G:\setup.exe -a
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk [2015-12-05]
ShortcutTarget: AutoStarter.lnk -> C:\Users\Owner\AppData\Roaming\autostarter.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9C660B52-B659-4163-8C02-97F709D13616}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.yahoo.com/
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\eybeig3d.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\eybeig3d.default\extensions\iobitascsurfingprotection@iobit.com [not found]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-11-03] (SurfRight B.V.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe [71832 2009-04-22] (SiSoftware) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R4 epp64; C:\EEK\bin\epp64.sys [136456 2015-12-13] (Emsisoft GmbH)
R3 firefaceu64; C:\Windows\System32\drivers\fireface_usb_64.sys [100736 2013-05-22] (RME)
R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [111696 2014-02-05] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
S3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-09-17] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633552 2012-09-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390224 2012-09-17] (Paragon)
S3 cpuz136; \??\C:\Users\Owner\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-14 19:58 - 2015-12-14 19:58 - 00000000 ____D C:\EEK
2015-12-14 19:45 - 2015-12-14 19:53 - 00000000 ____D C:\AdwCleaner
2015-12-14 19:29 - 2015-12-14 20:05 - 00006589 _____ C:\Users\Owner\AppData\Roaming\loadit.exe
2015-12-13 22:33 - 2015-12-13 22:33 - 00000372 _____ C:\Users\Owner\Desktop\www.steinberg.net My Support.URL
2015-12-13 21:56 - 2015-12-13 21:56 - 00000000 ____D C:\SUPERDelete
2015-12-13 21:23 - 2015-12-13 21:23 - 00000272 _____ C:\Users\Owner\Desktop\Virus, Trojan, Spyware, and Malware Removal Logs Forum - BleepingComputer.com.URL
2015-12-13 20:48 - 2015-12-14 20:09 - 00000000 ____D C:\FRST
2015-12-13 20:46 - 2015-12-14 19:58 - 00000000 ____D C:\Users\Owner\Desktop\Virus 2015
2015-12-13 15:28 - 2015-12-13 15:28 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-12-13 15:28 - 2015-12-13 15:28 - 00003338 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-12-13 15:28 - 2015-12-13 15:28 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-12-13 15:28 - 2015-12-13 15:28 - 00000000 ____D C:\sh4ldr
2015-12-13 15:28 - 2015-12-13 15:28 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-12-13 15:28 - 2015-12-13 15:28 - 00000000 _____ C:\autoexec.bat
2015-12-13 14:59 - 2015-12-13 14:59 - 00001316 _____ C:\Users\Public\Desktop\eLicenser Control Center.lnk
2015-12-13 14:42 - 2015-12-13 14:43 - 00211966 _____ C:\Windows\ntbtlog.txt
2015-12-12 21:46 - 2015-12-13 13:48 - 00002151 _____ C:\Users\Owner\AppData\Roaming\05_2013_CS
2015-11-30 18:33 - 2015-12-13 13:51 - 00000000 ____D C:\Users\Owner\Desktop\I5 install
2015-11-27 23:08 - 2015-11-27 23:08 - 00001016 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
2015-11-27 23:08 - 2015-11-27 23:08 - 00000000 __HDC C:\ProgramData\{9179C0A4-3D98-4B5D-B8BD-BD155B46E0DD}
2015-11-27 23:07 - 2015-11-27 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2015-11-27 23:06 - 2015-11-27 23:06 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-27 23:01 - 2015-11-27 23:03 - 507720043 _____ C:\Users\Owner\Downloads\Kontakt_5_551_PC.zip
2015-11-27 22:55 - 2015-11-27 22:55 - 00000000 __HDC C:\ProgramData\{819B8AD7-B373-48C0-B834-A141BB936919}
2015-11-27 22:31 - 2015-11-27 22:52 - 00000000 ____D C:\Users\Owner\Downloads\NI Session Horns
2015-11-27 15:55 - 2015-11-27 15:58 - 1201227574 _____ C:\Users\Owner\Downloads\TT265_EZX_Rock_WIN.zip
2015-11-14 14:33 - 2015-11-14 14:33 - 00001056 _____ C:\Users\Owner\Desktop\TH2.lnk
2015-11-14 14:33 - 2015-11-14 14:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Overloud
2015-11-14 14:33 - 2015-11-14 14:33 - 00000000 ____D C:\ProgramData\Overloud
2015-11-14 14:33 - 2015-11-14 14:33 - 00000000 ____D C:\Program Files (x86)\Overloud

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-14 20:01 - 2009-07-13 20:45 - 00024496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-14 20:01 - 2009-07-13 20:45 - 00024496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-14 20:00 - 2015-10-24 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-14 20:00 - 2013-05-22 09:51 - 02679249 _____ C:\IFRToolLog.txt
2015-12-14 20:00 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-14 20:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-14 19:54 - 2012-08-30 09:36 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-12-14 19:54 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-14 19:26 - 2015-10-30 18:46 - 00002904 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Owner
2015-12-14 19:23 - 2009-07-13 21:08 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-13 21:36 - 2014-02-17 20:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2015-12-13 21:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-13 15:44 - 2015-10-30 18:46 - 00000000 ____D C:\Program Files (x86)\IObit Uninstaller
2015-12-13 14:59 - 2013-05-22 10:25 - 00000049 _____ C:\Windows\SysWOW64\SYNSOPOS.exe.cfg
2015-12-13 14:59 - 2013-05-22 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2015-12-13 14:59 - 2013-05-22 10:25 - 00000000 ____D C:\Program Files (x86)\eLicenser
2015-12-13 14:24 - 2012-08-30 09:36 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-12-13 13:56 - 2014-12-26 13:35 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-13 13:52 - 2013-05-16 06:21 - 00000000 ____D C:\Users\Owner
2015-12-13 13:51 - 2015-10-30 18:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ProductData
2015-12-13 13:51 - 2015-10-30 18:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IObit
2015-12-13 13:51 - 2015-10-30 18:46 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\IObit
2015-12-13 13:51 - 2015-10-30 18:46 - 00000000 ____D C:\ProgramData\ProductData
2015-12-13 13:51 - 2015-10-24 12:25 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IrfanView
2015-12-13 13:51 - 2014-12-26 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-13 13:51 - 2014-12-26 13:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-13 13:51 - 2011-04-12 00:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-13 13:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-12-13 13:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2015-12-05 16:03 - 2015-10-24 14:40 - 00000000 ____D C:\Users\Owner\Documents\Attachments
2015-11-29 17:00 - 2015-09-08 19:51 - 00000000 ____D C:\Users\Owner\Desktop\K
2015-11-29 14:59 - 2015-11-01 16:27 - 00000000 ____D C:\Users\Owner\AppData\Local\QuickPar
2015-11-29 01:00 - 2013-05-17 05:49 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2015-11-27 23:09 - 2013-06-23 16:53 - 00000016 _____ C:\Windows\SysWOW64\w3data.vss
2015-11-27 23:09 - 2013-06-23 16:53 - 00000016 _____ C:\Windows\SysWOW64\msvcsv60.dll
2015-11-27 23:09 - 2013-06-23 16:53 - 00000016 _____ C:\Windows\msocreg32.dat
2015-11-27 23:09 - 2013-06-23 16:53 - 00000016 _____ C:\Users\Owner\AppData\Roaming\msregsvv.dll
2015-11-27 23:09 - 2013-06-23 16:53 - 00000016 _____ C:\ProgramData\autobk.inc
2015-11-27 23:07 - 2014-02-05 19:05 - 00000000 ____D C:\Program Files\Native Instruments
2015-11-27 21:55 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-11-25 17:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-11-20 20:35 - 2015-09-09 20:10 - 00000193 _____ C:\Windows\WORDPAD.INI

==================== Files in the root of some directories =======

2013-04-25 07:00 - 2013-04-25 07:00 - 1971200 _____ (Waves Audio Ltd.) C:\Program Files\WaveShell-VST 9.2_x64.dll
2013-04-25 07:00 - 2013-04-25 07:00 - 1495040 _____ (Waves Audio Ltd.) C:\Program Files (x86)\WaveShell-VST 9.2.dll
2015-12-12 21:46 - 2015-12-13 13:48 - 0002151 _____ () C:\Users\Owner\AppData\Roaming\05_2013_CS
2015-10-31 11:06 - 2014-09-22 23:52 - 121179863 _____ () C:\Users\Owner\AppData\Roaming\autostarter.exe
2015-12-14 19:29 - 2015-12-14 20:05 - 0006589 _____ () C:\Users\Owner\AppData\Roaming\loadit.exe
2013-06-23 16:53 - 2015-11-27 23:09 - 0000016 _____ () C:\Users\Owner\AppData\Roaming\msregsvv.dll
2005-04-07 18:16 - 2015-10-30 19:47 - 0004951 ____H () C:\Users\Owner\AppData\Roaming\Ownerlog.dat
2013-05-17 06:42 - 2013-05-21 09:07 - 14184448 _____ () C:\Users\Owner\AppData\Roaming\Sandra.mdb
2015-10-31 11:12 - 2015-10-31 11:12 - 0000043 _____ () C:\Users\Owner\AppData\Roaming\url.txt
2015-10-31 13:07 - 2015-10-31 13:07 - 0003584 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-23 16:53 - 2015-11-27 23:09 - 0000016 _____ () C:\ProgramData\autobk.inc
2014-07-13 12:12 - 2014-07-13 12:12 - 0000389 _____ () C:\ProgramData\RUNDLL32.EXE-1400-F.txt
2014-07-13 12:08 - 2014-07-13 12:09 - 0002148 _____ () C:\ProgramData\RUNDLL32.EXE-1628-F.txt
2014-07-13 12:15 - 2014-07-13 12:16 - 0001178 _____ () C:\ProgramData\RUNDLL32.EXE-1920-F.txt
2014-07-13 12:24 - 2014-07-13 12:35 - 0001498 _____ () C:\ProgramData\RUNDLL32.EXE-3196-F.txt
2014-07-13 12:11 - 2014-07-13 12:12 - 0001559 _____ () C:\ProgramData\RUNDLL32.EXE-3264-F.txt
2014-07-13 12:42 - 2014-07-13 12:48 - 0004813 _____ () C:\ProgramData\RUNDLL32.EXE-3360-F.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-11 22:21

==================== End of FRST.txt ============================



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:03 AM

Posted 16 December 2015 - 09:59 AM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   888bytes   10 downloads

 

 

Let me know if your still getting the pop up for loadit.exe after you run this fix.

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Spaceace

Spaceace
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 16 December 2015 - 11:32 PM

Hi. Thank you.. I did as instructed. Log is below.

 

Log shows loadit.exe "not found" but it's still there and the pop up is still showing up.

 

I ran frst64 on my desktop while  fixlist.txt was on the desktop as well. Says it's  fixed in about 2 seconds. System did not restart, just created the  log file. It's copied below.

 

loadit.exe is still in the roaming folder.

 

I could take a screen shot of the pop but I dont believe it can paste it on the forum?

 

 

Please review and let me know next step.

 

Appreciate your help!

 

Thanks,

Kevin

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-12-2015
Ran by Owner (2015-12-16 18:29:50) Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-24] (Microsoft Corporation) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
S2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [X]
S3 cpuz136; \??\C:\Users\Owner\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2015-12-14 19:29 - 2015-12-14 20:05 - 0006589 _____ () C:\Users\Owner\AppData\Roaming\loadit.exe
2015-12-14 19:29 - 2015-12-14 20:05 - 00006589 _____ C:\Users\Owner\AppData\Roaming\loadit.exe
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
AdvancedSystemCareService8 => service removed successfully
cpuz136 => service removed successfully
esgiguard => service removed successfully
C:\Users\Owner\AppData\Roaming\loadit.exe => moved successfully
"C:\Users\Owner\AppData\Roaming\loadit.exe" => not found.

