Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PE_Rom.dll trojan - not sure if it's a false positive


  • This topic is locked This topic is locked
19 replies to this topic

#1 korlat

korlat

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 01 January 2016 - 06:31 PM

Hi

 

I started a thread in Am I infected? What do I do? and was asked to create anew thread here.

http://www.bleepingcomputer.com/forums/t/600889/pe-romdll-trojan-not-sure-if-its-a-false-positive/

 

I have a windows 7 operating system and have mcafee total protection as well as MBAM (malwarebytes anti-malware).

 

On startup of my machine and occasionally when running, mcafee informs me it has quarantined a trojan - Artemis! - 9E52F321A396. This file is continually re-created, and has been quarantined multiple times.

 

I don't know if this is a false positive or not.

 

Other points to note -

 

I see no other signs of an infection.

 

MBAM does not flag this file as a trojan.

 

The file is edited so that when i startup, the file size is 5109KB and then changed to a size of 1024KB - when the file size is 1024KB mcafee quarantines it.

 

I searched online and read other posts on this forum and believe the PE_Rom.dll file is related to my ASUS motherboard and the ASUS suite software i have installed.

 

If i run Asus ez update the file is changed back to a 5109KB size and the update appears to run ok (nothing requires updating)

 

I upload both files 1029KB and the 5109Kb to virus total - the 5109KB - 0/54 detection - the 1029Kb - 7/54 detection list of results where

- AVware - Trojan.Win32.Generic!BT

- Comodo - UnclassifiedMalware

- Mcafee - RDN/Generic.dx

- Mcafee-GW-Edition - RDN/Generix.dx

- Sophos - Mal/Generic-S

- Symantec - Trojan.Gen.SMH.2

- VIPRE - Trojan.Win32.Generic!BT

 

Does anyone know if this is a real infection or just a false positive? I searched a few of the register key locations where previous PE_rom.dll viruses created register keys and i see none of these.

 

Any help appreciated

 

Thanks

 