==== End of Fixlog 18:29:50 ====



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:03 AM

Posted 18 December 2015 - 12:09 PM

1.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

 

2.

Please run FRST again and post the new FRST.txt log. Is loadit.exe pop up still showing up?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Spaceace

Spaceace
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 19 December 2015 - 12:07 AM

Thanks again.

 

Ran TDSSkiller as administrator from my desktop as advised. No results found.

Right after the scan the pop up appeared. Logs are  below.

 

loadit.exe is still shown by FRST64:

 

"2015-12-16 19:02 - 2015-12-18 20:58 - 0006589 _____ () C:\Users\Owner\AppData\Roaming\loadit.exe"

 

Should I run tdss in safe mode?

 

Thanks for all your assistance.

 

Please let me know what to try next.

 

 

20:52:10.0927 0x08a8  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
20:52:25.0707 0x08a8  ============================================================
20:52:25.0707 0x08a8  Current date / time: 2015/12/18 20:52:25.0707
20:52:25.0707 0x08a8  SystemInfo:
20:52:25.0707 0x08a8 
20:52:25.0707 0x08a8  OS Version: 6.1.7601 ServicePack: 1.0
20:52:25.0707 0x08a8  Product type: Workstation
20:52:25.0707 0x08a8  ComputerName: OWNER-PC130426
20:52:25.0707 0x08a8  UserName: Owner
20:52:25.0707 0x08a8  Windows directory: C:\Windows
20:52:25.0707 0x08a8  System windows directory: C:\Windows
20:52:25.0707 0x08a8  Running under WOW64
20:52:25.0707 0x08a8  Processor architecture: Intel x64
20:52:25.0707 0x08a8  Number of processors: 8
20:52:25.0707 0x08a8  Page size: 0x1000
20:52:25.0707 0x08a8  Boot type: Normal boot
20:52:25.0707 0x08a8  ============================================================
20:52:25.0917 0x08a8  KLMD registered as C:\Windows\system32\drivers\32004229.sys
20:52:26.0227 0x08a8  System UUID: {7D4BC08A-5CAA-D45B-F078-9CE37D11EE10}
20:52:26.0447 0x08a8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:52:26.0457 0x08a8  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:52:26.0677 0x08a8  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:52:26.0687 0x08a8  ============================================================
20:52:26.0687 0x08a8  \Device\Harddisk0\DR0:
20:52:26.0687 0x08a8  MBR partitions:
20:52:26.0687 0x08a8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37161800
20:52:26.0687 0x08a8  \Device\Harddisk1\DR1:
20:52:26.0687 0x08a8  MBR partitions:
20:52:26.0687 0x08a8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
20:52:26.0687 0x08a8  \Device\Harddisk2\DR2:
20:52:26.0687 0x08a8  MBR partitions:
20:52:26.0687 0x08a8  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
20:52:26.0687 0x08a8  ============================================================
20:52:26.0707 0x08a8  C: <-> \Device\Harddisk0\DR0\Partition1
20:52:26.0737 0x08a8  E: <-> \Device\Harddisk1\DR1\Partition1
20:52:26.0747 0x08a8  F: <-> \Device\Harddisk2\DR2\Partition1
20:52:26.0747 0x08a8  ============================================================
20:52:26.0747 0x08a8  Initialize success
20:52:26.0747 0x08a8  ============================================================
20:52:54.0562 0x2240  ============================================================
20:52:54.0562 0x2240  Scan started
20:52:54.0562 0x2240  Mode: Manual;
20:52:54.0562 0x2240  ============================================================
20:52:54.0562 0x2240  KSN ping started
20:52:58.0882 0x2240  KSN ping finished: true
20:52:59.0292 0x2240  ================ Scan system memory ========================
20:52:59.0292 0x2240  System memory - ok
20:52:59.0292 0x2240  ================ Scan services =============================
20:52:59.0402 0x2240  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
20:52:59.0402 0x2240  1394ohci - ok
20:52:59.0452 0x2240  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:52:59.0452 0x2240  ACPI - ok
20:52:59.0467 0x2240  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:52:59.0467 0x2240  AcpiPmi - ok
20:52:59.0537 0x2240  [ 11A52CF7B265631DEEB24C6149309EFF, CBA25D358185FD4BE261C6C1B518AD60F5D27D5FB418098AB262B10F5A11C178 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:52:59.0537 0x2240  AdobeARMservice - ok
20:52:59.0577 0x2240  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:52:59.0587 0x2240  adp94xx - ok
20:52:59.0617 0x2240  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:52:59.0617 0x2240  adpahci - ok
20:52:59.0637 0x2240  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:52:59.0637 0x2240  adpu320 - ok
20:52:59.0657 0x2240  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:52:59.0657 0x2240  AeLookupSvc - ok
20:52:59.0707 0x2240  [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD             C:\Windows\system32\drivers\afd.sys
20:52:59.0717 0x2240  AFD - ok
20:52:59.0747 0x2240  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:52:59.0747 0x2240  agp440 - ok
20:52:59.0787 0x2240  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:52:59.0787 0x2240  ALG - ok
20:52:59.0817 0x2240  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:52:59.0817 0x2240  aliide - ok
20:52:59.0867 0x2240  [ 9C616BA191B80F5CD1A1B9553E107100, A7482B314B0094B6CA74585032FBF500AAA7D92C865025C7D5E31EEF87E02221 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:52:59.0867 0x2240  AMD External Events Utility - ok
20:52:59.0887 0x2240  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:52:59.0887 0x2240  amdide - ok
20:52:59.0897 0x2240  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:52:59.0897 0x2240  AmdK8 - ok
20:53:00.0127 0x2240  [ 5165E83751B8FF40E5E4925996FCC506, E3B9206AB62220C26AB35F7385FC907A12C1D173517AFF4E92A44D102E4D92B2 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:53:00.0327 0x2240  amdkmdag - ok
20:53:00.0367 0x2240  [ 86AB3CF484260C4318F3A6E8B035F422, D78E99DC11085BD022425F0BF8E1528C4B415FF8EEB2DB3C05EEBDE2D49798A4 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:53:00.0377 0x2240  amdkmdap - ok
20:53:00.0377 0x2240  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
20:53:00.0387 0x2240  AmdPPM - ok
20:53:00.0397 0x2240  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:53:00.0397 0x2240  amdsata - ok
20:53:00.0427 0x2240  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:53:00.0427 0x2240  amdsbs - ok
20:53:00.0447 0x2240  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:53:00.0447 0x2240  amdxata - ok
20:53:00.0477 0x2240  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
20:53:00.0477 0x2240  AppID - ok
20:53:00.0497 0x2240  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:53:00.0497 0x2240  AppIDSvc - ok
20:53:00.0517 0x2240  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:53:00.0517 0x2240  Appinfo - ok
20:53:00.0527 0x2240  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
20:53:00.0537 0x2240  arc - ok
20:53:00.0547 0x2240  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:53:00.0547 0x2240  arcsas - ok
20:53:00.0637 0x2240  [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:53:00.0637 0x2240  aspnet_state - ok
20:53:00.0677 0x2240  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:53:00.0677 0x2240  AsyncMac - ok
20:53:00.0717 0x2240  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:53:00.0717 0x2240  atapi - ok
20:53:00.0767 0x2240  [ 24464B908E143D2561E9E452FEE97309, F5A24FEBAD1B1795A075130F7FFDD4EB76C8F1855FA1628A29CAFAF03C1C9183 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:53:00.0767 0x2240  AtiHDAudioService - ok
20:53:00.0807 0x2240  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:53:00.0817 0x2240  AudioEndpointBuilder - ok
20:53:00.0827 0x2240  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:53:00.0837 0x2240  AudioSrv - ok
20:53:00.0867 0x2240  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:53:00.0877 0x2240  AxInstSV - ok
20:53:00.0907 0x2240  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:53:00.0917 0x2240  b06bdrv - ok
20:53:00.0967 0x2240  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:53:00.0967 0x2240  b57nd60a - ok
20:53:01.0007 0x2240  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:53:01.0017 0x2240  BDESVC - ok
20:53:01.0047 0x2240  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:53:01.0047 0x2240  Beep - ok
20:53:01.0147 0x2240  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:53:01.0167 0x2240  BFE - ok
20:53:01.0197 0x2240  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:53:01.0217 0x2240  BITS - ok
20:53:01.0237 0x2240  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:53:01.0237 0x2240  blbdrive - ok
20:53:01.0277 0x2240  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:53:01.0277 0x2240  bowser - ok
20:53:01.0297 0x2240  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:53:01.0297 0x2240  BrFiltLo - ok
20:53:01.0297 0x2240  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:53:01.0307 0x2240  BrFiltUp - ok
20:53:01.0327 0x2240  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:53:01.0327 0x2240  Browser - ok
20:53:01.0337 0x2240  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:53:01.0347 0x2240  Brserid - ok
20:53:01.0357 0x2240  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:53:01.0357 0x2240  BrSerWdm - ok
20:53:01.0367 0x2240  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:53:01.0367 0x2240  BrUsbMdm - ok
20:53:01.0377 0x2240  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:53:01.0377 0x2240  BrUsbSer - ok
20:53:01.0387 0x2240  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:53:01.0387 0x2240  BTHMODEM - ok
20:53:01.0447 0x2240  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:53:01.0447 0x2240  bthserv - ok
20:53:01.0462 0x2240  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:53:01.0472 0x2240  cdfs - ok
20:53:01.0492 0x2240  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:53:01.0502 0x2240  cdrom - ok
20:53:01.0552 0x2240  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:53:01.0552 0x2240  CertPropSvc - ok
20:53:01.0552 0x2240  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:53:01.0552 0x2240  circlass - ok
20:53:01.0592 0x2240  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:53:01.0592 0x2240  CLFS - ok
20:53:01.0632 0x2240  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:53:01.0632 0x2240  clr_optimization_v2.0.50727_32 - ok
20:53:01.0652 0x2240  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:53:01.0662 0x2240  clr_optimization_v2.0.50727_64 - ok
20:53:01.0722 0x2240  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:53:01.0722 0x2240  clr_optimization_v4.0.30319_32 - ok
20:53:01.0732 0x2240  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:53:01.0732 0x2240  clr_optimization_v4.0.30319_64 - ok
20:53:01.0762 0x2240  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:53:01.0762 0x2240  CmBatt - ok
20:53:01.0782 0x2240  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:53:01.0782 0x2240  cmdide - ok
20:53:01.0842 0x2240  [ AAFCB52FE0037207FB6FBEA070D25EFE, 7D035BFB6DD86944CCDE6D71811891406D7FD08344EF8CF57C4D932E096F1377 ] CNG             C:\Windows\system32\Drivers\cng.sys
20:53:01.0842 0x2240  CNG - ok
20:53:01.0852 0x2240  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:53:01.0862 0x2240  Compbatt - ok
20:53:01.0902 0x2240  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:53:01.0902 0x2240  CompositeBus - ok
20:53:01.0922 0x2240  COMSysApp - ok
20:53:01.0942 0x2240  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:53:01.0942 0x2240  crcdisk - ok
20:53:01.0972 0x2240  [ 9C01375BE382E834CC26D1B7EAF2C4FE, B1D1E36B91A3C3CD09428EE3403896F71390A2798323BB406B484D9DB064A219 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:53:01.0972 0x2240  CryptSvc - ok
20:53:02.0022 0x2240  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:53:02.0032 0x2240  DcomLaunch - ok
20:53:02.0062 0x2240  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:53:02.0072 0x2240  defragsvc - ok
20:53:02.0092 0x2240  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:53:02.0092 0x2240  DfsC - ok
20:53:02.0142 0x2240  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:53:02.0142 0x2240  Dhcp - ok
20:53:02.0152 0x2240  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:53:02.0152 0x2240  discache - ok
20:53:02.0192 0x2240  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
20:53:02.0192 0x2240  Disk - ok
20:53:02.0212 0x2240  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:53:02.0212 0x2240  Dnscache - ok
20:53:02.0222 0x2240  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:53:02.0232 0x2240  dot3svc - ok
20:53:02.0242 0x2240  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:53:02.0242 0x2240  DPS - ok
20:53:02.0272 0x2240  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:53:02.0272 0x2240  drmkaud - ok
20:53:02.0312 0x2240  [ AF2E16242AA723F68F461B6EAE2EAD3D, 3973633C6D231DB8D92DE310D3A0836C64639B9A20C6C56385FB218A707C1BC3 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:53:02.0322 0x2240  DXGKrnl - ok
20:53:02.0372 0x2240  [ E53D32044F4A03D64D6C91CF0A22A77E, 091B8A765F53785B543A1D79124C9DEBAAAFE07FC4067BC942C445218FFD3322 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
20:53:02.0372 0x2240  e1cexpress - ok
20:53:02.0392 0x2240  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:53:02.0402 0x2240  EapHost - ok
20:53:02.0472 0x2240  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:53:02.0542 0x2240  ebdrv - ok
20:53:02.0582 0x2240  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\Windows\System32\lsass.exe
20:53:02.0582 0x2240  EFS - ok
20:53:02.0612 0x2240  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:53:02.0622 0x2240  ehRecvr - ok
20:53:02.0642 0x2240  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:53:02.0642 0x2240  ehSched - ok
20:53:02.0692 0x2240  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:53:02.0692 0x2240  elxstor - ok
20:53:02.0702 0x2240  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:53:02.0712 0x2240  ErrDev - ok
20:53:02.0752 0x2240  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:53:02.0762 0x2240  EventSystem - ok
20:53:02.0772 0x2240  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:53:02.0772 0x2240  exfat - ok
20:53:02.0792 0x2240  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:53:02.0792 0x2240  fastfat - ok
20:53:02.0812 0x2240  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:53:02.0822 0x2240  Fax - ok
20:53:02.0832 0x2240  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
20:53:02.0832 0x2240  fdc - ok
20:53:02.0842 0x2240  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:53:02.0842 0x2240  fdPHost - ok
20:53:02.0852 0x2240  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:53:02.0852 0x2240  FDResPub - ok
20:53:02.0872 0x2240  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:53:02.0872 0x2240  FileInfo - ok
20:53:02.0872 0x2240  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:53:02.0882 0x2240  Filetrace - ok
20:53:02.0912 0x2240  [ 604627AEC51C55FB7883A574127F47BA, 46B4B072D4E97D1391C5231EF16F39B4AC2552D0C87C289D9F7A6F47391268CD ] firefaceu64     C:\Windows\system32\drivers\fireface_usb_64.sys
20:53:02.0912 0x2240  firefaceu64 - ok
20:53:02.0922 0x2240  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:53:02.0922 0x2240  flpydisk - ok
20:53:02.0942 0x2240  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:53:02.0942 0x2240  FltMgr - ok
20:53:02.0982 0x2240  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:53:03.0002 0x2240  FontCache - ok
20:53:03.0042 0x2240  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:53:03.0042 0x2240  FontCache3.0.0.0 - ok
20:53:03.0052 0x2240  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:53:03.0052 0x2240  FsDepends - ok
20:53:03.0062 0x2240  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:53:03.0062 0x2240  Fs_Rec - ok
20:53:03.0102 0x2240  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:53:03.0102 0x2240  fvevol - ok
20:53:03.0132 0x2240  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:53:03.0132 0x2240  gagp30kx - ok
20:53:03.0162 0x2240  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:53:03.0172 0x2240  gpsvc - ok
20:53:03.0182 0x2240  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:53:03.0182 0x2240  hcw85cir - ok
20:53:03.0232 0x2240  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:53:03.0242 0x2240  HdAudAddService - ok
20:53:03.0272 0x2240  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:53:03.0272 0x2240  HDAudBus - ok
20:53:03.0292 0x2240  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:53:03.0292 0x2240  HidBatt - ok
20:53:03.0302 0x2240  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:53:03.0302 0x2240  HidBth - ok
20:53:03.0332 0x2240  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:53:03.0332 0x2240  HidIr - ok
20:53:03.0342 0x2240  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
20:53:03.0342 0x2240  hidserv - ok
20:53:03.0372 0x2240  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:53:03.0372 0x2240  HidUsb - ok
20:53:03.0477 0x2240  [ F18AD7C894B8EAB8C4DF55A10BCDA766, 7FE60DCBEED8A434AD27720BEC1BF90DB16BF209D37634ACE74BC2B6C78D73B0 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
20:53:03.0477 0x2240  HitmanProScheduler - ok
20:53:03.0497 0x2240  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:53:03.0507 0x2240  hkmsvc - ok
20:53:03.0537 0x2240  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:53:03.0547 0x2240  HomeGroupListener - ok
20:53:03.0567 0x2240  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:53:03.0577 0x2240  HomeGroupProvider - ok
20:53:03.0587 0x2240  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:53:03.0587 0x2240  HpSAMD - ok
20:53:03.0627 0x2240  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:53:03.0637 0x2240  HTTP - ok
20:53:03.0647 0x2240  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:53:03.0647 0x2240  hwpolicy - ok
20:53:03.0677 0x2240  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:53:03.0687 0x2240  i8042prt - ok
20:53:03.0707 0x2240  [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor          C:\Windows\system32\drivers\iaStor.sys
20:53:03.0707 0x2240  iaStor - ok
20:53:03.0787 0x2240  [ 545462D0DBE24AF379BA869B7C185CCD, 056F9D0D5FD4FEF37665A35A4029722FF60D02A69854E952DC361CC0E5CD26F9 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
20:53:03.0787 0x2240  IAStorDataMgrSvc - ok
20:53:03.0827 0x2240  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:53:03.0827 0x2240  iaStorV - ok
20:53:03.0877 0x2240  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:53:03.0887 0x2240  idsvc - ok
20:53:03.0907 0x2240  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:53:03.0907 0x2240  iirsp - ok
20:53:03.0937 0x2240  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:53:03.0947 0x2240  IKEEXT - ok
20:53:03.0977 0x2240  [ 748EEDBB095FE6535C7E3616AEBC533F, D9B226AC0C969C2A1DFC68DCCBABF0C82B16A3F836FC07A90BCA13719FF13E2C ] iLokDrvr        C:\Windows\system32\DRIVERS\iLokDrvr.sys
20:53:03.0987 0x2240  iLokDrvr - ok
20:53:04.0097 0x2240  [ 150AC23F21DBDBF8488408BA944B0D65, 77A3A0FB5208AA061224CFACC4D136A260132CC4BA01D105AE1532B749968708 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:53:04.0147 0x2240  IntcAzAudAddService - ok
20:53:04.0217 0x2240  [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
20:53:04.0227 0x2240  Intel® Capability Licensing Service Interface - ok
20:53:04.0247 0x2240  [ FB166D86AFCBD9A9BFD342DC2564F5DF, 788C0CBC298572566584BD8762D931CC423EBCC1C5D551B3820E939FF667AA65 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
20:53:04.0247 0x2240  Intel® ME Service - ok
20:53:04.0297 0x2240  [ 4A9EB8AC8959C580ADCADDBDBBEBE033, F7386FB51D4A2138A3BA0B76FE0FB6D0F6DF8AC4837345FCBD51308863D46D01 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
20:53:04.0307 0x2240  Intel® PROSet Monitoring Service - ok
20:53:04.0317 0x2240  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:53:04.0317 0x2240  intelide - ok
20:53:04.0347 0x2240  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:53:04.0347 0x2240  intelppm - ok
20:53:04.0367 0x2240  [ E45575812630B049CE0F679D87561A4D, 2645B87960DAA51295530ECF5518E5872B17520293068E7DEA064FEAE3884E87 ] ioatdma1        C:\Windows\System32\Drivers\qd162x64.sys
20:53:04.0367 0x2240  ioatdma1 - ok
20:53:04.0377 0x2240  [ 2C23820DD9E81199E60F553EB50BC449, AF3847AD90A79E9D22DC67F4ED52B1D3FAF7C6420D60F2044C1FB49FD338BB70 ] ioatdma2        C:\Windows\System32\Drivers\qd262x64.sys
20:53:04.0387 0x2240  ioatdma2 - ok
20:53:04.0407 0x2240  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:53:04.0407 0x2240  IPBusEnum - ok
20:53:04.0447 0x2240  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:53:04.0447 0x2240  IpFilterDriver - ok
20:53:04.0507 0x2240  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:53:04.0507 0x2240  iphlpsvc - ok
20:53:04.0517 0x2240  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:53:04.0517 0x2240  IPMIDRV - ok
20:53:04.0527 0x2240  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:53:04.0527 0x2240  IPNAT - ok
20:53:04.0557 0x2240  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:53:04.0557 0x2240  IRENUM - ok
20:53:04.0577 0x2240  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:53:04.0577 0x2240  isapnp - ok
20:53:04.0597 0x2240  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:53:04.0597 0x2240  iScsiPrt - ok
20:53:04.0637 0x2240  [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs        C:\Windows\system32\drivers\iusb3hcs.sys
20:53:04.0637 0x2240  iusb3hcs - ok
20:53:04.0687 0x2240  [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
20:53:04.0687 0x2240  iusb3hub - ok
20:53:04.0737 0x2240  [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
20:53:04.0747 0x2240  iusb3xhc - ok
20:53:04.0777 0x2240  [ B443D3D1B6F21C2B424E49491B65C488, 1C868237247005E49EF6C38EC04C5D58E94DB03755310095CC56A85333BE3969 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
20:53:04.0777 0x2240  jhi_service - ok
20:53:04.0807 0x2240  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:53:04.0807 0x2240  kbdclass - ok
20:53:04.0837 0x2240  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:53:04.0837 0x2240  kbdhid - ok
20:53:04.0847 0x2240  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso          C:\Windows\system32\lsass.exe
20:53:04.0847 0x2240  KeyIso - ok
20:53:04.0857 0x2240  [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:53:04.0867 0x2240  KSecDD - ok
20:53:04.0887 0x2240  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E, 94F1382291BD748BAE7EDBCB56F43B8564A1EE22E2DBEB37066559EE3D065FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:53:04.0887 0x2240  KSecPkg - ok
20:53:04.0907 0x2240  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:53:04.0907 0x2240  ksthunk - ok
20:53:04.0927 0x2240  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:53:04.0937 0x2240  KtmRm - ok
20:53:04.0977 0x2240  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:53:04.0977 0x2240  LanmanServer - ok
20:53:05.0007 0x2240  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:53:05.0007 0x2240  LanmanWorkstation - ok