FRST.txt log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Luke (administrator) on LUKE-PC (01-01-2016 23:27:56)
Running from C:\Users\Luke\Desktop
Loaded Profiles: Luke (Available Profiles: Luke)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) F:\Games\Smite\HiPatchService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\DAODx.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
(Dropbox, Inc.) C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2699837047-3072591508-63386365-1000\...\MountPoints2: {f9868b56-03ac-11e4-b6d8-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Luke\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{D52F0593-9C4B-4CED-B1AB-BD37E43D51A6}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{D52F0593-9C4B-4CED-B1AB-BD37E43D51A6}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2699837047-3072591508-63386365-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2699837047-3072591508-63386365-1000 -> DefaultScope {A4668ECA-BCB6-4390-8825-AFD6645AE6ED} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=B011GB105D20140704&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2699837047-3072591508-63386365-1000 -> {A4668ECA-BCB6-4390-8825-AFD6645AE6ED} URL = hxxps://uk.search.yahoo.com/search?fr=mcafee&type=B011GB105D20140704&p={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-12-02] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Reverse Youtube Playlist) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhonbaagcobjdmbocblbebcmbmmbfmi [2015-11-10]
CHR Extension: (YouTube) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-26]
CHR Extension: (Google Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (SiteAdvisor) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-12-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Profile: C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-28]
CHR Extension: (Google Drive) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-28]
CHR Extension: (YouTube) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-28]
CHR Extension: (Google Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-28]
CHR Extension: (SiteAdvisor) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-12-28]
CHR Extension: (Google Docs Offline) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-28]
CHR Extension: (Gmail) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-03]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
R2 ASDiskUnlocker; C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe [262816 2012-06-18] (ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe [1632256 2012-11-09] (ASUSTeK Computer Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1225216 2015-10-09] ()
U2 HiPatchService; F:\Games\Smite\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 Origin Client Service; "F:\Origin\OriginClientService.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2014-07-04] (ASUSTek Computer Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 ASFLTDrv.sys; C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-15] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-09-29] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
R1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [42656 2012-06-01] (ASUSTeK Computer Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-01 23:27 - 2016-01-01 23:28 - 00023097 _____ C:\Users\Luke\Desktop\FRST.txt
2016-01-01 23:27 - 2016-01-01 23:27 - 00000000 ____D C:\FRST
2016-01-01 21:23 - 2016-01-01 21:23 - 02370560 _____ (Farbar) C:\Users\Luke\Desktop\FRST64.exe
2015-12-30 21:47 - 2015-06-09 18:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-12-30 21:47 - 2015-06-09 18:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-12-30 21:47 - 2015-06-03 20:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-12-30 21:47 - 2014-12-11 17:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-12-28 21:53 - 2015-12-28 21:53 - 00000000 ____D C:\Users\Luke\Documents\DeadIsland
2015-12-28 21:51 - 2015-12-28 21:51 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Arrowhead
2015-12-28 19:19 - 2015-12-28 19:19 - 00000000 ____D C:\Users\Luke\AppData\Local\GWX
2015-12-28 18:29 - 2015-12-28 18:30 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-28 18:29 - 2015-12-28 18:29 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-28 18:29 - 2015-12-28 18:29 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-12-28 18:29 - 2015-12-28 18:29 - 00000000 ____D C:\Windows\system32\appraiser
2015-12-28 18:29 - 2015-01-08 23:44 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2015-12-28 18:29 - 2015-01-08 23:43 - 00419936 _____ C:\Windows\system32\locale.nls
2015-12-28 18:26 - 2016-01-01 21:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-28 18:26 - 2015-12-28 18:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-28 18:26 - 2013-10-02 02:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-12-28 18:26 - 2013-10-02 02:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-12-28 18:26 - 2013-10-02 02:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-12-28 18:26 - 2013-10-02 01:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-12-28 18:26 - 2013-10-02 01:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-12-28 18:26 - 2013-10-02 01:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-12-28 18:26 - 2013-10-02 01:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-12-28 18:26 - 2013-10-02 00:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-12-28 18:26 - 2013-10-02 00:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-12-28 18:26 - 2013-10-02 00:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-12-28 18:26 - 2013-10-02 00:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-12-28 18:26 - 2013-10-01 23:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-12-28 18:26 - 2013-10-01 23:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-12-28 18:26 - 2013-10-01 23:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-12-28 18:26 - 2013-10-01 22:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-12-28 18:26 - 2013-10-01 20:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-12-28 18:26 - 2013-10-01 20:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-12-28 18:19 - 2012-08-23 14:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-12-28 18:19 - 2012-08-23 14:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-12-28 18:19 - 2012-08-23 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-12-28 18:19 - 2012-08-23 10:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-12-28 18:16 - 2012-07-26 03:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-12-28 18:16 - 2012-07-26 03:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-12-28 18:16 - 2012-07-26 03:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-12-28 18:16 - 2012-07-26 03:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-12-28 18:16 - 2012-07-26 03:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-12-28 18:16 - 2012-07-26 02:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-12-28 18:16 - 2012-07-26 02:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-12-28 18:16 - 2012-06-02 14:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-12-28 18:15 - 2014-06-27 02:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-12-28 18:15 - 2014-06-27 01:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-12-28 18:14 - 2015-11-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-28 18:14 - 2015-11-05 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-28 18:14 - 2015-10-29 17:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-12-28 18:14 - 2015-10-29 17:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-12-28 18:14 - 2015-10-29 17:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-12-28 18:14 - 2015-10-29 17:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-12-28 18:14 - 2015-10-29 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-12-28 18:14 - 2015-10-29 17:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-12-28 18:14 - 2015-10-29 17:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-12-28 18:14 - 2015-09-18 19:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-12-28 18:14 - 2015-09-18 19:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-12-28 18:14 - 2015-09-18 19:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-12-28 18:14 - 2015-09-18 19:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-12-28 18:14 - 2015-09-18 19:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-12-28 18:14 - 2015-09-18 19:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-12-28 18:14 - 2015-09-18 19:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-12-28 18:14 - 2015-08-05 17:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-12-28 18:14 - 2015-08-05 17:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-12-28 18:14 - 2015-07-23 00:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-12-28 18:14 - 2015-07-23 00:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-12-28 18:14 - 2015-07-23 00:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-12-28 18:14 - 2015-07-22 17:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-12-28 18:14 - 2015-07-22 17:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-12-28 18:14 - 2015-07-22 16:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-12-28 18:14 - 2015-07-18 13:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-12-28 18:14 - 2015-07-09 17:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-12-28 18:14 - 2015-07-09 17:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-12-28 18:14 - 2015-07-09 17:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-12-28 18:14 - 2015-07-09 17:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-12-28 18:14 - 2015-06-03 20:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-12-28 18:14 - 2015-06-03 20:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-12-28 18:14 - 2015-04-11 03:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-12-28 18:14 - 2014-10-30 02:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-12-28 18:14 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-12-28 18:14 - 2014-08-01 11:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-12-28 18:14 - 2014-08-01 11:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-12-28 18:14 - 2012-12-07 13:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-12-28 18:14 - 2012-12-07 13:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-12-28 18:14 - 2012-12-07 12:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2015-12-28 18:14 - 2012-12-07 12:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2015-12-28 18:14 - 2012-12-07 11:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2015-12-28 18:14 - 2012-12-07 11:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2015-12-28 18:14 - 2012-12-07 11:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2015-12-28 18:14 - 2012-12-07 11:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2015-12-28 18:14 - 2012-12-07 11:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2015-12-28 18:14 - 2012-12-07 11:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2015-12-28 18:14 - 2012-12-07 11:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2015-12-28 18:14 - 2012-12-07 11:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2015-12-28 18:14 - 2012-12-07 11:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2015-12-28 18:14 - 2012-12-07 11:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2015-12-28 18:14 - 2012-12-07 11:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2015-12-28 18:14 - 2012-12-07 11:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2015-12-28 18:14 - 2012-12-07 11:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2015-12-28 18:14 - 2012-12-07 11:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2015-12-28 18:14 - 2012-12-07 10:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2015-12-28 18:14 - 2012-12-07 10:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2015-12-28 18:14 - 2012-12-07 10:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2015-12-28 18:14 - 2012-12-07 10:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2015-12-28 18:14 - 2012-12-07 10:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2015-12-28 18:14 - 2012-12-07 10:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2015-12-28 18:14 - 2012-12-07 10:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2015-12-28 18:14 - 2012-12-07 10:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2015-12-28 18:14 - 2012-12-07 10:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2015-12-28 18:14 - 2012-12-07 10:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2015-12-28 18:14 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2015-12-28 18:14 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2015-12-28 18:14 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2015-12-28 18:14 - 2012-12-07 10:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2015-12-28 18:14 - 2011-12-30 06:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2015-12-28 18:14 - 2011-12-30 05:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2015-12-28 18:14 - 2011-03-11 06:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2015-12-28 18:14 - 2011-03-11 06:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2015-12-28 18:14 - 2011-03-11 06:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2015-12-28 18:14 - 2011-03-11 06:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2015-12-28 18:14 - 2011-03-11 06:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2015-12-28 18:14 - 2011-03-11 06:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-12-28 18:14 - 2011-03-11 06:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2015-12-28 18:14 - 2011-03-11 05:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-12-28 18:14 - 2011-03-11 05:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2015-12-28 18:14 - 2011-03-11 04:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-12-28 18:13 - 2015-08-27 18:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-12-28 18:13 - 2015-08-27 18:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-12-28 18:13 - 2015-08-27 18:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-12-28 18:13 - 2015-08-27 18:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-12-28 18:13 - 2015-08-27 17:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-12-28 18:13 - 2015-08-27 17:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-12-28 18:13 - 2015-08-27 17:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-12-28 18:13 - 2015-08-27 17:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-12-28 18:13 - 2015-06-25 10:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-12-28 18:13 - 2015-06-25 10:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-28 18:13 - 2015-06-25 10:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-12-28 18:13 - 2015-06-25 09:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-28 18:13 - 2015-05-25 18:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-12-28 18:13 - 2015-05-25 18:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-12-28 18:13 - 2015-05-25 18:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-12-28 18:13 - 2015-05-25 18:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-12-28 18:13 - 2015-05-25 18:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-12-28 18:13 - 2015-05-25 18:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-12-28 18:13 - 2015-05-25 18:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-12-28 18:13 - 2015-05-25 18:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-12-28 18:13 - 2015-05-25 18:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-12-28 18:13 - 2015-05-25 18:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-12-28 18:13 - 2015-05-25 18:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-12-28 18:13 - 2015-05-25 18:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-12-28 18:13 - 2015-04-27 19:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-12-28 18:13 - 2015-04-27 19:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-12-28 18:13 - 2015-04-27 19:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-12-28 18:13 - 2015-04-27 19:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-12-28 18:13 - 2015-04-27 19:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-12-28 18:13 - 2015-04-27 19:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-12-28 18:13 - 2015-04-27 19:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-12-28 18:13 - 2015-04-27 19:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-12-28 18:13 - 2015-01-29 03:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-12-28 18:13 - 2015-01-29 03:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-12-28 18:13 - 2015-01-09 03:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-12-28 18:13 - 2015-01-09 03:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-12-28 18:13 - 2015-01-09 03:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-12-28 18:13 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-12-28 18:13 - 2014-11-26 03:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-12-28 18:13 - 2014-11-26 03:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-12-28 18:13 - 2014-10-03 02:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-12-28 18:13 - 2014-10-03 02:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-12-28 18:13 - 2014-10-03 02:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-12-28 18:13 - 2014-10-03 02:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-12-28 18:13 - 2014-10-03 02:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-12-28 18:13 - 2014-10-03 01:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-12-28 18:13 - 2014-10-03 01:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-12-28 18:13 - 2014-10-03 01:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-12-28 18:13 - 2014-10-03 01:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-12-28 18:13 - 2014-10-03 01:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-12-28 18:13 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-12-28 18:13 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-12-28 18:13 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-12-28 18:13 - 2014-07-09 02:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-12-28 18:13 - 2014-07-09 02:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-12-28 18:13 - 2014-07-09 01:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-12-28 18:13 - 2014-07-09 01:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-12-28 18:13 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-12-28 18:13 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-12-28 18:13 - 2014-07-09 01:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-12-28 18:13 - 2014-02-04 02:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-12-28 18:13 - 2014-02-04 02:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-12-28 18:13 - 2014-02-04 02:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-12-28 18:13 - 2014-02-04 02:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-12-28 18:13 - 2014-02-04 02:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-12-28 