20:53:05.0107 0x2240  [ 7C4CAFBE3FC655B036026D24B4E5D433, 4B46E427CE18EE2E601FAD2F2CA0CF60E2A8D41F5D9F03DF30D97EA2FFCAF06E ] LiveUpdateSvc   C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
20:53:05.0137 0x2240  LiveUpdateSvc - ok
20:53:05.0187 0x2240  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:53:05.0187 0x2240  lltdio - ok
20:53:05.0197 0x2240  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:53:05.0197 0x2240  lltdsvc - ok
20:53:05.0237 0x2240  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:53:05.0237 0x2240  lmhosts - ok
20:53:05.0277 0x2240  [ 9BE23DF9B1FC56F58DD0F28CC187E713, 1D9D95838A588B59A9553637DEC80CC2B6BD7FE68C053AA4EAA35061FEF47546 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:53:05.0287 0x2240  LMS - ok
20:53:05.0317 0x2240  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:53:05.0317 0x2240  LSI_FC - ok
20:53:05.0327 0x2240  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:53:05.0327 0x2240  LSI_SAS - ok
20:53:05.0347 0x2240  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:53:05.0347 0x2240  LSI_SAS2 - ok
20:53:05.0347 0x2240  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:53:05.0357 0x2240  LSI_SCSI - ok
20:53:05.0367 0x2240  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:53:05.0367 0x2240  luafv - ok
20:53:05.0407 0x2240  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:53:05.0407 0x2240  MBAMProtector - ok
20:53:05.0507 0x2240  [ 516E29AD03BDF610CC36A95AE692FE42, 09F913B169AD775FF587AE59AEC5DD2A2D8646803F48BF616C74EEC0DE3BE7A2 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
20:53:05.0557 0x2240  MBAMScheduler - ok
20:53:05.0577 0x2240  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
20:53:05.0607 0x2240  MBAMService - ok
20:53:05.0627 0x2240  [ F49FB3C88E263AE9A246593B0BB29294, FB53D6FA4A98B98334DCFF81E40712265256D31A9E9FF36022887BABD50F39EB ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
20:53:05.0627 0x2240  MBAMWebAccessControl - ok
20:53:05.0637 0x2240  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:53:05.0647 0x2240  Mcx2Svc - ok
20:53:05.0657 0x2240  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:53:05.0667 0x2240  megasas - ok
20:53:05.0707 0x2240  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:53:05.0707 0x2240  MegaSR - ok
20:53:05.0747 0x2240  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
20:53:05.0747 0x2240  MEIx64 - ok
20:53:05.0777 0x2240  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:53:05.0787 0x2240  MMCSS - ok
20:53:05.0797 0x2240  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:53:05.0807 0x2240  Modem - ok
20:53:05.0827 0x2240  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:53:05.0837 0x2240  monitor - ok
20:53:05.0867 0x2240  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:53:05.0867 0x2240  mouclass - ok
20:53:05.0907 0x2240  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:53:05.0907 0x2240  mouhid - ok
20:53:05.0907 0x2240  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:53:05.0907 0x2240  mountmgr - ok
20:53:05.0927 0x2240  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:53:05.0937 0x2240  mpio - ok
20:53:05.0947 0x2240  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:53:05.0947 0x2240  mpsdrv - ok
20:53:05.0977 0x2240  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:53:05.0987 0x2240  MpsSvc - ok
20:53:06.0007 0x2240  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:53:06.0007 0x2240  MRxDAV - ok
20:53:06.0027 0x2240  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:53:06.0027 0x2240  mrxsmb - ok
20:53:06.0047 0x2240  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:53:06.0047 0x2240  mrxsmb10 - ok
20:53:06.0057 0x2240  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:53:06.0057 0x2240  mrxsmb20 - ok
20:53:06.0067 0x2240  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:53:06.0067 0x2240  msahci - ok
20:53:06.0077 0x2240  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:53:06.0077 0x2240  msdsm - ok
20:53:06.0087 0x2240  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:53:06.0097 0x2240  MSDTC - ok
20:53:06.0117 0x2240  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:53:06.0117 0x2240  Msfs - ok
20:53:06.0147 0x2240  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:53:06.0147 0x2240  mshidkmdf - ok
20:53:06.0167 0x2240  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:53:06.0167 0x2240  msisadrv - ok
20:53:06.0187 0x2240  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:53:06.0187 0x2240  MSiSCSI - ok
20:53:06.0187 0x2240  msiserver - ok
20:53:06.0217 0x2240  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:53:06.0217 0x2240  MSKSSRV - ok
20:53:06.0257 0x2240  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:53:06.0257 0x2240  MSPCLOCK - ok
20:53:06.0277 0x2240  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:53:06.0287 0x2240  MSPQM - ok
20:53:06.0297 0x2240  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:53:06.0307 0x2240  MsRPC - ok
20:53:06.0327 0x2240  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:53:06.0327 0x2240  mssmbios - ok
20:53:06.0357 0x2240  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:53:06.0357 0x2240  MSTEE - ok
20:53:06.0367 0x2240  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:53:06.0367 0x2240  MTConfig - ok
20:53:06.0377 0x2240  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:53:06.0377 0x2240  Mup - ok
20:53:06.0407 0x2240  [ 14C7FDC461FBB874B4D2375E95CB76CD, B53F72084F3653A09A69349EBCC34079A8E5FC91FE801F25DE1E000F09868E96 ] mvs91xx         C:\Windows\system32\drivers\mvs91xx.sys
20:53:06.0407 0x2240  mvs91xx - ok
20:53:06.0437 0x2240  [ D22AE9BDB972785CF9D336204C6005B1, 1AE328C88CF49072C125F41B16C2A2063203B21164245E2850CA491BDD4A522E ] NAL             C:\Windows\system32\Drivers\iqvw64e.sys
20:53:06.0437 0x2240  NAL - ok
20:53:06.0467 0x2240  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:53:06.0477 0x2240  napagent - ok
20:53:06.0507 0x2240  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:53:06.0507 0x2240  NativeWifiP - ok
20:53:06.0537 0x2240  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:53:06.0557 0x2240  NDIS - ok
20:53:06.0597 0x2240  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:53:06.0597 0x2240  NdisCap - ok
20:53:06.0627 0x2240  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:53:06.0627 0x2240  NdisTapi - ok
20:53:06.0637 0x2240  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:53:06.0637 0x2240  Ndisuio - ok
20:53:06.0647 0x2240  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:53:06.0657 0x2240  NdisWan - ok
20:53:06.0677 0x2240  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:53:06.0677 0x2240  NDProxy - ok
20:53:06.0707 0x2240  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:53:06.0707 0x2240  NetBIOS - ok
20:53:06.0727 0x2240  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:53:06.0727 0x2240  NetBT - ok
20:53:06.0737 0x2240  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon        C:\Windows\system32\lsass.exe
20:53:06.0737 0x2240  Netlogon - ok
20:53:06.0787 0x2240  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:53:06.0797 0x2240  Netman - ok
20:53:06.0817 0x2240  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:53:06.0817 0x2240  NetMsmqActivator - ok
20:53:06.0817 0x2240  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:53:06.0817 0x2240  NetPipeActivator - ok
20:53:06.0847 0x2240  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:53:06.0847 0x2240  netprofm - ok
20:53:06.0857 0x2240  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:53:06.0857 0x2240  NetTcpActivator - ok
20:53:06.0857 0x2240  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:53:06.0857 0x2240  NetTcpPortSharing - ok
20:53:06.0887 0x2240  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:53:06.0887 0x2240  nfrd960 - ok
20:53:06.0927 0x2240  [ 0ECAAFE210CD89D14992A53300FEBF45, C22AFB115B7759AA7CADCE0254CAC373AB75065FF5C0F510F0AF96C4C46A7BCF ] NIWinCDEmu      C:\Windows\system32\DRIVERS\NIWinCDEmu.sys
20:53:06.0927 0x2240  NIWinCDEmu - ok
20:53:06.0947 0x2240  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:53:06.0947 0x2240  NlaSvc - ok
20:53:07.0017 0x2240  [ C31FA031335EFF434B2D94278E74BCCE, F5DFD40C16E4013CBAD0E4FB8EF2B4419702B9C215218F69C4A2DD7C4C4C1E2B ] npf             C:\Windows\system32\drivers\npf.sys
20:53:07.0017 0x2240  npf - ok
20:53:07.0037 0x2240  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:53:07.0037 0x2240  Npfs - ok
20:53:07.0057 0x2240  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:53:07.0057 0x2240  nsi - ok
20:53:07.0067 0x2240  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:53:07.0067 0x2240  nsiproxy - ok
20:53:07.0107 0x2240  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:53:07.0147 0x2240  Ntfs - ok
20:53:07.0157 0x2240  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:53:07.0157 0x2240  Null - ok
20:53:07.0197 0x2240  [ B227E75AD10A142DD326B4CC8D73A6D9, CA76D73381ADAB04E86D417788D4EDAAE8343B90DCC9690ED5FFB1C0B1F09057 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
20:53:07.0197 0x2240  nusb3hub - ok
20:53:07.0207 0x2240  [ 55959DB860E4E484681586824D09E52C, EEA42F7DF194A84F207A8DC3BA9BF9ACDBFFFA9C611DA9289528C7F64599563F ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:53:07.0207 0x2240  nusb3xhc - ok
20:53:07.0217 0x2240  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:53:07.0227 0x2240  nvraid - ok
20:53:07.0237 0x2240  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:53:07.0237 0x2240  nvstor - ok
20:53:07.0277 0x2240  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:53:07.0277 0x2240  nv_agp - ok
20:53:07.0287 0x2240  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:53:07.0287 0x2240  ohci1394 - ok
20:53:07.0317 0x2240  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:53:07.0317 0x2240  p2pimsvc - ok
20:53:07.0337 0x2240  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:53:07.0337 0x2240  p2psvc - ok
20:53:07.0367 0x2240  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
20:53:07.0377 0x2240  Parport - ok
20:53:07.0387 0x2240  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:53:07.0387 0x2240  partmgr - ok
20:53:07.0397 0x2240  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:53:07.0397 0x2240  PcaSvc - ok
20:53:07.0417 0x2240  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:53:07.0417 0x2240  pci - ok
20:53:07.0417 0x2240  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:53:07.0427 0x2240  pciide - ok
20:53:07.0437 0x2240  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:53:07.0437 0x2240  pcmcia - ok
20:53:07.0460 0x2240  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:53:07.0460 0x2240  pcw - ok
20:53:07.0477 0x2240  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:53:07.0487 0x2240  PEAUTH - ok
20:53:07.0557 0x2240  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:53:07.0557 0x2240  PerfHost - ok
20:53:07.0597 0x2240  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:53:07.0627 0x2240  pla - ok
20:53:07.0667 0x2240  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:53:07.0677 0x2240  PlugPlay - ok
20:53:07.0687 0x2240  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:53:07.0687 0x2240  PNRPAutoReg - ok
20:53:07.0707 0x2240  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:53:07.0707 0x2240  PNRPsvc - ok
20:53:07.0727 0x2240  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:53:07.0737 0x2240  PolicyAgent - ok
20:53:07.0767 0x2240  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:53:07.0777 0x2240  Power - ok
20:53:07.0817 0x2240  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:53:07.0817 0x2240  PptpMiniport - ok
20:53:07.0827 0x2240  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
20:53:07.0827 0x2240  Processor - ok
20:53:07.0847 0x2240  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:53:07.0857 0x2240  ProfSvc - ok
20:53:07.0867 0x2240  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
20:53:07.0867 0x2240  ProtectedStorage - ok
20:53:07.0907 0x2240  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:53:07.0907 0x2240  Psched - ok
20:53:07.0957 0x2240  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:53:07.0987 0x2240  ql2300 - ok
20:53:08.0017 0x2240  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:53:08.0017 0x2240  ql40xx - ok
20:53:08.0047 0x2240  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:53:08.0047 0x2240  QWAVE - ok
20:53:08.0057 0x2240  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:53:08.0057 0x2240  QWAVEdrv - ok
20:53:08.0067 0x2240  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:53:08.0077 0x2240  RasAcd - ok
20:53:08.0117 0x2240  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:53:08.0117 0x2240  RasAgileVpn - ok
20:53:08.0147 0x2240  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:53:08.0147 0x2240  RasAuto - ok
20:53:08.0177 0x2240  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:53:08.0177 0x2240  Rasl2tp - ok
20:53:08.0217 0x2240  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:53:08.0277 0x2240  RasMan - ok
20:53:08.0307 0x2240  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:53:08.0307 0x2240  RasPppoe - ok
20:53:08.0337 0x2240  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:53:08.0337 0x2240  RasSstp - ok
20:53:08.0357 0x2240  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:53:08.0357 0x2240  rdbss - ok
20:53:08.0367 0x2240  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:53:08.0377 0x2240  rdpbus - ok
20:53:08.0397 0x2240  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:53:08.0407 0x2240  RDPCDD - ok
20:53:08.0407 0x2240  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:53:08.0407 0x2240  RDPENCDD - ok
20:53:08.0437 0x2240  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:53:08.0437 0x2240  RDPREFMP - ok
20:53:08.0467 0x2240  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:53:08.0477 0x2240  RdpVideoMiniport - ok
20:53:08.0487 0x2240  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:53:08.0487 0x2240  RDPWD - ok
20:53:08.0527 0x2240  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:53:08.0527 0x2240  rdyboost - ok
20:53:08.0557 0x2240  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:53:08.0557 0x2240  RemoteAccess - ok
20:53:08.0567 0x2240  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:53:08.0567 0x2240  RemoteRegistry - ok
20:53:08.0577 0x2240  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:53:08.0587 0x2240  RpcEptMapper - ok
20:53:08.0597 0x2240  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:53:08.0607 0x2240  RpcLocator - ok
20:53:08.0617 0x2240  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:53:08.0627 0x2240  RpcSs - ok
20:53:08.0647 0x2240  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:53:08.0647 0x2240  rspndr - ok
20:53:08.0657 0x2240  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs           C:\Windows\system32\lsass.exe
20:53:08.0657 0x2240  SamSs - ok
20:53:08.0767 0x2240  [ 5EFBBFCC6ADAC121C8E2FE76641ED329, 0EAB16C7F54B61620277977F8C332737081A46BC6BBDE50742B6904BDD54F502 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\WNt500x64\Sandra.sys
20:53:08.0767 0x2240  SANDRA - ok
20:53:08.0777 0x2240  [ 7D65232C1F0A63B065CA251729AFC230, E1E8F277413373B8CA8796C763683E1BB84894BF9459464AFED4F0CB09C94775 ] SandraAgentSrv  C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe
20:53:08.0787 0x2240  SandraAgentSrv - ok
20:53:08.0797 0x2240  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:53:08.0807 0x2240  sbp2port - ok
20:53:08.0827 0x2240  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:53:08.0827 0x2240  SCardSvr - ok
20:53:08.0837 0x2240  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:53:08.0847 0x2240  scfilter - ok
20:53:08.0877 0x2240  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:53:08.0897 0x2240  Schedule - ok
20:53:08.0927 0x2240  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:53:08.0927 0x2240  SCPolicySvc - ok
20:53:08.0937 0x2240  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:53:08.0937 0x2240  SDRSVC - ok
20:53:08.0977 0x2240  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:53:08.0977 0x2240  secdrv - ok
20:53:08.0987 0x2240  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:53:08.0987 0x2240  seclogon - ok
20:53:09.0017 0x2240  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:53:09.0017 0x2240  SENS - ok
20:53:09.0047 0x2240  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:53:09.0057 0x2240  SensrSvc - ok
20:53:09.0087 0x2240  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:53:09.0087 0x2240  Serenum - ok
20:53:09.0097 0x2240  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:53:09.0097 0x2240  Serial - ok
20:53:09.0137 0x2240  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:53:09.0137 0x2240  sermouse - ok
20:53:09.0147 0x2240  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:53:09.0157 0x2240  SessionEnv - ok
20:53:09.0167 0x2240  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:53:09.0167 0x2240  sffdisk - ok
20:53:09.0177 0x2240  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:53:09.0177 0x2240  sffp_mmc - ok
20:53:09.0187 0x2240  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:53:09.0187 0x2240  sffp_sd - ok
20:53:09.0197 0x2240  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:53:09.0197 0x2240  sfloppy - ok
20:53:09.0217 0x2240  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:53:09.0217 0x2240  SharedAccess - ok
20:53:09.0237 0x2240  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:53:09.0247 0x2240  ShellHWDetection - ok
20:53:09.0267 0x2240  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:53:09.0267 0x2240  SiSRaid2 - ok
20:53:09.0287 0x2240  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:53:09.0287 0x2240  SiSRaid4 - ok
20:53:09.0327 0x2240  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:53:09.0327 0x2240  Smb - ok
20:53:09.0347 0x2240  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:53:09.0347 0x2240  SNMPTRAP - ok
20:53:09.0347 0x2240  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:53:09.0347 0x2240  spldr - ok
20:53:09.0377 0x2240  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
20:53:09.0387 0x2240  Spooler - ok
20:53:09.0447 0x2240  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:53:09.0527 0x2240  sppsvc - ok
20:53:09.0547 0x2240  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:53:09.0547 0x2240  sppuinotify - ok
20:53:09.0567 0x2240  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:53:09.0577 0x2240  srv - ok
20:53:09.0587 0x2240  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:53:09.0597 0x2240  srv2 - ok
20:53:09.0607 0x2240  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:53:09.0617 0x2240  srvnet - ok
20:53:09.0647 0x2240  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:53:09.0647 0x2240  SSDPSRV - ok
20:53:09.0657 0x2240  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:53:09.0657 0x2240  SstpSvc - ok
20:53:09.0677 0x2240  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:53:09.0677 0x2240  stexstor - ok
20:53:09.0697 0x2240  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:53:09.0707 0x2240  stisvc - ok
20:53:09.0717 0x2240  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:53:09.0717 0x2240  swenum - ok
20:53:09.0727 0x2240  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:53:09.0737 0x2240  swprv - ok
20:53:09.0767 0x2240  [ BCB6AA197267D3506BE2535342FC40E0, 562154EEFEB433680C19CE07A1D0E1058977A25367775061544F2A66439F4400 ] synusb64        C:\Windows\system32\DRIVERS\synusb64.sys
20:53:09.0767 0x2240  synusb64 - ok
20:53:09.0807 0x2240  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:53:09.0847 0x2240  SysMain - ok
20:53:09.0857 0x2240  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:53:09.0867 0x2240  TabletInputService - ok
20:53:09.0877 0x2240  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:53:09.0877 0x2240  TapiSrv - ok
20:53:09.0887 0x2240  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:53:09.0887 0x2240  TBS - ok
20:53:09.0967 0x2240  [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:53:10.0017 0x2240  Tcpip - ok
20:53:10.0077 0x2240  [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:53:10.0097 0x2240  TCPIP6 - ok
20:53:10.0117 0x2240  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:53:10.0117 0x2240  tcpipreg - ok
20:53:10.0137 0x2240  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:53:10.0137 0x2240  TDPIPE - ok
20:53:10.0157 0x2240  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:53:10.0157 0x2240  TDTCP - ok
20:53:10.0187 0x2240  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:53:10.0187 0x2240  tdx - ok
20:53:10.0217 0x2240  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:53:10.0217 0x2240  TermDD - ok
20:53:10.0267 0x2240  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
20:53:10.0277 0x2240  TermService - ok
20:53:10.0297 0x2240  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:53:10.0297 0x2240  Themes - ok
20:53:10.0307 0x2240  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:53:10.0307 0x2240  THREADORDER - ok
20:53:10.0367 0x2240  [ BA73D503348F3323BD8E995860323442, A01A16283D19F28D4BA41E4FF7A699F07B278317D436E7503F255AF4F89999A2 ] Tpkd            C:\Windows\system32\drivers\Tpkd.sys
20:53:10.0367 0x2240  Tpkd - ok
20:53:10.0387 0x2240  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:53:10.0387 0x2240  TrkWks - ok
20:53:10.0427 0x2240  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:53:10.0427 0x2240  TrustedInstaller - ok
20:53:10.0447 0x2240  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:53:10.0447 0x2240  tssecsrv - ok
20:53:10.0487 0x2240  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:53:10.0487 0x2240  TsUsbFlt - ok
20:53:10.0507 0x2240  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:53:10.0507 0x2240  TsUsbGD - ok
20:53:10.0547 0x2240  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:53:10.0547 0x2240  tunnel - ok
20:53:10.0567 0x2240  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:53:10.0567 0x2240  uagp35 - ok
20:53:10.0577 0x2240  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:53:10.0587 0x2240  udfs - ok
20:53:10.0607 0x2240  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:53:10.0617 0x2240  UI0Detect - ok
20:53:10.0657 0x2240  [ 9D93D9B3410EDFC62AA053EB849FC642, 645EA1D955A637C9D3CC1CC532B9929E1E78E68255401675936288BFEBB5E98F ] UimBus          C:\Windows\system32\DRIVERS\uimx64.sys
20:53:10.0657 0x2240  UimBus - ok
20:53:10.0677 0x2240  [ 37EE073A0DCB8CF20A09343AB0E939E7, C902BE6DA7BFFC02598FFDFA1CE2FA191EB45B7234619F98AF99FCC2C4D8C5A3 ] Uim_IM          C:\Windows\system32\Drivers\Uim_IMx64.sys
20:53:10.0687 0x2240  Uim_IM - ok
20:53:10.0697 0x2240  [ 660F699D745D5C004DFC343FEF50A011, 0D865989AA45AFC840085BBFFD7DE7BA5838FD3CAC43ED4A6ABC776F41053CD0 ] Uim_VIM         C:\Windows\system32\Drivers\uim_vimx64.sys
20:53:10.0707 0x2240  Uim_VIM - ok
20:53:10.0737 0x2240  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:53:10.0737 0x2240  uliagpkx - ok
20:53:10.0777 0x2240  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:53:10.0777 0x2240  umbus - ok