18:13 - 2014-01-28 02:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-12-28 18:13 - 2013-12-04 02:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-12-28 18:13 - 2013-12-04 02:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-12-28 18:13 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-12-28 18:13 - 2013-12-04 02:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-12-28 18:13 - 2013-12-04 02:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-12-28 18:13 - 2013-12-04 02:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-12-28 18:13 - 2013-12-04 02:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-12-28 18:13 - 2013-12-04 02:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-12-28 18:13 - 2013-12-04 02:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-12-28 18:13 - 2013-12-04 02:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-12-28 18:13 - 2013-12-04 02:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-12-28 18:13 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-12-28 18:13 - 2013-12-04 02:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-12-28 18:13 - 2013-12-04 02:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-12-28 18:13 - 2013-12-04 01:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-12-28 18:13 - 2013-12-04 01:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-12-28 18:13 - 2013-12-04 01:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-12-28 18:13 - 2013-12-04 01:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-12-28 18:13 - 2013-10-30 02:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-12-28 18:13 - 2013-10-30 02:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-12-28 18:13 - 2013-10-04 02:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-12-28 18:13 - 2013-10-04 02:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-12-28 18:13 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-12-28 18:13 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-12-28 18:13 - 2013-08-05 02:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-12-28 18:13 - 2013-05-10 05:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-12-28 18:13 - 2013-05-10 03:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-12-28 18:13 - 2013-03-19 05:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-12-28 18:13 - 2012-10-09 18:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2015-12-28 18:13 - 2012-10-09 18:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2015-12-28 18:13 - 2012-10-09 17:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2015-12-28 18:13 - 2012-10-09 17:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2015-12-28 18:13 - 2012-10-03 17:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2015-12-28 18:13 - 2012-10-03 17:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2015-12-28 18:13 - 2012-10-03 17:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-12-28 18:13 - 2012-10-03 16:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2015-12-28 18:13 - 2012-10-03 16:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2015-12-28 18:13 - 2012-10-03 16:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-12-28 18:13 - 2012-08-21 21:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2015-12-28 18:13 - 2012-07-04 20:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2015-12-28 18:13 - 2012-01-04 10:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-12-28 18:13 - 2012-01-04 08:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2015-12-28 18:13 - 2011-06-16 05:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2015-12-28 18:13 - 2011-06-16 04:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2015-12-28 18:13 - 2011-05-04 05:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-12-28 18:13 - 2011-05-04 05:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-12-28 18:13 - 2011-05-04 05:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-12-28 18:13 - 2011-05-04 05:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-12-28 18:13 - 2011-05-04 05:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-12-28 18:13 - 2011-05-04 05:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2015-12-28 18:13 - 2011-05-04 05:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-12-28 18:13 - 2011-05-04 05:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-12-28 18:13 - 2011-05-04 05:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2015-12-28 18:13 - 2011-05-04 04:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-12-28 18:13 - 2011-05-04 04:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-12-28 18:13 - 2011-05-04 04:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-12-28 18:13 - 2011-05-04 04:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-12-28 18:13 - 2011-05-04 04:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2015-12-28 18:13 - 2011-05-04 04:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2015-12-28 18:13 - 2011-05-04 04:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-12-28 18:13 - 2011-05-04 04:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-12-28 18:13 - 2011-05-04 04:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2015-12-28 18:11 - 2011-02-18 10:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2015-12-28 18:11 - 2011-02-18 05:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2015-12-28 18:08 - 2014-01-24 02:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-12-28 18:06 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-12-28 18:06 - 2013-01-24 06:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-12-28 17:29 - 2015-12-28 17:29 - 00001051 _____ C:\Users\Luke\Desktop\mbam2.txt
2015-12-28 17:24 - 2015-12-28 17:24 - 00001051 _____ C:\Users\Luke\Desktop\mbam1.txt
2015-12-28 17:15 - 2015-12-30 21:42 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-28 17:15 - 2015-12-28 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-28 17:15 - 2015-12-28 17:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-28 17:15 - 2015-12-28 17:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-28 17:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-28 17:15 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-28 17:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-28 16:50 - 2015-12-28 16:50 - 00000000 ____D C:\Windows\pss
2015-12-28 16:33 - 2015-12-28 18:31 - 00066040 _____ C:\Users\Luke\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-28 16:32 - 2015-12-28 16:32 - 00003266 _____ C:\Windows\System32\Tasks\{D5ED8D8D-3A97-4127-B5C6-2996EC4B9FB6}
2015-12-27 14:14 - 2015-12-27 14:14 - 00091794 _____ C:\Users\Luke\Desktop\Print your order.pdf
2015-12-19 15:38 - 2015-12-19 15:38 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-10 23:17 - 2015-11-20 18:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-10 23:17 - 2015-11-20 18:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-10 23:17 - 2015-11-20 18:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-10 23:17 - 2015-11-20 18:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-10 23:17 - 2015-11-20 18:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-10 23:17 - 2015-11-20 18:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-10 23:17 - 2015-11-20 18:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-10 23:17 - 2015-11-20 18:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-10 23:17 - 2015-11-20 18:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-10 23:17 - 2015-11-20 18:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-10 23:17 - 2015-11-20 18:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-10 23:17 - 2015-11-20 18:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-10 23:17 - 2015-11-20 18:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-10 23:17 - 2015-11-20 18:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-10 23:17 - 2015-11-20 18:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-10 23:17 - 2015-11-20 18:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-10 23:17 - 2015-11-11 21:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-10 23:17 - 2015-11-11 20:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-10 23:17 - 2015-11-11 18:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-10 23:17 - 2015-11-11 18:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-10 23:17 - 2015-11-11 18:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-10 23:17 - 2015-11-11 18:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-10 23:17 - 2015-11-11 16:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-10 23:17 - 2015-11-11 16:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-10 23:17 - 2015-11-11 15:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-10 23:17 - 2015-11-11 15:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-10 23:17 - 2015-11-11 15:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-10 23:17 - 2015-11-11 15:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-10 23:17 - 2015-11-11 14:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-10 23:17 - 2015-11-10 18:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-10 23:17 - 2015-11-10 18:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-10 23:17 - 2015-11-10 18:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-10 23:17 - 2015-11-10 18:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-10 23:17 - 2015-11-10 18:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-10 23:17 - 2015-11-10 17:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-10 23:17 - 2015-11-10 00:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-10 23:17 - 2015-11-10 00:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-10 23:17 - 2015-11-10 00:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-10 23:17 - 2015-11-10 00:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-10 23:17 - 2015-11-10 00:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-10 23:17 - 2015-11-10 00:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-10 23:17 - 2015-11-10 00:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-10 23:17 - 2015-11-10 00:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-10 23:17 - 2015-11-10 00:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-10 23:17 - 2015-11-10 00:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-10 23:17 - 2015-11-10 00:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-10 23:17 - 2015-11-10 00:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-10 23:17 - 2015-11-10 00:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-10 23:17 - 2015-11-09 23:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-10 23:17 - 2015-11-09 23:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-10 23:17 - 2015-11-09 23:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-10 23:17 - 2015-11-09 23:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-10 23:17 - 2015-11-09 23:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-10 23:17 - 2015-11-09 23:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-10 23:17 - 2015-11-09 23:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-10 23:17 - 2015-11-09 23:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-10 23:17 - 2015-11-09 23:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-10 23:17 - 2015-11-09 23:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-10 23:17 - 2015-11-09 23:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-10 23:17 - 2015-11-08 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-10 23:17 - 2015-11-08 22:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-10 23:17 - 2015-11-08 22:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-10 23:17 - 2015-11-08 22:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-10 23:17 - 2015-11-08 22:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-10 23:17 - 2015-11-08 22:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-10 23:17 - 2015-11-08 22:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-10 23:17 - 2015-11-08 22:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-10 23:17 - 2015-11-08 22:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-10 23:17 - 2015-11-08 22:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-10 23:17 - 2015-11-08 22:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-10 23:17 - 2015-11-08 22:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-10 23:17 - 2015-11-08 22:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-10 23:17 - 2015-11-08 22:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-10 23:17 - 2015-11-08 22:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-10 23:17 - 2015-11-08 22:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-10 23:17 - 2015-11-08 21:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-10 23:17 - 2015-11-08 21:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-10 23:17 - 2015-11-08 21:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-10 23:17 - 2015-11-08 21:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-10 23:17 - 2015-11-08 21:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-10 23:17 - 2015-11-08 21:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-10 23:17 - 2015-11-08 21:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-10 23:17 - 2015-11-08 21:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-10 23:17 - 2015-11-08 21:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-10 23:17 - 2015-11-08 21:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-10 23:17 - 2015-11-08 21:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-10 23:17 - 2015-11-08 21:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-10 23:17 - 2015-11-08 20:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-10 23:17 - 2015-11-08 20:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-10 23:17 - 2015-11-08 20:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-10 23:17 - 2015-11-05 19:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-10 23:17 - 2015-11-05 19:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-10 23:17 - 2015-11-05 09:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-10 23:17 - 2015-11-03 19:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-10 23:17 - 2015-11-03 19:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-10 23:17 - 2015-11-03 18:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-10 23:17 - 2015-11-03 18:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-02 20:17 - 2016-01-01 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-12-02 20:17 - 2016-01-01 21:17 - 00000000 __RSD C:\Users\Luke\Documents\McAfee Vaults
2015-12-02 20:17 - 2015-09-29 02:27 - 00076064 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\McPvDrv.sys
2015-12-02 20:17 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-12-02 20:16 - 2015-12-23 19:16 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-12-02 20:16 - 2015-12-22 20:21 - 00003080 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-12-02 20:16 - 2015-12-02 21:16 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-12-02 20:16 - 2015-12-02 20:17 - 00000000 ____D C:\Program Files\McAfee
2015-12-02 20:16 - 2015-12-02 20:16 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2015-12-02 20:16 - 2015-12-02 20:16 - 00000000 ____D C:\Program Files\McAfee.com
2015-12-02 20:16 - 2015-12-02 20:16 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-02 20:16 - 2015-12-02 20:16 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2015-12-02 20:16 - 2015-09-23 09:43 - 00497888 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2015-12-02 20:16 - 2015-09-23 09:43 - 00244544 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2015-12-02 20:16 - 2015-09-23 09:43 - 00080760 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
2015-12-02 20:13 - 2015-12-22 20:20 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-12-02 20:13 - 2015-09-23 09:43 - 00841944 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2015-12-02 20:13 - 2015-09-23 09:43 - 00415976 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeaack.sys
2015-12-02 20:13 - 2015-09-23 09:43 - 00351120 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2015-12-02 20:13 - 2015-09-21 13:33 - 00256840 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-01 23:27 - 2014-07-04 20:05 - 00000000 ____D C:\Users\Luke\AppData\Roaming\TS3Client
2016-01-01 23:27 - 2009-07-14 03:20 - 00000000 ____D C:\Windows
2016-01-01 23:19 - 2015-05-21 19:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d093f997ba4d9c.job
2016-01-01 23:13 - 2014-07-04 19:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-01 21:26 - 2009-07-14 04:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-01 21:26 - 2009-07-14 04:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-01 21:20 - 2009-07-14 05:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-01 21:20 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-01-01 21:14 - 2015-02-20 18:24 - 00000000 ___RD C:\Users\Luke\Dropbox
2016-01-01 21:14 - 2015-02-20 18:23 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Dropbox
2016-01-01 21:14 - 2014-11-14 20:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0004592af4f21.job
2016-01-01 21:14 - 2014-07-04 19:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-01 21:14 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-30 01:35 - 2014-07-04 19:22 - 00766336 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-12-29 22:54 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\AppCompat
2015-12-28 19:48 - 2014-07-04 20:37 - 00000000 ____D C:\Users\Luke\AppData\Local\McAfee File Lock
2015-12-28 18:30 - 2009-07-14 04:45 - 00295640 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-28 18:29 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\tracing
2015-12-28 18:29 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-12-28 18:29 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\Dism
2015-12-28 18:29 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-12-28 18:29 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-12-28 18:27 - 2014-12-27 16:45 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-28 18:27 - 2014-11-29 11:12 - 00000000 ____D C:\Users\Luke\AppData\Local\Adobe
2015-12-28 18:26 - 2014-11-29 11:13 - 00000000 ____D C:\ProgramData\Adobe
2015-12-28 18:20 - 2014-07-04 20:03 - 00000000 ____D C:\Program Files (x86)\Razer
2015-12-28 18:18 - 2014-07-04 19:59 - 00000000 _____ C:\Windows\Path.idx
2015-12-28 16:33 - 2015-02-20 18:59 - 00000000 ___RD C:\Users\Luke\iCloudDrive
2015-12-28 16:31 - 2014-07-04 19:15 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2015-12-28 15:48 - 2015-06-21 11:38 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2699837047-3072591508-63386365-1000Core.job
2015-12-12 20:20 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2015-12-11 21:32 - 2014-07-04 20:29 - 00000000 ____D C:\ProgramData\McAfee
2015-12-10 23:24 - 2014-07-06 11:23 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 23:20 - 2014-07-06 11:23 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-05 12:14 - 2015-05-21 19:08 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d093f997ba4d9c
2015-12-05 12:14 - 2014-11-14 20:00 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0004592af4f21
 