20:53:10.0787 0x2240  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:53:10.0797 0x2240  UmPass - ok
20:53:10.0857 0x2240  [ 30FF46EABCA1BB18E4F357492A8F7FC9, 486CBF02CA089684F222FA52756C5442FE3F3AA5E89D814B6E7C4F411DECC86B ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:53:10.0867 0x2240  UNS - ok
20:53:10.0887 0x2240  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:53:10.0887 0x2240  upnphost - ok
20:53:10.0937 0x2240  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A, DE1CDDEEF2285CC8387E88ACB13C000576DC8819DF6DC648C988068B5C83BB15 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:53:10.0937 0x2240  usbaudio - ok
20:53:10.0947 0x2240  [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:53:10.0947 0x2240  usbccgp - ok
20:53:10.0977 0x2240  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:53:10.0977 0x2240  usbcir - ok
20:53:10.0987 0x2240  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:53:10.0997 0x2240  usbehci - ok
20:53:11.0027 0x2240  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:53:11.0027 0x2240  usbhub - ok
20:53:11.0037 0x2240  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:53:11.0047 0x2240  usbohci - ok
20:53:11.0047 0x2240  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:53:11.0047 0x2240  usbprint - ok
20:53:11.0057 0x2240  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:53:11.0057 0x2240  USBSTOR - ok
20:53:11.0067 0x2240  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:53:11.0067 0x2240  usbuhci - ok
20:53:11.0087 0x2240  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:53:11.0097 0x2240  UxSms - ok
20:53:11.0117 0x2240  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc        C:\Windows\system32\lsass.exe
20:53:11.0117 0x2240  VaultSvc - ok
20:53:11.0147 0x2240  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:53:11.0147 0x2240  vdrvroot - ok
20:53:11.0177 0x2240  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:53:11.0187 0x2240  vds - ok
20:53:11.0217 0x2240  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:53:11.0217 0x2240  vga - ok
20:53:11.0227 0x2240  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:53:11.0227 0x2240  VgaSave - ok
20:53:11.0237 0x2240  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:53:11.0247 0x2240  vhdmp - ok
20:53:11.0257 0x2240  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:53:11.0267 0x2240  viaide - ok
20:53:11.0297 0x2240  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:53:11.0297 0x2240  volmgr - ok
20:53:11.0317 0x2240  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:53:11.0317 0x2240  volmgrx - ok
20:53:11.0347 0x2240  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:53:11.0357 0x2240  volsnap - ok
20:53:11.0367 0x2240  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:53:11.0377 0x2240  vsmraid - ok
20:53:11.0462 0x2240  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:53:11.0535 0x2240  VSS - ok
20:53:11.0545 0x2240  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:53:11.0555 0x2240  vwifibus - ok
20:53:11.0575 0x2240  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:53:11.0575 0x2240  W32Time - ok
20:53:11.0595 0x2240  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:53:11.0595 0x2240  WacomPen - ok
20:53:11.0625 0x2240  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:53:11.0625 0x2240  WANARP - ok
20:53:11.0645 0x2240  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:53:11.0645 0x2240  Wanarpv6 - ok
20:53:11.0705 0x2240  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:53:11.0725 0x2240  WatAdminSvc - ok
20:53:11.0775 0x2240  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:53:11.0805 0x2240  wbengine - ok
20:53:11.0855 0x2240  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:53:11.0855 0x2240  WbioSrvc - ok
20:53:11.0865 0x2240  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:53:11.0875 0x2240  wcncsvc - ok
20:53:11.0895 0x2240  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:53:11.0895 0x2240  WcsPlugInService - ok
20:53:11.0905 0x2240  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
20:53:11.0905 0x2240  Wd - ok
20:53:11.0955 0x2240  [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:53:11.0965 0x2240  Wdf01000 - ok
20:53:11.0985 0x2240  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:53:11.0985 0x2240  WdiServiceHost - ok
20:53:11.0985 0x2240  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:53:11.0995 0x2240  WdiSystemHost - ok
20:53:12.0005 0x2240  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
20:53:12.0015 0x2240  WebClient - ok
20:53:12.0035 0x2240  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:53:12.0045 0x2240  Wecsvc - ok
20:53:12.0055 0x2240  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:53:12.0065 0x2240  wercplsupport - ok
20:53:12.0095 0x2240  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:53:12.0105 0x2240  WerSvc - ok
20:53:12.0135 0x2240  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:53:12.0145 0x2240  WfpLwf - ok
20:53:12.0145 0x2240  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:53:12.0145 0x2240  WIMMount - ok
20:53:12.0155 0x2240  WinDefend - ok
20:53:12.0175 0x2240  WinHttpAutoProxySvc - ok
20:53:12.0255 0x2240  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:53:12.0255 0x2240  Winmgmt - ok
20:53:12.0305 0x2240  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:53:12.0355 0x2240  WinRM - ok
20:53:12.0385 0x2240  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:53:12.0385 0x2240  WinUsb - ok
20:53:12.0425 0x2240  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:53:12.0435 0x2240  Wlansvc - ok
20:53:12.0465 0x2240  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:53:12.0465 0x2240  WmiAcpi - ok
20:53:12.0485 0x2240  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:53:12.0495 0x2240  wmiApSrv - ok
20:53:12.0535 0x2240  WMPNetworkSvc - ok
20:53:12.0565 0x2240  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:53:12.0565 0x2240  WPCSvc - ok
20:53:12.0585 0x2240  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:53:12.0585 0x2240  WPDBusEnum - ok
20:53:12.0605 0x2240  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:53:12.0605 0x2240  ws2ifsl - ok
20:53:12.0625 0x2240  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
20:53:12.0625 0x2240  wscsvc - ok
20:53:12.0625 0x2240  WSearch - ok
20:53:12.0695 0x2240  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:53:12.0745 0x2240  wuauserv - ok
20:53:12.0765 0x2240  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:53:12.0765 0x2240  WudfPf - ok
20:53:12.0815 0x2240  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:53:12.0815 0x2240  WUDFRd - ok
20:53:12.0835 0x2240  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:53:12.0835 0x2240  wudfsvc - ok
20:53:12.0855 0x2240  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:53:12.0855 0x2240  WwanSvc - ok
20:53:12.0875 0x2240  ================ Scan global ===============================
20:53:12.0895 0x2240  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:53:12.0915 0x2240  [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
20:53:12.0925 0x2240  [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
20:53:12.0945 0x2240  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:53:12.0965 0x2240  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:53:12.0975 0x2240  [ Global ] - ok
20:53:12.0975 0x2240  ================ Scan MBR ==================================
20:53:12.0985 0x2240  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:53:13.0245 0x2240  \Device\Harddisk0\DR0 - ok
20:53:13.0245 0x2240  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:53:13.0275 0x2240  \Device\Harddisk1\DR1 - ok
20:53:13.0275 0x2240  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
20:53:13.0295 0x2240  \Device\Harddisk2\DR2 - ok
20:53:13.0295 0x2240  ================ Scan VBR ==================================
20:53:13.0325 0x2240  [ 5A90F6F775135BC582533E0223EACC63 ] \Device\Harddisk0\DR0\Partition1
20:53:13.0355 0x2240  \Device\Harddisk0\DR0\Partition1 - ok
20:53:13.0355 0x2240  [ 457B07B5ED77BA18DD6BBC3A0C5CB9C3 ] \Device\Harddisk1\DR1\Partition1
20:53:13.0395 0x2240  \Device\Harddisk1\DR1\Partition1 - ok
20:53:13.0395 0x2240  [ B46AD96BAF3D4DA406D589A8C1DD278D ] \Device\Harddisk2\DR2\Partition1
20:53:13.0435 0x2240  \Device\Harddisk2\DR2\Partition1 - ok
20:53:13.0435 0x2240  ================ Scan generic autorun ======================
20:53:13.0695 0x2240  [ D007799BCE71206A5783DD510D4BC36A, 393AB1CC0EADE8E2F8D424088539D2C810B9814EF547F1CD3292B9EAB655683F ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
20:53:13.0945 0x2240  RTHDVCPL - ok
20:53:13.0975 0x2240  [ 195772D5ACA43B0DD4665C5963A62791, DB76E354122D4B5F7BBEADFE56651B13CC045AEC91FBF0B094B2A9C75659D5C1 ] C:\Windows\system32\firefaceusb.exe
20:53:13.0975 0x2240  FirefaceUsbTray1 - ok
20:53:14.0075 0x2240  [ D3FD91DC794B6ED8B6EFAE4EE5A680D0, C5D673B0D1583C8D8B2CC75AD580E6A955628ED098DF6B86777E3EF49C3396AE ] C:\Windows\system32\TotalMixFX.exe
20:53:14.0185 0x2240  FirefaceMixTray2 - ok
20:53:14.0225 0x2240  [ 5514B64F7F2D25E09E2FDAF5D62B688C, 43263715ADC49250762A01E41DB2832C6A8B63CE4F66CDD8FC0B51DCA031DF27 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
20:53:14.0225 0x2240  IAStorIcon - ok
20:53:14.0235 0x2240  [ 8943465BEFA91044227D42E84ECB8280, 76D19CE3EB7E6C6573F250543CDC10B3601604535BFB756805AE246FA55AC265 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
20:53:14.0235 0x2240  NUSB3MON - ok
20:53:14.0275 0x2240  [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
20:53:14.0275 0x2240  USB3MON - ok
20:53:14.0305 0x2240  [ 47C1DE0A890613FFCFF1D67648EEDF90, 5821567D7DD99623257AEA794023EF4200E6E17FD09656B40D97C44A35C701BB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:53:14.0325 0x2240  Adobe ARM - ok
20:53:14.0355 0x2240  [ 35AC4B63CBB9FB6B4472913E9948B517, 104C7D5E97A680CDF660AA98E6E92447F0FF6B857A847CDAFB0A9EB26086B5A4 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
20:53:14.0355 0x2240  APSDaemon - ok
20:53:14.0395 0x2240  [ 916A2C4EB028604783FD5EA169236C1D, C97DAA1BE5C912DDCEDBA7619631BB98F4A9B32B1E40C5374A64E25305E0A1C4 ] C:\Program Files (x86)\QuickTime\QTTask.exe
20:53:14.0405 0x2240  QuickTime Task - ok
20:53:14.0455 0x2240  [ 771065F894996232D61E3311D02BA7CF, 63451C0E5E85153490F5E7C3F26146274CC42CC625BEA5F5BC16A92001A8FA30 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
20:53:14.0465 0x2240  StartCCC - ok
20:53:14.0465 0x2240  AMD AVT - ok
20:53:14.0525 0x2240  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:53:14.0545 0x2240  Sidebar - ok
20:53:14.0565 0x2240  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:53:14.0565 0x2240  mctadmin - ok
20:53:14.0595 0x2240  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:53:14.0605 0x2240  Sidebar - ok
20:53:14.0615 0x2240  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:53:14.0615 0x2240  mctadmin - ok
20:53:14.0615 0x2240  Waiting for KSN requests completion. In queue: 311
20:53:15.0615 0x2240  Waiting for KSN requests completion. In queue: 311
20:53:16.0615 0x2240  Waiting for KSN requests completion. In queue: 311
20:53:17.0615 0x2240  Win FW state via NFP2: enabled ( trusted )
20:53:20.0425 0x2240  ============================================================
20:53:20.0425 0x2240  Scan finished
20:53:20.0425 0x2240  ============================================================
20:53:20.0425 0x2248  Detected object count: 0
20:53:20.0425 0x2248  Actual detected object count: 0
20:56:22.0377 0x2154  Deinitialize success