==================== Files in the root of some directories =======
 
2014-08-20 17:44 - 2014-08-20 17:44 - 0000017 _____ () C:\Users\Luke\AppData\Local\resmon.resmoncfg
2014-07-04 19:23 - 2014-07-04 19:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Luke\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-64bit.exe
C:\Users\Luke\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpklixxm.dll
C:\Users\Luke\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe
C:\Users\Luke\AppData\Local\Temp\HiRezLauncherControls.dll
C:\Users\Luke\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Luke\AppData\Local\Temp\LOCK220.exe
C:\Users\Luke\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Luke\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Luke\AppData\Local\Temp\raptrpatch.exe
C:\Users\Luke\AppData\Local\Temp\raptr_stub.exe
C:\Users\Luke\AppData\Local\Temp\swt-win32-3349.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-22 09:03
 
==================== End of FRST.txt ============================
 
Attached File  Addition.txt   59.73KB   3 downloads


BC AdBot (Login to Remove)

 


#2 korlat

korlat
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 01 January 2016 - 06:38 PM

Just a point to add, since running that scan I have installed a windows critical security update

Security Update for Windows 7 for x64-based Systems (KB3075226)

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 02 January 2016 - 10:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
S3 Origin Client Service; "F:\Origin\OriginClientService.exe" [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

The file PE_Rom.dl has been Whitelisted my McAfee.

https://community.mcafee.com/thread/86834?start=20&tstart=0

Check the answer in this message vinoo Nov 5, 2015 2:24 PM
vinoo Nov 5, 2015 2:24 PM

I sugges you inform Malwatebytes of this Fasle positive.
https://support.malwarebytes.org/customer/portal/articles/1834840-how-can-i-submit-files-to-malwarebytes-that-are-not-being-detected-?b_id=6438

#4 korlat

korlat
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 02 January 2016 - 11:16 AM

Hi nasdaq

 

I'm not at my computer at the moment but will follow the instructions you provided in regards to FRST as soon as possible, and post the logs.

 

In regards to the file being whitelisted by McAfee (the link you provided), I had found this post and was not convinced this is the same file (although it is named the same).

This is for 2 reasons, firstly my McAfee is up-to-date and therefore if the file had been whitelisted back in November it would no longer be picked up and quarantined (I assumed).

Secondly the thread contains a post where the file MD5 and SHA1 Hash was provided (https://community.mcafee.com/message/397106#397106) and although I don't have it now the hash I generated of my file did not match this. It may be that the 5109KB files hash would match, but the hash I generated on the 1024KB sized file did not, making me believe this was not the same file the original poster had encountered.

 

As to informing Malwarebytes about the false positive I'm not sure why I would take this step, if it is a false positive then Malawarebytes does not currently flag it up as malware (as I stated in my original post) and therefore is behaving and identifying the file correctly.

 

Thanks



#5 korlat

korlat
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 02 January 2016 - 01:23 PM

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Luke (2016-01-02 18:20:18) Run:1
Running from C:\Users\Luke\Desktop
Loaded Profiles: Luke (Available Profiles: Luke)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
S3 Origin Client Service; "F:\Origin\OriginClientService.exe" [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
Origin Client Service => service removed successfully
EmptyTemp: => 1.4 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 18:20:34 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 02 January 2016 - 03:36 PM

mcafee informs me it has quarantined a trojan - Artemis! - 9E52F321A396.


Sorry I should have checked this statement. I had in my mind that MBAM was reporting it. A senior moment!
===


Please run the Farbar Recovery Scan Tool. Enter PE_Rom.dll in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

<<<>>>

#7 korlat

korlat
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 02 January 2016 - 04:00 PM

No problems

 

I have run the scan as you asked, I did it three times to try and capture the most information.

1st run is when my machine has been running for a while and McAfee has quarantined the file. - no file found

2nd run is when i released the file from quarantine and disabled real-time-scanning then ran FRST

3rd run is after a restart when i manually ran the ASUS update which appears to replace possible infected file (1029KB size) with a larger file that does not get quarantined by McAfee

 

1st

 

Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Luke (2016-01-02 20:42:30)
Running from C:\Users\Luke\Desktop
Boot Mode: Normal
 
================== Search Files: "PE_Rom.dll" =============
 
====== End of Search ======
 
2nd
 
Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Luke (2016-01-02 20:48:47)
Running from C:\Users\Luke\Desktop
Boot Mode: Normal
 
================== Search Files: "PE_Rom.dll" =============
 
C:\Windows\PE_Rom.dll
[2016-01-02 20:48][2016-01-02 18:22] 1048576 ____A () 9E52F321A396169BD6ACAC593DEDD72F [File not signed]
 
====== End of Search ======
 
3rd
 
Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Luke (2016-01-02 20:53:54)
Running from C:\Users\Luke\Desktop
Boot Mode: Normal
 
================== Search Files: "PE_Rom.dll" =============
 
C:\Windows\PE_Rom.dll
[2016-01-02 20:53][2016-01-02 20:53] 5314528 ____A () AEEF04F7AB6B126FF5D2C8DA4A214196 [File not signed]
 
====== End of Search ======
 
Hope that helps


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 03 January 2016 - 08:25 AM

Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by Luke (2016-01-02 20:48:47)
Running from C:\Users\Luke\Desktop
Boot Mode: Normal

================== Search Files: "PE_Rom.dll" =============

C:\Windows\PE_Rom.dll
[2016-01-02 20:48][2016-01-02 18:22] 1048576 ____A () 9E52F321A396169BD6ACAC593DEDD72F [File not signed]


This file with the MD5 in bold was malware
https://www.virustotal.com/en/analisis//file/8a748e762d9d10175eab9f7953669a7d86e30dd0c9e6acba150b44e0bb756667/analysis/

For the latest one I do not get any hit.

I think you solve the problem.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 korlat

korlat
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 03 January 2016 - 08:55 AM

Hi nasdaq

 

I don't think I have solved my problem, just identified one of the issues/affected files.

 

The link to virustotal is from my own upload a few days ago when I was first investigating the malaware.

 

The problem is that the file is continually recreated on startup and (I think occasionally when machine is running), therefore something else other than this file (but still related) must still be on my machine and is recreating the file.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 03 January 2016 - 09:59 AM

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please paste the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Wait for further instructions.

#11 korlat

korlat
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 03 January 2016 - 10:46 AM

TDSS killer log

 