 

 

 

***************************

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-12-2015
Ran by Owner (administrator) on OWNER-PC130426 (18-12-2015 21:02:22)
Running from C:\Users\Owner\Desktop\Virus 2015
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(RME) C:\Windows\System32\firefaceusb.exe
(RME) C:\Windows\System32\TotalMixFX.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Users\Owner\AppData\Roaming\autostarter.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(IObit) C:\Program Files (x86)\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [FirefaceUsbTray1] => C:\Windows\system32\firefaceusb.exe [91648 2013-05-22] (RME)
HKLM\...\Run: [FirefaceMixTray2] => C:\Windows\system32\TotalMixFX.exe [5417984 2013-05-22] (RME)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\...\MountPoints2: {7bd98a45-be33-11e2-80ec-806e6f6e6963} - D:\PC_Clickme.exe
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\...\MountPoints2: {858c1b64-1685-11e3-9fed-00224d7c7b24} - G:\setup.exe -a
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk [2015-12-05]
ShortcutTarget: AutoStarter.lnk -> C:\Users\Owner\AppData\Roaming\autostarter.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9C660B52-B659-4163-8C02-97F709D13616}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKU\S-1-5-21-1454793562-2284514846-3538862010-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\eybeig3d.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxps://www.yahoo.com/
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\eybeig3d.default\extensions\iobitascsurfingprotection@iobit.com [not found]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-12-14] (SurfRight B.V.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe [71832 2009-04-22] (SiSoftware) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 firefaceu64; C:\Windows\System32\drivers\fireface_usb_64.sys [100736 2013-05-22] (RME)
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [111696 2014-02-05] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
R3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-09-17] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633552 2012-09-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390224 2012-09-17] (Paragon)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-18 20:52 - 2015-12-18 20:56 - 00199050 _____ C:\TDSSKiller.3.1.0.9_18.12.2015_20.52.10_log.txt
2015-12-18 20:51 - 2015-12-18 20:51 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Desktop\tdsskiller.exe
2015-12-16 19:02 - 2015-12-18 20:58 - 00006589 _____ C:\Users\Owner\AppData\Roaming\loadit.exe
2015-12-16 18:29 - 2015-12-16 18:29 - 00000000 ____D C:\Users\Owner\Desktop\FRST-OlderVersion
2015-12-14 23:00 - 2015-12-14 23:01 - 00041080 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-12-14 19:58 - 2015-12-14 19:58 - 00000000 ____D C:\EEK
2015-12-14 19:45 - 2015-12-14 19:53 - 00000000 ____D C:\AdwCleaner
2015-12-13 22:33 - 2015-12-13 22:33 - 00000372 _____ C:\Users\Owner\Desktop\www.steinberg.net My Support.URL
2015-12-13 21:23 - 2015-12-13 21:23 - 00000272 _____ C:\Users\Owner\Desktop\Virus, Trojan, Spyware, and Malware Removal Logs Forum - BleepingComputer.com.URL
2015-12-13 20:48 - 2015-12-18 21:02 - 00000000 ____D C:\FRST
2015-12-13 20:46 - 2015-12-16 18:46 - 00000000 ____D C:\Users\Owner\Desktop\Virus 2015
2015-12-13 15:28 - 2015-12-14 23:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-12-13 15:28 - 2015-12-13 15:28 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-12-13 15:28 - 2015-12-13 15:28 - 00003338 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-12-13 15:28 - 2015-12-13 15:28 - 00000000 ____D C:\sh4ldr
2015-12-13 15:28 - 2015-12-13 15:28 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-12-13 15:28 - 2015-12-13 15:28 - 00000000 _____ C:\autoexec.bat
2015-12-13 14:59 - 2015-12-13 14:59 - 00001316 _____ C:\Users\Public\Desktop\eLicenser Control Center.lnk
2015-12-12 21:46 - 2015-12-13 13:48 - 00002151 _____ C:\Users\Owner\AppData\Roaming\05_2013_CS
2015-11-30 18:33 - 2015-12-13 13:51 - 00000000 ____D C:\Users\Owner\Desktop\I5 install
2015-11-27 23:08 - 2015-11-27 23:08 - 00001016 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
2015-11-27 23:08 - 2015-11-27 23:08 - 00000000 __HDC C:\ProgramData\{9179C0A4-3D98-4B5D-B8BD-BD155B46E0DD}
2015-11-27 23:07 - 2015-11-27 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2015-11-27 23:06 - 2015-11-27 23:06 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-27 23:01 - 2015-11-27 23:03 - 507720043 _____ C:\Users\Owner\Downloads\Kontakt_5_551_PC.zip
2015-11-27 22:55 - 2015-11-27 22:55 - 00000000 __HDC C:\ProgramData\{819B8AD7-B373-48C0-B834-A141BB936919}
2015-11-27 22:31 - 2015-11-27 22:52 - 00000000 ____D C:\Users\Owner\Downloads\NI Session Horns
2015-11-27 15:55 - 2015-11-27 15:58 - 1201227574 _____ C:\Users\Owner\Downloads\TT265_EZX_Rock_WIN.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-18 20:48 - 2014-02-17 20:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2015-12-18 14:29 - 2013-05-22 09:51 - 02752173 _____ C:\IFRToolLog.txt
2015-12-18 14:24 - 2012-08-30 09:36 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-12-17 20:40 - 2013-06-23 16:53 - 00000016 _____ C:\Windows\SysWOW64\w3data.vss
2015-12-17 20:40 - 2013-06-23 16:53 - 00000016 _____ C:\Windows\SysWOW64\msvcsv60.dll
2015-12-17 20:40 - 2013-06-23 16:53 - 00000016 _____ C:\Windows\msocreg32.dat
2015-12-17 20:40 - 2013-06-23 16:53 - 00000016 _____ C:\Users\Owner\AppData\Roaming\msregsvv.dll
2015-12-17 20:40 - 2013-06-23 16:53 - 00000016 _____ C:\ProgramData\autobk.inc
2015-12-17 20:02 - 2015-10-24 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-17 19:54 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-17 19:54 - 2009-07-13 20:45 - 00024496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-17 19:54 - 2009-07-13 20:45 - 00024496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-17 19:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-17 19:47 - 2012-08-30 09:36 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-12-17 19:47 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-16 20:17 - 2015-09-08 19:51 - 00000000 ____D C:\Users\Owner\Desktop\K
2015-12-16 18:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-14 22:09 - 2015-10-30 18:46 - 00002904 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Owner
2015-12-14 21:25 - 2015-09-09 20:10 - 00000193 _____ C:\Windows\WORDPAD.INI
2015-12-14 19:23 - 2009-07-13 21:08 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-13 15:44 - 2015-10-30 18:46 - 00000000 ____D C:\Program Files (x86)\IObit Uninstaller
2015-12-13 14:59 - 2013-05-22 10:25 - 00000049 _____ C:\Windows\SysWOW64\SYNSOPOS.exe.cfg
2015-12-13 14:59 - 2013-05-22 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2015-12-13 14:59 - 2013-05-22 10:25 - 00000000 ____D C:\Program Files (x86)\eLicenser
2015-12-13 13:56 - 2014-12-26 13:35 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-13 13:52 - 2013-05-16 06:21 - 00000000 ____D C:\Users\Owner
2015-12-13 13:51 - 2015-10-30 18:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ProductData
2015-12-13 13:51 - 2015-10-30 18:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IObit
2015-12-13 13:51 - 2015-10-30 18:46 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\IObit
2015-12-13 13:51 - 2015-10-30 18:46 - 00000000 ____D C:\ProgramData\ProductData
2015-12-13 13:51 - 2015-10-24 12:25 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IrfanView
2015-12-13 13:51 - 2014-12-26 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-13 13:51 - 2014-12-26 13:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-13 13:51 - 2011-04-12 00:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-13 13:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-12-13 13:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2015-12-05 16:03 - 2015-10-24 14:40 - 00000000 ____D C:\Users\Owner\Documents\Attachments
2015-11-29 14:59 - 2015-11-01 16:27 - 00000000 ____D C:\Users\Owner\AppData\Local\QuickPar
2015-11-29 01:00 - 2013-05-17 05:49 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2015-11-27 23:07 - 2014-02-05 19:05 - 00000000 ____D C:\Program Files\Native Instruments
2015-11-27 21:55 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-11-25 17:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports

==================== Files in the root of some directories =======

2013-04-25 07:00 - 2013-04-25 07:00 - 1971200 _____ (Waves Audio Ltd.) C:\Program Files\WaveShell-VST 9.2_x64.dll
2013-04-25 07:00 - 2013-04-25 07:00 - 1495040 _____ (Waves Audio Ltd.) C:\Program Files (x86)\WaveShell-VST 9.2.dll
2015-12-12 21:46 - 2015-12-13 13:48 - 0002151 _____ () C:\Users\Owner\AppData\Roaming\05_2013_CS
2015-10-31 11:06 - 2014-09-22 23:52 - 121179863 _____ () C:\Users\Owner\AppData\Roaming\autostarter.exe
2015-12-16 19:02 - 2015-12-18 20:58 - 0006589 _____ () C:\Users\Owner\AppData\Roaming\loadit.exe
2013-06-23 16:53 - 2015-12-17 20:40 - 0000016 _____ () C:\Users\Owner\AppData\Roaming\msregsvv.dll
2005-04-07 18:16 - 2015-10-30 19:47 - 0004951 ____H () C:\Users\Owner\AppData\Roaming\Ownerlog.dat
2013-05-17 06:42 - 2013-05-21 09:07 - 14184448 _____ () C:\Users\Owner\AppData\Roaming\Sandra.mdb
2015-10-31 11:12 - 2015-10-31 11:12 - 0000043 _____ () C:\Users\Owner\AppData\Roaming\url.txt
2015-10-31 13:07 - 2015-10-31 13:07 - 0003584 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-23 16:53 - 2015-12-17 20:40 - 0000016 _____ () C:\ProgramData\autobk.inc
2014-07-13 12:12 - 2014-07-13 12:12 - 0000389 _____ () C:\ProgramData\RUNDLL32.EXE-1400-F.txt
2014-07-13 12:08 - 2014-07-13 12:09 - 0002148 _____ () C:\ProgramData\RUNDLL32.EXE-1628-F.txt
2014-07-13 12:15 - 2014-07-13 12:16 - 0001178 _____ () C:\ProgramData\RUNDLL32.EXE-1920-F.txt
2014-07-13 12:24 - 2014-07-13 12:35 - 0001498 _____ () C:\ProgramData\RUNDLL32.EXE-3196-F.txt
2014-07-13 12:11 - 2014-07-13 12:12 - 0001559 _____ () C:\ProgramData\RUNDLL32.EXE-3264-F.txt
2014-07-13 12:42 - 2014-07-13 12:48 - 0004813 _____ () C:\ProgramData\RUNDLL32.EXE-3360-F.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-11 22:21

==================== End of FRST.txt ============================

 



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:03 AM

Posted 20 December 2015 - 05:05 PM

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   856bytes   3 downloads

 

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

If you still get that pop up about loadit.exe. please copy down exactly what it says.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Spaceace

Spaceace
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 23 December 2015 - 12:05 AM

Hello. Sorry, I ran the scan late monday but didnt get to upload it.

 

I've run the file you provided and the JRT tool. See logs below. So far so good. I need to use the system for a while to see if pop up is gone. It's random.

 

So far I havent seen anything, which is a good sign.

 

 

The only thing I need to ask is, "loadit.exe" is still in the roaming folder on my C drive.

 

Can I delete it? If it reloads the exe will the pop up issue begin again?

Please advise if I can delete it either in regular mode or in safe mode?

 

I'll use the system today and see if I get the pop up.
 

I'll report back tomorrow.

 

Really appreciate your patience and assistance.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Owner (2015-12-21 19:44:14) Run:3
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Users\Owner\AppData\Roaming\autostarter.exe
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk [2015-12-05]
ShortcutTarget: AutoStarter.lnk -> C:\Users\Owner\AppData\Roaming\autostarter.exe ()
SearchScopes: HKU\S-1-5-21-1454793562-2284514846-3538862010-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\eybeig3d.default\extensions\iobitascsurfingprotection@iobit.com [not found]
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:SJsVS89VlJFm0C1HOcUEIw
AlternateDataStreams: C:\ProgramData\Microsoft:Sj1PQj8df9zYIK5Is3aq
AlternateDataStreams: C:\ProgramData\Microsoft:Y4RPBejZ8jouzD5Ujh7q
AlternateDataStreams: C:\Users\Owner\AppData\Local\Temporary Internet Files:WTd5TmkzVv1xKdLSjuoPP5K8TH

*****************

C:\Users\Owner\AppData\Roaming\autostarter.exe => moved successfully
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk => moved successfully
C:\Users\Owner\AppData\Roaming\autostarter.exe => not found.
"HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\eybeig3d.default\extensions\iobitascsurfingprotection@iobit.com => path removed successfully
C:\Program Files\Common Files\Microsoft Shared => ":SJsVS89VlJFm0C1HOcUEIw" ADS removed successfully.
C:\ProgramData\Microsoft => ":Sj1PQj8df9zYIK5Is3aq" ADS removed successfully.
C:\ProgramData\Microsoft => ":Y4RPBejZ8jouzD5Ujh7q" ADS removed successfully.
"C:\Users\Owner\AppData\Local\Temporary Internet Files" => ":WTd5TmkzVv1xKdLSjuoPP5K8TH" ADS not found.

==== End of Fixlog 19:44:14 ====

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64
Ran by Owner (Administrator) on Mon 12/21/2015 at 19:49:15.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Owner\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_Owner (Task)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/21/2015 at 19:50:10.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:03 AM

Posted 23 December 2015 - 09:35 AM

Yes you can delete that file in SAFEMODE. Then let me know how the machine is running.

 

Please run FRST again and post the FRST.txt.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Spaceace

Spaceace
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 24 December 2015 - 02:14 PM

Thanks so much... seems to be cleared up. no pop up for a couple of days. Seems to be running better. 

 

Deleted loadit.exe in safe mode and it hasent returned.

 

Log from 12/24/15 is below.