15:28:30.0036 0x0fec  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
15:28:30.0036 0x0fec  UEFI system
15:28:34.0389 0x0fec  ============================================================
15:28:34.0389 0x0fec  Current date / time: 2016/01/03 15:28:34.0389
15:28:34.0389 0x0fec  SystemInfo:
15:28:34.0389 0x0fec  
15:28:34.0389 0x0fec  OS Version: 6.1.7601 ServicePack: 1.0
15:28:34.0389 0x0fec  Product type: Workstation
15:28:34.0389 0x0fec  ComputerName: LUKE-PC
15:28:34.0389 0x0fec  UserName: Luke
15:28:34.0389 0x0fec  Windows directory: C:\Windows
15:28:34.0389 0x0fec  System windows directory: C:\Windows
15:28:34.0389 0x0fec  Running under WOW64
15:28:34.0389 0x0fec  Processor architecture: Intel x64
15:28:34.0389 0x0fec  Number of processors: 8
15:28:34.0389 0x0fec  Page size: 0x1000
15:28:34.0389 0x0fec  Boot type: Normal boot
15:28:34.0389 0x0fec  ============================================================
15:28:34.0465 0x0fec  KLMD registered as C:\Windows\system32\drivers\77529076.sys
15:28:34.0577 0x0fec  System UUID: {AD264C2F-99A3-3F75-3D7D-93416A661A7F}
15:28:35.0151 0x0fec  Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:28:35.0161 0x0fec  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:28:35.0171 0x0fec  ============================================================
15:28:35.0171 0x0fec  \Device\Harddisk0\DR0:
15:28:35.0171 0x0fec  GPT partitions:
15:28:35.0172 0x0fec  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {B23DA747-5F21-4141-9C47-A37BA6736978}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
15:28:35.0172 0x0fec  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {9028CB5E-A06C-4136-9BDF-7E9D20DC3EDA}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
15:28:35.0172 0x0fec  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {9D7FFCCE-D58E-49BF-A88D-444DD4CB7F04}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xEE09800
15:28:35.0172 0x0fec  MBR partitions:
15:28:35.0172 0x0fec  \Device\Harddisk1\DR1:
15:28:35.0172 0x0fec  MBR partitions:
15:28:35.0172 0x0fec  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
15:28:35.0172 0x0fec  ============================================================
15:28:35.0173 0x0fec  C: <-> \Device\Harddisk0\DR0\Partition3
15:28:35.0204 0x0fec  F: <-> \Device\Harddisk1\DR1\Partition1
15:28:35.0204 0x0fec  ============================================================
15:28:35.0204 0x0fec  Initialize success
15:28:35.0204 0x0fec  ============================================================
15:28:52.0172 0x0208  ============================================================
15:28:52.0172 0x0208  Scan started
15:28:52.0172 0x0208  Mode: Manual; 
15:28:52.0172 0x0208  ============================================================
15:28:52.0172 0x0208  KSN ping started
15:28:54.0583 0x0208  KSN ping finished: true
15:28:54.0895 0x0208  ================ Scan system memory ========================
15:28:54.0895 0x0208  System memory - ok
15:28:54.0896 0x0208  ================ Scan services =============================
15:28:54.0934 0x0208  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:28:54.0938 0x0208  1394ohci - ok
15:28:54.0956 0x0208  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:28:54.0962 0x0208  ACPI - ok
15:28:54.0965 0x0208  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:28:54.0965 0x0208  AcpiPmi - ok
15:28:54.0971 0x0208  [ 5DB2C6B908C50767E2EDAA294A7566B5, 13AE4879D679BB0C6B2A5A5B13910359815A9D2E569BC1DE740B5A387A78CF33 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:28:54.0973 0x0208  AdobeARMservice - ok
15:28:54.0984 0x0208  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:28:54.0991 0x0208  adp94xx - ok
15:28:55.0000 0x0208  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:28:55.0006 0x0208  adpahci - ok
15:28:55.0012 0x0208  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:28:55.0015 0x0208  adpu320 - ok
15:28:55.0020 0x0208  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:28:55.0022 0x0208  AeLookupSvc - ok
15:28:55.0034 0x0208  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
15:28:55.0042 0x0208  AFD - ok
15:28:55.0046 0x0208  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:28:55.0048 0x0208  agp440 - ok
15:28:55.0070 0x0208  [ 4BFB41025FA1C37205EDEEFDE36F7771, EA171520C0C8DAFA3D656EC4815393F77096C1E22EC9F39756B52D1565483102 ] AiChargerPlus   C:\Windows\syswow64\drivers\AiChargerPlus.sys
15:28:55.0071 0x0208  AiChargerPlus - ok
15:28:55.0075 0x0208  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:28:55.0077 0x0208  ALG - ok
15:28:55.0080 0x0208  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:28:55.0081 0x0208  aliide - ok
15:28:55.0088 0x0208  [ 606C8F129FE18D6E3EA2FD542D43D72D, 1BDB9B1C3C8345429FFF25189DCA16F4174F29B5C5DFD5AEB5C277CD4E6EBCA8 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:28:55.0092 0x0208  AMD External Events Utility - ok
15:28:55.0102 0x0208  [ B12D8F8A42080B955D027EE56F5BD1C3, AA4763AF1D77F7F1FF3BFEC5B800E7E38F954C1488B19ED645B04FEC4D771A1C ] AMD FUEL Service C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
15:28:55.0107 0x0208  AMD FUEL Service - ok
15:28:55.0111 0x0208  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:28:55.0111 0x0208  amdide - ok
15:28:55.0115 0x0208  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
15:28:55.0116 0x0208  AmdK8 - ok
15:28:55.0119 0x0208  amdkmdag - ok
15:28:55.0133 0x0208  [ C0C27A1094F6EA978FB2CAACFDE0E594, 9B481D55ED3D55A975CB1EB32DD0DB9AD032D592585A5799F81918EFB7843AAE ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
15:28:55.0143 0x0208  amdkmdap - ok
15:28:55.0148 0x0208  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:28:55.0149 0x0208  AmdPPM - ok
15:28:55.0154 0x0208  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:28:55.0156 0x0208  amdsata - ok
15:28:55.0162 0x0208  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
15:28:55.0165 0x0208  amdsbs - ok
15:28:55.0168 0x0208  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:28:55.0169 0x0208  amdxata - ok
15:28:55.0173 0x0208  [ EE4797DFEBBE8ACDB548DD8E80BE0A88, 9D56F835A5A9C045829EDFB546379E3448C9E539E5C2608B559DE4D052FEC769 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
15:28:55.0175 0x0208  amd_sata - ok
15:28:55.0178 0x0208  [ D56EAD71A86FD2ACAE2DB47D0A6A3A41, 2E5E6D0E00D25765CC8B9997B26DE43F305966BFA518CB72EA7CA77152001726 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
15:28:55.0179 0x0208  amd_xata - ok
15:28:55.0182 0x0208  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:28:55.0183 0x0208  AODDriver4.3 - ok
15:28:55.0187 0x0208  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
15:28:55.0189 0x0208  AppID - ok
15:28:55.0192 0x0208  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:28:55.0193 0x0208  AppIDSvc - ok
15:28:55.0197 0x0208  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
15:28:55.0199 0x0208  Appinfo - ok
15:28:55.0206 0x0208  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:28:55.0207 0x0208  Apple Mobile Device Service - ok
15:28:55.0214 0x0208  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:28:55.0218 0x0208  AppMgmt - ok
15:28:55.0222 0x0208  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
15:28:55.0224 0x0208  arc - ok
15:28:55.0228 0x0208  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:28:55.0230 0x0208  arcsas - ok
15:28:55.0249 0x0208  [ 31E2470E61D5A390405BA41C279D8446, ADA2518DCB78529F716622E45775283CBBB8CA61A4E90B99C2D799C23C8AFCAA ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
15:28:55.0266 0x0208  asComSvc - ok
15:28:55.0275 0x0208  [ 579D97BC00C7AB95A173FEF85A53512A, ED0A22C18A80999543036C34632B81C9876900F0052891EB6BEFCB46A0F3E253 ] ASDiskUnlocker  C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe
15:28:55.0280 0x0208  ASDiskUnlocker - ok
15:28:55.0282 0x0208  [ 2921131F9A111FD6C6D2C5E1E5B6B75C, 291642E756A27B4FE010A44446192E8169F7BDE35D84BFDB3282DF0394EF908E ] ASFLTDrv.sys    C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASFLTDrv64.sys
15:28:55.0283 0x0208  ASFLTDrv.sys - ok
15:28:55.0303 0x0208  [ 0466B91EE5767A769E9F8EDB8EF94DDB, 04A529E57D6F617688B072B3BD281538B6B02BB985EE0AE2E355E685E52BE0C8 ] asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
15:28:55.0320 0x0208  asHmComSvc - ok
15:28:55.0325 0x0208  [ 798DE15F187C1F013095BBBEB6FB6197, 436CCAB6F62FA2D29827916E054ADE7ACAE485B3DE1D3E5C6C62D3DEBF1480E7 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
15:28:55.0326 0x0208  AsIO - ok
15:28:55.0331 0x0208  [ 7D6179DB30EE10500D9570BC6FD5FDBA, 4C43A6C295E61C7BF41FCC34821C579B1C3249B73CA3A45D91EAF4E122286C0A ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
15:28:55.0333 0x0208  asmthub3 - ok
15:28:55.0343 0x0208  [ F5DAC44918FC38F6416CAFC7E3CC3190, 2D5458810266BF49B7819920F18D4295A9CDE18922BC47FE37B2742F29D43189 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
15:28:55.0350 0x0208  asmtxhci - ok
15:28:55.0363 0x0208  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:28:55.0367 0x0208  aspnet_state - ok
15:28:55.0372 0x0208  [ AD8947D621FDCA48F1F39F4624B60AA1, D685CD1A378FA411EA11C18615A1EC5D66CEC2F990DB0D4181EE3140B9DF3E8B ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
15:28:55.0376 0x0208  AsSysCtrlService - ok
15:28:55.0379 0x0208  [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
15:28:55.0380 0x0208  AsUpIO - ok
15:28:55.0411 0x0208  [ FEB2ED40421C54040BC11380272CADDC, 0B93B4879FDE3E6A8766420B112914D629F8628764AE33612ED87A6891DA63E2 ] AsusFanControlService C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
15:28:55.0436 0x0208  AsusFanControlService - ok
15:28:55.0443 0x0208  [ A5E4CDB420540095D1293C874B5F89AA, EBC082FF94872537649F00D91AF22E0AFB4D538ACDB4731C9A95D209C7B144FD ] ASUSFILTER      C:\Windows\syswow64\drivers\ASUSFILTER.sys
15:28:55.0444 0x0208  ASUSFILTER - ok
15:28:55.0447 0x0208  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:28:55.0448 0x0208  AsyncMac - ok
15:28:55.0451 0x0208  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:28:55.0452 0x0208  atapi - ok
15:28:55.0457 0x0208  [ F270AFC3848C54C67E3BFB892CE9B9C6, BF5F087D2677E8D75DB34335B54496A3C3AFBCE5A019C52B9EB2B1D19A0803B1 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:28:55.0459 0x0208  AtiHDAudioService - ok
15:28:55.0474 0x0208  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:28:55.0486 0x0208  AudioEndpointBuilder - ok
15:28:55.0500 0x0208  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:28:55.0511 0x0208  AudioSrv - ok
15:28:55.0517 0x0208  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:28:55.0520 0x0208  AxInstSV - ok
15:28:55.0531 0x0208  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
15:28:55.0538 0x0208  b06bdrv - ok
15:28:55.0546 0x0208  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:28:55.0551 0x0208  b57nd60a - ok
15:28:55.0556 0x0208  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:28:55.0559 0x0208  BDESVC - ok
15:28:55.0561 0x0208  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:28:55.0562 0x0208  Beep - ok
15:28:55.0587 0x0208  [ 12A7660F0666033B98510A1C45EE0C34, 280350B3E960479A0CE4848916804950CF241846162955EB9D12E725CFF0ADD7 ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
15:28:55.0609 0x0208  BEService - ok
15:28:55.0626 0x0208  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:28:55.0639 0x0208  BFE - ok
15:28:55.0660 0x0208  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:28:55.0676 0x0208  BITS - ok
15:28:55.0682 0x0208  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:28:55.0683 0x0208  blbdrive - ok
15:28:55.0694 0x0208  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:28:55.0701 0x0208  Bonjour Service - ok
15:28:55.0706 0x0208  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:28:55.0708 0x0208  bowser - ok
15:28:55.0711 0x0208  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
15:28:55.0712 0x0208  BrFiltLo - ok
15:28:55.0714 0x0208  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
15:28:55.0715 0x0208  BrFiltUp - ok
15:28:55.0719 0x0208  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:28:55.0722 0x0208  Browser - ok
15:28:55.0730 0x0208  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:28:55.0735 0x0208  Brserid - ok
15:28:55.0738 0x0208  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:28:55.0739 0x0208  BrSerWdm - ok
15:28:55.0742 0x0208  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:28:55.0743 0x0208  BrUsbMdm - ok
15:28:55.0745 0x0208  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:28:55.0746 0x0208  BrUsbSer - ok
15:28:55.0750 0x0208  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:28:55.0751 0x0208  BTHMODEM - ok
15:28:55.0757 0x0208  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:28:55.0759 0x0208  bthserv - ok
15:28:55.0762 0x0208  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:28:55.0764 0x0208  cdfs - ok
15:28:55.0770 0x0208  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:28:55.0772 0x0208  cdrom - ok
15:28:55.0777 0x0208  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:28:55.0779 0x0208  CertPropSvc - ok
15:28:55.0785 0x0208  [ D7BB4B5C3339D23901BD6265171918D5, 77F8BD68ED0DC6F5B248A98B424D2F22CDA7EDF515F3B1F6BA02B4FC8BE84DF6 ] cfwids          C:\Windows\system32\drivers\cfwids.sys
15:28:55.0786 0x0208  cfwids - ok
15:28:55.0789 0x0208  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:28:55.0790 0x0208  circlass - ok
15:28:55.0800 0x0208  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
15:28:55.0805 0x0208  CLFS - ok
15:28:55.0811 0x0208  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:28:55.0814 0x0208  clr_optimization_v2.0.50727_32 - ok
15:28:55.0820 0x0208  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:28:55.0823 0x0208  clr_optimization_v2.0.50727_64 - ok
15:28:55.0833 0x0208  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:28:55.0842 0x0208  clr_optimization_v4.0.30319_32 - ok
15:28:55.0847 0x0208  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:28:55.0853 0x0208  clr_optimization_v4.0.30319_64 - ok
15:28:55.0856 0x0208  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
15:28:55.0857 0x0208  CmBatt - ok
15:28:55.0860 0x0208  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:28:55.0861 0x0208  cmdide - ok
15:28:55.0871 0x0208  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:28:55.0879 0x0208  CNG - ok
15:28:55.0883 0x0208  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:28:55.0884 0x0208  Compbatt - ok
15:28:55.0887 0x0208  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:28:55.0889 0x0208  CompositeBus - ok
15:28:55.0891 0x0208  COMSysApp - ok
15:28:55.0895 0x0208  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:28:55.0895 0x0208  crcdisk - ok
15:28:55.0902 0x0208  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:28:55.0907 0x0208  CryptSvc - ok
15:28:55.0918 0x0208  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
15:28:55.0927 0x0208  CSC - ok
15:28:55.0942 0x0208  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
15:28:55.0954 0x0208  CscService - ok
15:28:55.0960 0x0208  [ EB7439918F3E04B51CD8822FD8C8E018, 3B79A87B867F769D9E67B34143E90E6A55F493C2BA7ADD4C3FD08AAC85C07C74 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
15:28:55.0962 0x0208  ctxusbm - ok
15:28:55.0975 0x0208  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:28:55.0985 0x0208  DcomLaunch - ok
15:28:55.0993 0x0208  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:28:55.0999 0x0208  defragsvc - ok
15:28:56.0004 0x0208  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:28:56.0006 0x0208  DfsC - ok
15:28:56.0015 0x0208  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:28:56.0021 0x0208  Dhcp - ok
15:28:56.0050 0x0208  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
15:28:56.0075 0x0208  DiagTrack - ok
15:28:56.0080 0x0208  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:28:56.0081 0x0208  discache - ok
15:28:56.0085 0x0208  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
15:28:56.0086 0x0208  Disk - ok
15:28:56.0090 0x0208  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
15:28:56.0092 0x0208  dmvsc - ok
15:28:56.0098 0x0208  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:28:56.0102 0x0208  Dnscache - ok
15:28:56.0109 0x0208  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:28:56.0114 0x0208  dot3svc - ok
15:28:56.0120 0x0208  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:28:56.0123 0x0208  DPS - ok
15:28:56.0127 0x0208  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:28:56.0127 0x0208  drmkaud - ok
15:28:56.0146 0x0208  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:28:56.0162 0x0208  DXGKrnl - ok
15:28:56.0168 0x0208  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:28:56.0171 0x0208  EapHost - ok
15:28:56.0232 0x0208  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
15:28:56.0283 0x0208  ebdrv - ok
15:28:56.0293 0x0208  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS             C:\Windows\System32\lsass.exe
15:28:56.0295 0x0208  EFS - ok
15:28:56.0310 0x0208  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:28:56.0323 0x0208  ehRecvr - ok
15:28:56.0328 0x0208  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:28:56.0331 0x0208  ehSched - ok
15:28:56.0342 0x0208  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:28:56.0351 0x0208  elxstor - ok
15:28:56.0354 0x0208  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:28:56.0354 0x0208  ErrDev - ok
15:28:56.0367 0x0208  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:28:56.0374 0x0208  EventSystem - ok
15:28:56.0381 0x0208  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:28:56.0384 0x0208  exfat - ok
15:28:56.0390 0x0208  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:28:56.0394 0x0208  fastfat - ok
15:28:56.0409 0x0208  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
15:28:56.0422 0x0208  Fax - ok
15:28:56.0425 0x0208  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
15:28:56.0426 0x0208  fdc - ok
15:28:56.0429 0x0208  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:28:56.0431 0x0208  fdPHost - ok
15:28:56.0434 0x0208  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:28:56.0435 0x0208  FDResPub - ok
15:28:56.0440 0x0208  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:28:56.0441 0x0208  FileInfo - ok
15:28:56.0444 0x0208  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:28:56.0445 0x0208  Filetrace - ok
15:28:56.0448 0x0208  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
15:28:56.0448 0x0208  flpydisk - ok
15:28:56.0456 0x0208  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:28:56.0460 0x0208  FltMgr - ok
15:28:56.0484 0x0208  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
15:28:56.0505 0x0208  FontCache - ok
15:28:56.0510 0x0208  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:28:56.0512 0x0208  FontCache3.0.0.0 - ok
15:28:56.0516 0x0208  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:28:56.0517 0x0208  FsDepends - ok
15:28:56.0520 0x0208  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:28:56.0521 0x0208  Fs_Rec - ok
15:28:56.0528 0x0208  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:28:56.0531 0x0208  fvevol - ok
15:28:56.0535 0x0208  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:28:56.0537 0x0208  gagp30kx - ok
15:28:56.0540 0x0208  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:28:56.0541 0x0208  GEARAspiWDM - ok
15:28:56.0558 0x0208  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:28:56.0572 0x0208  gpsvc - ok
15:28:56.0578 0x0208  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:28:56.0581 0x0208  gupdate - ok
15:28:56.0585 0x0208  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:28:56.0587 0x0208  gupdatem - ok
15:28:56.0591 0x0208  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
15:28:56.0592 0x0208  hamachi - ok
15:28:56.0595 0x0208  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:28:56.0596 0x0208  hcw85cir - ok
15:28:56.0605 0x0208  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:28:56.0610 0x0208  HdAudAddService - ok
15:28:56.0615 0x0208  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:28:56.0617 0x0208  HDAudBus - ok
15:28:56.0620 0x0208  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
15:28:56.0621 0x0208  HidBatt - ok
15:28:56.0625 0x0208  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:28:56.0627 0x0208  HidBth - ok
15:28:56.0631 0x0208  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:28:56.0632 0x0208  HidIr - ok
15:28:56.0635 0x0208  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:28:56.0637 0x0208  hidserv - ok
15:28:56.0641 0x0208  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:28:56.0642 0x0208  HidUsb - ok
15:28:56.0685 0x0208  [ 1A650CBAC8C5A90791B45FF7B9F72572, F7DA9744A3A4637D07C5AFBA1D53C0AE1CC501877D5E0B920AF74735F7544339 ] HiPatchService  F:\Games\Smite\HiPatchService.exe
15:28:56.0685 0x0208  HiPatchService - ok
15:28:56.0692 0x0208  [ E7AF59F1E0352F5EBEC4ECD32103D405, 0E02E031799F407A1BCE926D46471E7EFB8820359CBDE73759219B86C1882EB8 ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
15:28:56.0696 0x0208  HipShieldK - ok
15:28:56.0700 0x0208  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:28:56.0703 0x0208  hkmsvc - ok
15:28:56.0709 0x0208  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:28:56.0715 0x0208  HomeGroupListener - ok
15:28:56.0721 0x0208  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:28:56.0725 0x0208  HomeGroupProvider - ok
15:28:56.0737 0x0208  [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
15:28:56.0745 0x0208  HomeNetSvc - ok
15:28:56.0749 0x0208  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:28:56.0751 0x0208  HpSAMD - ok
15:28:56.0767 0x0208  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:28:56.0779 0x0208  HTTP - ok
15:28:56.0783 0x0208  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:28:56.0784 0x0208  hwpolicy - ok
15:28:56.0788 0x0208  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:28:56.0790 0x0208  i8042prt - ok
15:28:56.0801 0x0208  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:28:56.0808 0x0208  iaStorV - ok
15:28:56.0825 0x0208  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:28:56.0841 0x0208  idsvc - ok
15:28:56.0845 0x0208  IEEtwCollectorService - ok
15:28:56.0849 0x0208  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:28:56.0850 0x0208  iirsp - ok
15:28:56.0867 0x0208  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
15:28:56.0883 0x0208  IKEEXT - ok
15:28:56.0952 0x0208  [ 2BEE14AC102CF1259AC99ABF53291A8B, 45FAF81302E7A575D378A67F4EF75C89FDDE3B16AC3155BB2803A54D3A7B0DD3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:28:57.0007 0x0208  IntcAzAudAddService - ok
15:28:57.0018 0x0208  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:28:57.0019 0x0208  intelide - ok
15:28:57.0023 0x0208  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
15:28:57.0024 0x0208  intelppm - ok
15:28:57.0029 0x0208  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:28:57.0032 0x0208  IPBusEnum - ok
15:28:57.0036 0x0208  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:28:57.0038 0x0208  IpFilterDriver - ok
15:28:57.0050 0x0208  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:28:57.0061 0x0208  iphlpsvc - ok
15:28:57.0065 0x0208  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:28:57.0067 0x0208  IPMIDRV - ok
15:28:57.0071 0x0208  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:28:57.0074 0x0208  IPNAT - ok
15:28:57.0088 0x0208  [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:28:57.0100 0x0208  iPod Service - ok
15:28:57.0104 0x0208  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:28:57.0104 0x0208  IRENUM - ok
15:28:57.0107 0x0208  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:28:57.0108 0x0208  isapnp - ok
15:28:57.0115 0x0208  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:28:57.0119 0x0208  iScsiPrt - ok
15:28:57.0123 0x0208  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:28:57.0124 0x0208  kbdclass - ok
15:28:57.0128 0x0208  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:28:57.0128 0x0208  kbdhid - ok
15:28:57.0131 0x0208  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso          C:\Windows\system32\lsass.exe
15:28:57.0133 0x0208  KeyIso - ok
15:28:57.0137 0x0208  [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:28:57.0139 0x0208  KSecDD - ok
15:28:57.0144 0x0208  [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:28:57.0147 0x0208  KSecPkg - ok
15:28:57.0150 0x0208  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:28:57.0150 0x0208  ksthunk - ok
15:28:57.0159 0x0208  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:28:57.0167 0x0208  KtmRm - ok
15:28:57.0178 0x0208  [ 305BB2AC00D46542E0A653AB63F4ABB1, E3BE57A0EBB1194656D20C11688863A7864B06223419F688D82881F9F49604B6 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
15:28:57.0185 0x0208  LADF_CaptureOnly - ok
15:28:57.0189 0x0208  [ 28CDDC7D478A6313F55077416DCBD0DE, EE4174FC9444856DF0693D1A5F16EB88352A3B012AA82D49C462980703981A7A ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
15:28:57.0191 0x0208  LADF_RenderOnly - ok
15:28:57.0198 0x0208  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:28:57.0204 0x0208  LanmanServer - ok
15:28:57.0210 0x0208  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:28:57.0214 0x0208  LanmanWorkstation - ok
15:28:57.0219 0x0208  [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
15:28:57.0220 0x0208  LGBusEnum - ok
15:28:57.0223 0x0208  [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
15:28:57.0224 0x0208  LGVirHid - ok
15:28:57.0227 0x0208  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:28:57.0229 0x0208  lltdio - ok
15:28:57.0237 0x0208  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:28:57.0244 0x0208  lltdsvc - ok
15:28:57.0247 0x0208  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:28:57.0249 0x0208  lmhosts - ok
15:28:57.0254 0x0208  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:28:57.0256 0x0208  LSI_FC - ok
15:28:57.0261 0x0208  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:28:57.0263 0x0208  LSI_SAS - ok
15:28:57.0266 0x0208  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
15:28:57.0268 0x0208  LSI_SAS2 - ok
15:28:57.0272 0x0208  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:28:57.0274 0x0208  LSI_SCSI - ok
15:28:57.0279 0x0208  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:28:57.0281 0x0208  luafv - ok
15:28:57.0284 0x0208  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
15:28:57.0285 0x0208  MBAMProtector - ok
15:28:57.0308 0x0208  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
15:28:57.0328 0x0208  MBAMService - ok
15:28:57.0333 0x0208  [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
15:28:57.0335 0x0208  MBAMWebAccessControl - ok
15:28:57.0342 0x0208  [ 5096855DA1FB50A028ACA15B5CC358D9, 15A84A1FD6856CFFF6D9C5D0F5F29A71781033A5E388B3E310306600600D1221 ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
15:28:57.0345 0x0208  McAfee SiteAdvisor Service - ok
15:28:57.0364 0x0208  [ DB0B5D190F92DE7ED732EC51DCB4D49B, 975A5A63479F5F70F3D384A74C4B0EE5154A6E1627304603ECA5FF34F280E40C ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
15:28:57.0379 0x0208  McAPExe - ok
15:28:57.0414 0x0208  [ 92D753DC474A4DD78ABB24A32DE53A55, 4BBAF644AB83ADB6AEE74B1A6EF7BA433A43049128C4CF15268825283B0EFB37 ] mccspsvc        C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
15:28:57.0440 0x0208  mccspsvc - ok
15:28:57.0453 0x0208  [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
15:28:57.0460 0x0208  McMPFSvc - ok
15:28:57.0471 0x0208  [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] McNaiAnn        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
15:28:57.0477 0x0208  McNaiAnn - ok
15:28:57.0492 0x0208  [ 1E911C91938467BC94389711BE4CDFF6, 2FD6679D0AB2982B19A4498ACF1F628FBD7638249D03ADB141308955A86FB288 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
15:28:57.0504 0x0208  McODS - ok
15:28:57.0515 0x0208  [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] mcpltsvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
15:28:57.0522 0x0208  mcpltsvc - ok
15:28:57.0532 0x0208  [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] McProxy         C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
15:28:57.0539 0x0208  McProxy - ok
15:28:57.0544 0x0208  [ 62FA082C0B22A65D8ABFFE5A8FA4A0E5, 42CF12F83A4F50DBB6B4EA98BE96918A9829F91FD9C0E8A0F88325A4DBA0DF2C ] McPvDrv         C:\Windows\system32\drivers\McPvDrv.sys
15:28:57.0546 0x0208  McPvDrv - ok
15:28:57.0550 0x0208  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:28:57.0553 0x0208  Mcx2Svc - ok
15:28:57.0556 0x0208  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
15:28:57.0557 0x0208  megasas - ok
15:28:57.0565 0x0208  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
15:28:57.0569 0x0208  MegaSR - ok
15:28:57.0580 0x0208  [ 67CD258ECEA02ADA4D57592AE720F452, D4A1A4CC2749BF2FA798D7A2661D367F45124BE08A31ABBBA58B48BCE83EE62C ] mfeaack         C:\Windows\system32\drivers\mfeaack.sys
15:28:57.0587 0x0208  mfeaack - ok
15:28:57.0597 0x0208  [ E3084E1F0A542DF32312B7D2FE52D6E1, D0988DAB235A8D1F51C2DCB33BCECB047C3F3CED309267691D750BC41F578B36 ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
15:28:57.0602 0x0208  mfeavfk - ok
15:28:57.0611 0x0208  [ 0A8120FB835F5FC47609F7C7744343C2, 2748C15997BCF0C47F784C2F037730370B0FCF79FE03CC2ACA8A98B2956D5DC8 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:28:57.0615 0x0208  mfefire - ok
15:28:57.0628 0x0208  [ 5203A63B8FDB8E072BDFA036D63589C3, F81601F50DE177D10B804D69321225DCCCD9C61394A43A6EC647F71FCFE4921F ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
15:28:57.0636 0x0208  mfefirek - ok
15:28:57.0654 0x0208  [ 578AE1184B6342A06E7020BE866472D5, 53CB9E37EBDFA1137F56860ABE6EE0F82532733254D654A4982087E0D3FE765E ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
15:28:57.0667 0x0208  mfehidk - ok
15:28:57.0678 0x0208  [ E62E237B7F6890CC05EC9111EC00D461, E41F32E0C9685B9A70D47A8B1B69B06058D0D99F387ED303FDA99CE051560B8D ] mfemms          C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
15:28:57.0684 0x0208  mfemms - ok
15:28:57.0700 0x0208  [ 9DC97E684A0F4AAF726D54B6B252315C, 1420F084ABC20619F9A8D1D5A30ADEA0A21432D0327634C97A58FA62452DC781 ] mfencbdc        C:\Windows\system32\DRIVERS\mfencbdc.sys
15:28:57.0708 0x0208  mfencbdc - ok
15:28:57.0714 0x0208  [ 984C0003040946578022D3A5405652D9, E52E5EB4F2A50573854BB8BC37326B75138278E6F96E32937AFB01AB359307A9 ] mfencrk         C:\Windows\system32\DRIVERS\mfencrk.sys
15:28:57.0716 0x0208  mfencrk - ok
15:28:57.0720 0x0208  [ FB4F8875C0927BB29EC052D09950AE96, 78B8ECD9A16F94FE1C1FD23B17250A2089789AC9E33B162F0ECAB9893B6B1142 ] mfesapsn        C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
15:28:57.0721 0x0208  mfesapsn - ok
15:28:57.0729 0x0208  [ C76DEBD4675A90C6A9CECA4E12F9295C, 91AACFC1C1B345D212354C33383A654C6D51BF3F676455C7068B7DD96E8F2476 ] mfevtp          C:\Windows\system32\mfevtps.exe
15:28:57.0734 0x0208  mfevtp - ok
15:28:57.0741 0x0208  [ F0E1B2EF49D967B17256F2334E93005A, 05A34ED584CD4D4E8722638D76F6E24B3EDAC605ABBBAB7812958AFA0CAA3B88 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
15:28:57.0745 0x0208  mfewfpk - ok