 

 

Thank you again for all your assistance!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
Ran by Owner (administrator) on OWNER-PC130426 (24-12-2015 11:08:45)
Running from C:\Users\Owner\Desktop\Virus 2015
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(RME) C:\Windows\System32\firefaceusb.exe
(RME) C:\Windows\System32\TotalMixFX.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IObit) C:\Program Files (x86)\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [FirefaceUsbTray1] => C:\Windows\system32\firefaceusb.exe [91648 2013-05-22] (RME)
HKLM\...\Run: [FirefaceMixTray2] => C:\Windows\system32\TotalMixFX.exe [5417984 2013-05-22] (RME)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\...\MountPoints2: {7bd98a45-be33-11e2-80ec-806e6f6e6963} - D:\PC_Clickme.exe
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\...\MountPoints2: {858c1b64-1685-11e3-9fed-00224d7c7b24} - G:\setup.exe -a
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe [30720 2010-11-20] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9C660B52-B659-4163-8C02-97F709D13616}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1454793562-2284514846-3538862010-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\eybeig3d.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxps://www.yahoo.com/
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-12-14] (SurfRight B.V.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe [71832 2009-04-22] (SiSoftware) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 firefaceu64; C:\Windows\System32\drivers\fireface_usb_64.sys [100736 2013-05-22] (RME)
S3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25752 2012-05-16] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NIWinCDEmu; C:\Windows\System32\DRIVERS\NIWinCDEmu.sys [111696 2014-02-05] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-26] (CACE Technologies, Inc.)
R3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-09-17] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633552 2012-09-17] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390224 2012-09-17] (Paragon)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-24 11:02 - 2015-12-24 11:02 - 00000798 _____ C:\Users\Public\Desktop\Speccy.lnk
2015-12-24 11:02 - 2015-12-24 11:02 - 00000000 ____D C:\Program Files\Speccy
2015-12-23 22:29 - 2015-12-23 22:29 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TH2
2015-12-23 19:40 - 2015-12-23 19:41 - 00204894 _____ C:\Windows\ntbtlog.txt
2015-12-21 19:59 - 2015-12-22 22:21 - 00002904 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Owner
2015-12-21 19:53 - 2015-12-21 19:59 - 00000000 ____D C:\ProgramData\ProductData
2015-12-21 19:53 - 2015-12-21 19:53 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ProductData
2015-12-21 19:50 - 2015-12-21 19:50 - 00000780 _____ C:\Users\Owner\Desktop\JRT.txt
2015-12-21 19:45 - 2015-12-21 19:50 - 00000000 ____D C:\Users\Owner\Desktop\122115 to upload
2015-12-18 20:52 - 2015-12-18 20:56 - 00199050 _____ C:\TDSSKiller.3.1.0.9_18.12.2015_20.52.10_log.txt
2015-12-16 18:29 - 2015-12-21 19:44 - 00000000 ____D C:\Users\Owner\Desktop\FRST-OlderVersion
2015-12-14 19:58 - 2015-12-14 19:58 - 00000000 ____D C:\EEK
2015-12-14 19:45 - 2015-12-14 19:53 - 00000000 ____D C:\AdwCleaner
2015-12-13 22:33 - 2015-12-13 22:33 - 00000372 _____ C:\Users\Owner\Desktop\www.steinberg.net My Support.URL
2015-12-13 20:48 - 2015-12-24 11:08 - 00000000 ____D C:\FRST
2015-12-13 20:46 - 2015-12-24 11:08 - 00000000 ____D C:\Users\Owner\Desktop\Virus 2015
2015-12-13 15:28 - 2015-12-14 23:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-12-13 15:28 - 2015-12-13 15:28 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2015-12-13 15:28 - 2015-12-13 15:28 - 00000000 ____D C:\sh4ldr
2015-12-13 15:28 - 2015-12-13 15:28 - 00000000 _____ C:\autoexec.bat
2015-12-13 14:59 - 2015-12-13 14:59 - 00001316 _____ C:\Users\Public\Desktop\eLicenser Control Center.lnk
2015-12-12 21:46 - 2015-12-13 13:48 - 00002151 _____ C:\Users\Owner\AppData\Roaming\05_2013_CS
2015-11-30 18:33 - 2015-12-13 13:51 - 00000000 ____D C:\Users\Owner\Desktop\I5 install
2015-11-27 23:08 - 2015-11-27 23:08 - 00001016 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
2015-11-27 23:08 - 2015-11-27 23:08 - 00000000 __HDC C:\ProgramData\{9179C0A4-3D98-4B5D-B8BD-BD155B46E0DD}
2015-11-27 23:07 - 2015-11-27 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2015-11-27 23:06 - 2015-11-27 23:06 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-27 23:01 - 2015-11-27 23:03 - 507720043 _____ C:\Users\Owner\Downloads\Kontakt_5_551_PC.zip
2015-11-27 22:55 - 2015-11-27 22:55 - 00000000 __HDC C:\ProgramData\{819B8AD7-B373-48C0-B834-A141BB936919}
2015-11-27 22:31 - 2015-11-27 22:52 - 00000000 ____D C:\Users\Owner\Downloads\NI Session Horns
2015-11-27 15:55 - 2015-11-27 15:58 - 1201227574 _____ C:\Users\Owner\Downloads\TT265_EZX_Rock_WIN.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-24 11:05 - 2015-10-24 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-24 11:05 - 2009-07-13 20:45 - 00024496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-24 11:05 - 2009-07-13 20:45 - 00024496 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-24 11:04 - 2009-07-13 21:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-24 11:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-24 11:03 - 2013-05-22 09:51 - 02847753 _____ C:\IFRToolLog.txt
2015-12-24 10:58 - 2012-08-30 09:36 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-12-24 10:58 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-23 19:45 - 2013-06-23 16:53 - 00000016 _____ C:\Windows\SysWOW64\w3data.vss
2015-12-23 19:45 - 2013-06-23 16:53 - 00000016 _____ C:\Windows\SysWOW64\msvcsv60.dll
2015-12-23 19:45 - 2013-06-23 16:53 - 00000016 _____ C:\Windows\msocreg32.dat
2015-12-23 19:45 - 2013-06-23 16:53 - 00000016 _____ C:\Users\Owner\AppData\Roaming\msregsvv.dll
2015-12-23 19:45 - 2013-06-23 16:53 - 00000016 _____ C:\ProgramData\autobk.inc
2015-12-23 19:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows
2015-12-21 23:22 - 2014-02-17 20:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2015-12-21 20:35 - 2013-05-17 05:49 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2015-12-21 20:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-21 19:59 - 2015-10-30 18:46 - 00000000 ____D C:\Program Files (x86)\IObit Uninstaller
2015-12-20 14:24 - 2012-08-30 09:36 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-12-16 20:17 - 2015-09-08 19:51 - 00000000 ____D C:\Users\Owner\Desktop\K
2015-12-14 21:25 - 2015-09-09 20:10 - 00000193 _____ C:\Windows\WORDPAD.INI
2015-12-14 19:23 - 2009-07-13 21:08 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-13 14:59 - 2013-05-22 10:25 - 00000049 _____ C:\Windows\SysWOW64\SYNSOPOS.exe.cfg
2015-12-13 14:59 - 2013-05-22 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eLicenser
2015-12-13 14:59 - 2013-05-22 10:25 - 00000000 ____D C:\Program Files (x86)\eLicenser
2015-12-13 13:56 - 2014-12-26 13:35 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-13 13:52 - 2013-05-16 06:21 - 00000000 ____D C:\Users\Owner
2015-12-13 13:51 - 2015-10-30 18:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IObit
2015-12-13 13:51 - 2015-10-30 18:46 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\IObit
2015-12-13 13:51 - 2015-10-24 12:25 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IrfanView
2015-12-13 13:51 - 2014-12-26 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-13 13:51 - 2014-12-26 13:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-13 13:51 - 2011-04-12 00:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-13 13:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2015-12-13 13:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2015-12-05 16:03 - 2015-10-24 14:40 - 00000000 ____D C:\Users\Owner\Documents\Attachments
2015-11-29 14:59 - 2015-11-01 16:27 - 00000000 ____D C:\Users\Owner\AppData\Local\QuickPar
2015-11-27 23:07 - 2014-02-05 19:05 - 00000000 ____D C:\Program Files\Native Instruments
2015-11-27 21:55 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-11-25 17:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports

==================== Files in the root of some directories =======

2013-04-25 07:00 - 2013-04-25 07:00 - 1971200 _____ (Waves Audio Ltd.) C:\Program Files\WaveShell-VST 9.2_x64.dll
2013-04-25 07:00 - 2013-04-25 07:00 - 1495040 _____ (Waves Audio Ltd.) C:\Program Files (x86)\WaveShell-VST 9.2.dll
2015-12-12 21:46 - 2015-12-13 13:48 - 0002151 _____ () C:\Users\Owner\AppData\Roaming\05_2013_CS
2013-06-23 16:53 - 2015-12-23 19:45 - 0000016 _____ () C:\Users\Owner\AppData\Roaming\msregsvv.dll
2005-04-07 18:16 - 2015-10-30 19:47 - 0004951 ____H () C:\Users\Owner\AppData\Roaming\Ownerlog.dat
2013-05-17 06:42 - 2013-05-21 09:07 - 14184448 _____ () C:\Users\Owner\AppData\Roaming\Sandra.mdb
2015-10-31 11:12 - 2015-10-31 11:12 - 0000043 _____ () C:\Users\Owner\AppData\Roaming\url.txt
2015-10-31 13:07 - 2015-10-31 13:07 - 0003584 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-23 16:53 - 2015-12-23 19:45 - 0000016 _____ () C:\ProgramData\autobk.inc
2014-07-13 12:12 - 2014-07-13 12:12 - 0000389 _____ () C:\ProgramData\RUNDLL32.EXE-1400-F.txt
2014-07-13 12:08 - 2014-07-13 12:09 - 0002148 _____ () C:\ProgramData\RUNDLL32.EXE-1628-F.txt
2014-07-13 12:15 - 2014-07-13 12:16 - 0001178 _____ () C:\ProgramData\RUNDLL32.EXE-1920-F.txt
2014-07-13 12:24 - 2014-07-13 12:35 - 0001498 _____ () C:\ProgramData\RUNDLL32.EXE-3196-F.txt
2014-07-13 12:11 - 2014-07-13 12:12 - 0001559 _____ () C:\ProgramData\RUNDLL32.EXE-3264-F.txt
2014-07-13 12:42 - 2014-07-13 12:48 - 0004813 _____ () C:\ProgramData\RUNDLL32.EXE-3360-F.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-22 00:05

==================== End of FRST.txt ============================



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:03 AM

Posted 26 December 2015 - 11:20 AM

Lets make some final checks for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

2.

ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.

 

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:03 AM

Posted 28 December 2015 - 09:25 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Spaceace

Spaceace
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 28 December 2015 - 11:21 PM

Thank you. Not around much over the holiday.

 

Ran  as instructed, logs below.

 

System seems to be working well. No more pop ups.

 

Seems to always have somthing to do with my "Roaming" folder? (See quarintined log)

 

Please review logs and let me know.

 

 

Thanks again.

 

Kevin

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/28/2015
Scan Time: 7:10:11 PM
Logfile: 122815 mbam scan.txt
Administrator: Yes

Version: 2.02.0.1024
Malware Database: v2015.12.29.01
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 328276
Time Elapsed: 5 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.StolenData, C:\Users\Owner\AppData\Roaming\05_2013_CS, Quarantined, [6e67ecbe018aa393bbee44aee1226898],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

C:\FRST\Quarantine\C\Users\Owner\AppData\Roaming\autostarter.exe.xBAD    multiple threats    cleaned by deleting - quarantined
 



#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:03 AM

Posted 29 December 2015 - 08:02 PM

Hello,

Spaceace

.
Congratulations! You now appear clean! :cool:


Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix
  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore


  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:


green if it's safe
yellow for caution
red for unsafe
 


You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky.

======================

Download and install CryptoPrevent

Crypto Ransomware Warning

There are particularly nasty “Ransomware” infections out there at the moment that encrypt your files and the only way possible to get them “de-crypted” is to pay a ransome. You can read more about this here.
  • download CryptoPrevent
  • save the file to your Desktop and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This will launch the program once you click Finish
  • you will get a prompt asking if you purchased a Product Key for Automatic Updates. Click No
  • you will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to
  • click OK to continue and select your protection level. Go ahead and click OK.
  • click the Apply button to set Default protection
  • you may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.

You are now protected.

Note: The free version doesn't provide automatic updates but should be updated often, (at least weekly), as this infection has serious consequences. To update it manually, open the program, select the “Updates” menu then select Check for Updates to see if there are any available.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

Help! My computer is slow! by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users