15:28:57.0749 0x0208  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:28:57.0752 0x0208  MMCSS - ok
15:28:57.0755 0x0208  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:28:57.0756 0x0208  Modem - ok
15:28:57.0759 0x0208  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:28:57.0760 0x0208  monitor - ok
15:28:57.0764 0x0208  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:28:57.0765 0x0208  mouclass - ok
15:28:57.0768 0x0208  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:28:57.0769 0x0208  mouhid - ok
15:28:57.0774 0x0208  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:28:57.0775 0x0208  mountmgr - ok
15:28:57.0781 0x0208  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:28:57.0784 0x0208  mpio - ok
15:28:57.0787 0x0208  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:28:57.0789 0x0208  mpsdrv - ok
15:28:57.0806 0x0208  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:28:57.0822 0x0208  MpsSvc - ok
15:28:57.0828 0x0208  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:28:57.0831 0x0208  MRxDAV - ok
15:28:57.0837 0x0208  [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:28:57.0839 0x0208  mrxsmb - ok
15:28:57.0847 0x0208  [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:28:57.0852 0x0208  mrxsmb10 - ok
15:28:57.0857 0x0208  [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:28:57.0859 0x0208  mrxsmb20 - ok
15:28:57.0862 0x0208  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:28:57.0863 0x0208  msahci - ok
15:28:57.0868 0x0208  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:28:57.0871 0x0208  msdsm - ok
15:28:57.0876 0x0208  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:28:57.0879 0x0208  MSDTC - ok
15:28:57.0884 0x0208  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:28:57.0885 0x0208  Msfs - ok
15:28:57.0888 0x0208  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:28:57.0888 0x0208  mshidkmdf - ok
15:28:57.0891 0x0208  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:28:57.0892 0x0208  msisadrv - ok
15:28:57.0899 0x0208  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:28:57.0903 0x0208  MSiSCSI - ok
15:28:57.0906 0x0208  msiserver - ok
15:28:57.0916 0x0208  [ 47F727600D00D12E15748FCCAF29E6FA, 404D41E2EC61C7D14DAF866C7D86385E73C07F2B17AC90A8768009840292E3AD ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
15:28:57.0923 0x0208  MSK80Service - ok
15:28:57.0927 0x0208  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:28:57.0927 0x0208  MSKSSRV - ok
15:28:57.0930 0x0208  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:28:57.0931 0x0208  MSPCLOCK - ok
15:28:57.0933 0x0208  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:28:57.0934 0x0208  MSPQM - ok
15:28:57.0943 0x0208  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:28:57.0949 0x0208  MsRPC - ok
15:28:57.0953 0x0208  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:28:57.0954 0x0208  mssmbios - ok
15:28:57.0957 0x0208  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:28:57.0957 0x0208  MSTEE - ok
15:28:57.0960 0x0208  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
15:28:57.0960 0x0208  MTConfig - ok
15:28:57.0964 0x0208  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:28:57.0965 0x0208  Mup - ok
15:28:57.0978 0x0208  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
15:28:57.0988 0x0208  napagent - ok
15:28:57.0997 0x0208  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:28:58.0002 0x0208  NativeWifiP - ok
15:28:58.0022 0x0208  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:28:58.0037 0x0208  NDIS - ok
15:28:58.0041 0x0208  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:28:58.0042 0x0208  NdisCap - ok
15:28:58.0046 0x0208  [ 2E7C9CC1DF7F878358C7292D036AFE63, B0B2C55A73FD957D410C2A6C67C6BC93EA477BA905EE5DD074C85DDFAA4B9A68 ] ndisrd          C:\Windows\system32\DRIVERS\ndisrd.sys
15:28:58.0047 0x0208  ndisrd - ok
15:28:58.0050 0x0208  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:28:58.0051 0x0208  NdisTapi - ok
15:28:58.0057 0x0208  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:28:58.0058 0x0208  Ndisuio - ok
15:28:58.0064 0x0208  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:28:58.0066 0x0208  NdisWan - ok
15:28:58.0070 0x0208  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:28:58.0071 0x0208  NDProxy - ok
15:28:58.0075 0x0208  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:28:58.0076 0x0208  NetBIOS - ok
15:28:58.0083 0x0208  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:28:58.0087 0x0208  NetBT - ok
15:28:58.0090 0x0208  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon        C:\Windows\system32\lsass.exe
15:28:58.0092 0x0208  Netlogon - ok
15:28:58.0101 0x0208  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:28:58.0108 0x0208  Netman - ok
15:28:58.0114 0x0208  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:28:58.0119 0x0208  NetMsmqActivator - ok
15:28:58.0124 0x0208  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:28:58.0126 0x0208  NetPipeActivator - ok
15:28:58.0137 0x0208  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:28:58.0146 0x0208  netprofm - ok
15:28:58.0150 0x0208  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:28:58.0153 0x0208  NetTcpActivator - ok
15:28:58.0158 0x0208  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:28:58.0160 0x0208  NetTcpPortSharing - ok
15:28:58.0164 0x0208  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:28:58.0165 0x0208  nfrd960 - ok
15:28:58.0173 0x0208  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:28:58.0180 0x0208  NlaSvc - ok
15:28:58.0183 0x0208  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:28:58.0184 0x0208  Npfs - ok
15:28:58.0188 0x0208  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:28:58.0190 0x0208  nsi - ok
15:28:58.0192 0x0208  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:28:58.0193 0x0208  nsiproxy - ok
15:28:58.0226 0x0208  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:28:58.0252 0x0208  Ntfs - ok
15:28:58.0262 0x0208  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:28:58.0262 0x0208  Null - ok
15:28:58.0268 0x0208  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:28:58.0270 0x0208  nvraid - ok
15:28:58.0276 0x0208  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:28:58.0279 0x0208  nvstor - ok
15:28:58.0284 0x0208  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:28:58.0286 0x0208  nv_agp - ok
15:28:58.0290 0x0208  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:28:58.0292 0x0208  ohci1394 - ok
15:28:58.0301 0x0208  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:28:58.0308 0x0208  p2pimsvc - ok
15:28:58.0319 0x0208  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
15:28:58.0328 0x0208  p2psvc - ok
15:28:58.0333 0x0208  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
15:28:58.0335 0x0208  Parport - ok
15:28:58.0339 0x0208  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:28:58.0341 0x0208  partmgr - ok
15:28:58.0347 0x0208  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:28:58.0351 0x0208  PcaSvc - ok
15:28:58.0357 0x0208  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
15:28:58.0360 0x0208  pci - ok
15:28:58.0363 0x0208  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:28:58.0364 0x0208  pciide - ok
15:28:58.0370 0x0208  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:28:58.0374 0x0208  pcmcia - ok
15:28:58.0378 0x0208  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:28:58.0379 0x0208  pcw - ok
15:28:58.0393 0x0208  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:28:58.0403 0x0208  PEAUTH - ok
15:28:58.0430 0x0208  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:28:58.0455 0x0208  PeerDistSvc - ok
15:28:58.0481 0x0208  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:28:58.0482 0x0208  PerfHost - ok
15:28:58.0513 0x0208  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
15:28:58.0538 0x0208  pla - ok
15:28:58.0551 0x0208  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:28:58.0559 0x0208  PlugPlay - ok
15:28:58.0563 0x0208  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:28:58.0565 0x0208  PNRPAutoReg - ok
15:28:58.0574 0x0208  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:28:58.0580 0x0208  PNRPsvc - ok
15:28:58.0592 0x0208  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:28:58.0601 0x0208  PolicyAgent - ok
15:28:58.0609 0x0208  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
15:28:58.0613 0x0208  Power - ok
15:28:58.0618 0x0208  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:28:58.0620 0x0208  PptpMiniport - ok
15:28:58.0624 0x0208  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
15:28:58.0625 0x0208  Processor - ok
15:28:58.0632 0x0208  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:28:58.0637 0x0208  ProfSvc - ok
15:28:58.0640 0x0208  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:28:58.0642 0x0208  ProtectedStorage - ok
15:28:58.0647 0x0208  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:28:58.0650 0x0208  Psched - ok
15:28:58.0679 0x0208  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:28:58.0702 0x0208  ql2300 - ok
15:28:58.0709 0x0208  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:28:58.0712 0x0208  ql40xx - ok
15:28:58.0719 0x0208  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
15:28:58.0726 0x0208  QWAVE - ok
15:28:58.0730 0x0208  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:28:58.0731 0x0208  QWAVEdrv - ok
15:28:58.0734 0x0208  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:28:58.0734 0x0208  RasAcd - ok
15:28:58.0739 0x0208  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:28:58.0740 0x0208  RasAgileVpn - ok
15:28:58.0745 0x0208  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
15:28:58.0748 0x0208  RasAuto - ok
15:28:58.0753 0x0208  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:28:58.0756 0x0208  Rasl2tp - ok
15:28:58.0766 0x0208  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
15:28:58.0773 0x0208  RasMan - ok
15:28:58.0778 0x0208  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:28:58.0780 0x0208  RasPppoe - ok
15:28:58.0783 0x0208  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:28:58.0785 0x0208  RasSstp - ok
15:28:58.0792 0x0208  [ 71FF75BAE3D6E362BE3AD07E26C2D00A, 33F82F817AAAD585D47112A88BCC9DC2FB1B7AB8448EE140FA00FA520D8647A7 ] Razer Game Scanner Service C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
15:28:58.0795 0x0208  Razer Game Scanner Service - ok
15:28:58.0803 0x0208  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:28:58.0808 0x0208  rdbss - ok
15:28:58.0811 0x0208  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:28:58.0812 0x0208  rdpbus - ok
15:28:58.0815 0x0208  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:28:58.0816 0x0208  RDPCDD - ok
15:28:58.0823 0x0208  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:28:58.0825 0x0208  RDPDR - ok
15:28:58.0829 0x0208  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:28:58.0829 0x0208  RDPENCDD - ok
15:28:58.0833 0x0208  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:28:58.0834 0x0208  RDPREFMP - ok
15:28:58.0839 0x0208  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:28:58.0840 0x0208  RdpVideoMiniport - ok
15:28:58.0846 0x0208  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:28:58.0850 0x0208  RDPWD - ok
15:28:58.0857 0x0208  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:28:58.0860 0x0208  rdyboost - ok
15:28:58.0865 0x0208  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:28:58.0868 0x0208  RemoteAccess - ok
15:28:58.0874 0x0208  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:28:58.0878 0x0208  RemoteRegistry - ok
15:28:58.0883 0x0208  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:28:58.0885 0x0208  RpcEptMapper - ok
15:28:58.0889 0x0208  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
15:28:58.0890 0x0208  RpcLocator - ok
15:28:58.0902 0x0208  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
15:28:58.0911 0x0208  RpcSs - ok
15:28:58.0916 0x0208  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:28:58.0917 0x0208  rspndr - ok
15:28:58.0935 0x0208  [ 61A04C0C084D560BBEF1D09604608262, 27230BDFB479FBD1B18BB4035059A52F8BE74B19190951EAC95D569E284421B3 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
15:28:58.0947 0x0208  RTL8167 - ok
15:28:58.0954 0x0208  [ 652F9068C05A7FB83291DF616CDC8A8B, 13136DE67C31C5781B9E484C1AF806F43AF8EA0843D5A4018CBE7191ADD31A54 ] RzDxgk          C:\Windows\system32\drivers\RzDxgk.sys
15:28:58.0957 0x0208  RzDxgk - ok
15:28:58.0961 0x0208  [ 8295DB01432C1D1F3D0F4A27AB349730, 7FE8CC442829B8136A96E19F17070C29DA2C5F1B9EA2B5EBACCB965783F96356 ] rzendpt         C:\Windows\system32\DRIVERS\rzendpt.sys
15:28:58.0962 0x0208  rzendpt - ok
15:28:58.0967 0x0208  [ 2CEDF1DC70CEFB415354180A507104CE, AD5B2792B05337F809C375A534F421B3D4B9955B19281FBC635A6CAC9DD05ED4 ] RzFilter        C:\Windows\system32\drivers\RzFilter.sys
15:28:58.0969 0x0208  RzFilter - ok
15:28:58.0973 0x0208  [ 3720C926F2ABB71FE181936F3C3E839D, 55B0A352A4C62C3BBC12AC051B46C62CE7AB8556FE30782BDFAFABFCE0D74CA1 ] rzmpos          C:\Windows\system32\DRIVERS\rzmpos.sys
15:28:58.0974 0x0208  rzmpos - ok
15:28:58.0978 0x0208  [ 8F8C6EDB43BA9E60917ED76EA2E02CDE, AED12241690DFE6FAFF54D85FFD0926B84135BBEE1F9C9ED9850E11F4D5330EE ] RzOvlMon        C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
15:28:58.0979 0x0208  RzOvlMon - ok
15:28:58.0983 0x0208  [ F17F84511E7DFDEEAB646F0699A006D7, 5237937841FBD1F99A5D6161DEBA26182DDAF617CA98946EE7DB0AB67FC149EA ] rzpmgrk         C:\Windows\system32\drivers\rzpmgrk.sys
15:28:58.0984 0x0208  rzpmgrk - ok
15:28:58.0990 0x0208  [ FEF60A37301E1F5A3020FA3487FB2CD7, 0C925468C3376458D0E1EC65E097BD1A81A03901035C0195E8F6EF904EF3F901 ] rzpnk           C:\Windows\system32\drivers\rzpnk.sys
15:28:58.0992 0x0208  rzpnk - ok
15:28:58.0999 0x0208  [ 77C5AB228FE307C55FEF0C575E218771, 73C9D4593DA694B2D52817F608E749296D9CC1C44906C97204595476B68AD50F ] rzudd           C:\Windows\system32\DRIVERS\rzudd.sys
15:28:59.0003 0x0208  rzudd - ok
15:28:59.0006 0x0208  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:28:59.0006 0x0208  s3cap - ok
15:28:59.0009 0x0208  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs           C:\Windows\system32\lsass.exe
15:28:59.0011 0x0208  SamSs - ok
15:28:59.0015 0x0208  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:28:59.0017 0x0208  sbp2port - ok
15:28:59.0025 0x0208  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:28:59.0030 0x0208  SCardSvr - ok
15:28:59.0033 0x0208  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:28:59.0034 0x0208  scfilter - ok
15:28:59.0056 0x0208  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
15:28:59.0076 0x0208  Schedule - ok
15:28:59.0082 0x0208  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:28:59.0084 0x0208  SCPolicySvc - ok
15:28:59.0091 0x0208  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:28:59.0095 0x0208  SDRSVC - ok
15:28:59.0099 0x0208  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:28:59.0100 0x0208  secdrv - ok
15:28:59.0103 0x0208  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
15:28:59.0105 0x0208  seclogon - ok
15:28:59.0110 0x0208  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
15:28:59.0112 0x0208  SENS - ok
15:28:59.0116 0x0208  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:28:59.0118 0x0208  SensrSvc - ok
15:28:59.0122 0x0208  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:28:59.0123 0x0208  Serenum - ok
15:28:59.0127 0x0208  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:28:59.0129 0x0208  Serial - ok
15:28:59.0132 0x0208  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:28:59.0133 0x0208  sermouse - ok
15:28:59.0142 0x0208  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
15:28:59.0145 0x0208  SessionEnv - ok
15:28:59.0149 0x0208  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:28:59.0149 0x0208  sffdisk - ok
15:28:59.0152 0x0208  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:28:59.0152 0x0208  sffp_mmc - ok
15:28:59.0155 0x0208  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:28:59.0156 0x0208  sffp_sd - ok
15:28:59.0159 0x0208  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:28:59.0160 0x0208  sfloppy - ok
15:28:59.0169 0x0208  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:28:59.0176 0x0208  SharedAccess - ok
15:28:59.0187 0x0208  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:28:59.0195 0x0208  ShellHWDetection - ok
15:28:59.0199 0x0208  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
15:28:59.0200 0x0208  SiSRaid2 - ok
15:28:59.0204 0x0208  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:28:59.0206 0x0208  SiSRaid4 - ok
15:28:59.0214 0x0208  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:28:59.0220 0x0208  SkypeUpdate - ok
15:28:59.0226 0x0208  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:28:59.0228 0x0208  Smb - ok
15:28:59.0233 0x0208  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:28:59.0235 0x0208  SNMPTRAP - ok
15:28:59.0238 0x0208  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:28:59.0239 0x0208  spldr - ok
15:28:59.0252 0x0208  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
15:28:59.0263 0x0208  Spooler - ok
15:28:59.0330 0x0208  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:28:59.0394 0x0208  sppsvc - ok
15:28:59.0404 0x0208  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:28:59.0407 0x0208  sppuinotify - ok
15:28:59.0419 0x0208  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:28:59.0426 0x0208  srv - ok
15:28:59.0436 0x0208  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:28:59.0443 0x0208  srv2 - ok
15:28:59.0449 0x0208  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:28:59.0452 0x0208  srvnet - ok
15:28:59.0459 0x0208  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:28:59.0464 0x0208  SSDPSRV - ok
15:28:59.0469 0x0208  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:28:59.0472 0x0208  SstpSvc - ok
15:28:59.0490 0x0208  [ A831D5A4D2F5138E332AC1B98315EBB1, 2FF5C256A83ACFB5CEC17B9FA7875048F770B793C37657D6D4E37C70B2F857A8 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
15:28:59.0505 0x0208  Steam Client Service - ok
15:28:59.0510 0x0208  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
15:28:59.0510 0x0208  stexstor - ok
15:28:59.0525 0x0208  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
15:28:59.0536 0x0208  stisvc - ok
15:28:59.0541 0x0208  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:28:59.0542 0x0208  storflt - ok
15:28:59.0546 0x0208  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
15:28:59.0548 0x0208  StorSvc - ok
15:28:59.0551 0x0208  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:28:59.0552 0x0208  storvsc - ok
15:28:59.0556 0x0208  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:28:59.0556 0x0208  swenum - ok
15:28:59.0568 0x0208  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
15:28:59.0579 0x0208  swprv - ok
15:28:59.0613 0x0208  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
15:28:59.0644 0x0208  SysMain - ok
15:28:59.0651 0x0208  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:28:59.0655 0x0208  TabletInputService - ok
15:28:59.0663 0x0208  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:28:59.0670 0x0208  TapiSrv - ok
15:28:59.0675 0x0208  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
15:28:59.0678 0x0208  TBS - ok
15:28:59.0714 0x0208  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:28:59.0744 0x0208  Tcpip - ok
15:28:59.0783 0x0208  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:28:59.0813 0x0208  TCPIP6 - ok
15:28:59.0823 0x0208  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:28:59.0824 0x0208  tcpipreg - ok
15:28:59.0828 0x0208  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:28:59.0829 0x0208  TDPIPE - ok
15:28:59.0833 0x0208  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:28:59.0833 0x0208  TDTCP - ok
15:28:59.0838 0x0208  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:28:59.0841 0x0208  tdx - ok
15:28:59.0845 0x0208  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:28:59.0847 0x0208  TermDD - ok
15:28:59.0862 0x0208  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
15:28:59.0875 0x0208  TermService - ok
15:28:59.0882 0x0208  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
15:28:59.0884 0x0208  Themes - ok
15:28:59.0889 0x0208  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:28:59.0889 0x1f90  Object required for P2P: [ 5096855DA1FB50A028ACA15B5CC358D9 ] McAfee SiteAdvisor Service
15:28:59.0891 0x0208  THREADORDER - ok
15:28:59.0896 0x0208  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
15:28:59.0900 0x0208  TrkWks - ok
15:28:59.0906 0x0208  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:28:59.0910 0x0208  TrustedInstaller - ok
15:28:59.0915 0x0208  [ 19BEDA57F3E0A06B8D5EB6D619BD5624, 952D5FAFD662C93628C12A6F7EB8E240A44216C0A15CBD2F5016BC357CBFE821 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:28:59.0916 0x0208  tssecsrv - ok
15:28:59.0922 0x0208  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:28:59.0923 0x0208  TsUsbFlt - ok
15:28:59.0927 0x0208  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
15:28:59.0928 0x0208  TsUsbGD - ok
15:28:59.0933 0x0208  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:28:59.0935 0x0208  tunnel - ok
15:28:59.0939 0x0208  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:28:59.0941 0x0208  uagp35 - ok
15:28:59.0949 0x0208  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:28:59.0954 0x0208  udfs - ok
15:28:59.0961 0x0208  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:28:59.0963 0x0208  UI0Detect - ok
15:28:59.0967 0x0208  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:28:59.0968 0x0208  uliagpkx - ok
15:28:59.0972 0x0208  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:28:59.0973 0x0208  umbus - ok
15:28:59.0976 0x0208  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
15:28:59.0977 0x0208  UmPass - ok
15:28:59.0983 0x0208  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:28:59.0988 0x0208  UmRdpService - ok
15:28:59.0997 0x0208  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
15:29:00.0005 0x0208  upnphost - ok
15:29:00.0009 0x0208  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:29:00.0011 0x0208  USBAAPL64 - ok
15:29:00.0016 0x0208  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:29:00.0018 0x0208  usbaudio - ok
15:29:00.0023 0x0208  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:29:00.0025 0x0208  usbccgp - ok
15:29:00.0030 0x0208  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:29:00.0032 0x0208  usbcir - ok
15:29:00.0036 0x0208  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:29:00.0037 0x0208  usbehci - ok
15:29:00.0041 0x0208  [ 504901430B6E03B99EBB6BF26E0868C6, D00C0904B7008305DCA5D1E6FED153DD8875CAD14D80348E59F42A182FA7E832 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
15:29:00.0042 0x0208  usbfilter - ok
15:29:00.0052 0x0208  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:29:00.0057 0x0208  usbhub - ok
15:29:00.0061 0x0208  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:29:00.0062 0x0208  usbohci - ok
15:29:00.0065 0x0208  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
15:29:00.0066 0x0208  usbprint - ok
15:29:00.0070 0x0208  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
15:29:00.0072 0x0208  USBSTOR - ok
15:29:00.0075 0x0208  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:29:00.0076 0x0208  usbuhci - ok
15:29:00.0080 0x0208  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
15:29:00.0082 0x0208  UxSms - ok
15:29:00.0086 0x0208  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc        C:\Windows\system32\lsass.exe
15:29:00.0087 0x0208  VaultSvc - ok
15:29:00.0091 0x0208  [ 25B454EBFDEB17A0DA44067DC6887B94, 95D5E6C76A3E4DACE6FB4513F4CC42716D53888E8E32403391155A20890A1D4F ] VDiskBus        C:\Windows\system32\DRIVERS\VDiskBus64.sys
15:29:00.0092 0x0208  VDiskBus - ok
15:29:00.0096 0x0208  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:29:00.0097 0x0208  vdrvroot - ok
15:29:00.0109 0x0208  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
15:29:00.0120 0x0208  vds - ok
15:29:00.0124 0x0208  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:29:00.0125 0x0208  vga - ok
15:29:00.0128 0x0208  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:29:00.0129 0x0208  VgaSave - ok
15:29:00.0135 0x0208  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:29:00.0139 0x0208  vhdmp - ok
15:29:00.0142 0x0208  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:29:00.0143 0x0208  viaide - ok
15:29:00.0149 0x0208  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:29:00.0153 0x0208  vmbus - ok
15:29:00.0156 0x0208  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:29:00.0157 0x0208  VMBusHID - ok
15:29:00.0161 0x0208  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:29:00.0162 0x0208  volmgr - ok
15:29:00.0171 0x0208  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:29:00.0177 0x0208  volmgrx - ok
15:29:00.0186 0x0208  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:29:00.0191 0x0208  volsnap - ok
15:29:00.0197 0x0208  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:29:00.0199 0x0208  vsmraid - ok
15:29:00.0230 0x0208  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
15:29:00.0260 0x0208  VSS - ok
15:29:00.0265 0x0208  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:29:00.0266 0x0208  vwifibus - ok
15:29:00.0276 0x0208  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
15:29:00.0284 0x0208  W32Time - ok
15:29:00.0289 0x0208  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:29:00.0290 0x0208  WacomPen - ok
15:29:00.0295 0x0208  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:29:00.0297 0x0208  WANARP - ok
15:29:00.0300 0x0208  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:29:00.0302 0x0208  Wanarpv6 - ok
15:29:00.0328 0x0208  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:29:00.0350 0x0208  WatAdminSvc - ok
15:29:00.0381 0x0208  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
15:29:00.0408 0x0208  wbengine - ok
15:29:00.0417 0x0208  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:29:00.0423 0x0208  WbioSrvc - ok
15:29:00.0432 0x0208  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:29:00.0440 0x0208  wcncsvc - ok
15:29:00.0444 0x0208  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:29:00.0447 0x0208  WcsPlugInService - ok
15:29:00.0450 0x0208  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
15:29:00.0451 0x0208  Wd - ok
15:29:00.0454 0x0208  [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
15:29:00.0454 0x0208  WDC_SAM - ok
15:29:00.0471 0x0208  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:29:00.0484 0x0208  Wdf01000 - ok
15:29:00.0490 0x0208  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:29:00.0493 0x0208  WdiServiceHost - ok
15:29:00.0497 0x0208  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:29:00.0500 0x0208  WdiSystemHost - ok
15:29:00.0508 0x0208  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
15:29:00.0514 0x0208  WebClient - ok
15:29:00.0522 0x0208  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:29:00.0528 0x0208  Wecsvc - ok
15:29:00.0532 0x0208  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:29:00.0536 0x0208  wercplsupport - ok
15:29:00.0541 0x0208  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:29:00.0544 0x0208  WerSvc - ok
15:29:00.0547 0x0208  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:29:00.0548 0x0208  WfpLwf - ok
15:29:00.0551 0x0208  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:29:00.0552 0x0208  WIMMount - ok
15:29:00.0554 0x0208  WinDefend - ok
15:29:00.0560 0x0208  WinHttpAutoProxySvc - ok
15:29:00.0571 0x0208  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:29:00.0576 0x0208  Winmgmt - ok
15:29:00.0615 0x0208  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
15:29:00.0652 0x0208  WinRM - ok
15:29:00.0663 0x0208  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
15:29:00.0664 0x0208  WinUsb - ok
15:29:00.0683 0x0208  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:29:00.0700 0x0208  Wlansvc - ok
15:29:00.0704 0x0208  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
15:29:00.0705 0x0208  WmiAcpi - ok
15:29:00.0713 0x0208  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:29:00.0717 0x0208  wmiApSrv - ok
15:29:00.0721 0x0208  WMPNetworkSvc - ok
15:29:00.0724 0x0208  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:29:00.0726 0x0208  WPCSvc - ok
15:29:00.0731 0x0208  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:29:00.0735 0x0208  WPDBusEnum - ok
15:29:00.0738 0x0208  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:29:00.0739 0x0208  ws2ifsl - ok
15:29:00.0744 0x0208  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
15:29:00.0747 0x0208  wscsvc - ok
15:29:00.0751 0x0208  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
15:29:00.0752 0x0208  WSDPrintDevice - ok
15:29:00.0756 0x0208  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
15:29:00.0757 0x0208  WSDScan - ok
15:29:00.0759 0x0208  WSearch - ok
15:29:00.0808 0x0208  [ 6075791ED85E47A2A2916B1F34582944, 25B5FAD161711875B38BDD014A26FA527C8EE4854D485989D19A72D5EBBA4054 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:29:00.0854 0x0208  wuauserv - ok
15:29:00.0863 0x0208  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:29:00.0865 0x0208  WudfPf - ok
15:29:00.0871 0x0208  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
15:29:00.0875 0x0208  WUDFRd - ok
15:29:00.0880 0x0208  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:29:00.0883 0x0208  wudfsvc - ok
15:29:00.0891 0x0208  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:29:00.0897 0x0208  WwanSvc - ok
15:29:00.0900 0x0208  ================ Scan global ===============================
15:29:00.0904 0x0208  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
15:29:00.0911 0x0208  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
15:29:00.0921 0x0208  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
15:29:00.0928 0x0208  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:29:00.0937 0x0208  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
15:29:00.0943 0x0208  [ Global ] - ok
15:29:00.0943 0x0208  ================ Scan MBR ==================================
15:29:00.0945 0x0208  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
15:29:00.0951 0x0208  \Device\Harddisk0\DR0 - ok
15:29:00.0975 0x0208  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:29:00.0988 0x0208  \Device\Harddisk1\DR1 - ok
15:29:00.0988 0x0208  ================ Scan VBR ==================================
15:29:00.0990 0x0208  [ DD460C8D0C3C754D4DEE5DDFE1399A76 ] \Device\Harddisk0\DR0\Partition1
15:29:00.0990 0x0208  \Device\Harddisk0\DR0\Partition1 - ok
15:29:00.0992 0x0208  [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk0\DR0\Partition2
15:29:00.0992 0x0208  \Device\Harddisk0\DR0\Partition2 - ok
15:29:00.0994 0x0208  [ 70090F338088EE50FB5CD0E69EAC77BE ] \Device\Harddisk0\DR0\Partition3
15:29:00.0995 0x0208  \Device\Harddisk0\DR0\Partition3 - ok
15:29:00.0997 0x0208  [ 3C37250C5575D00DE2EE31177644C588 ] \Device\Harddisk1\DR1\Partition1
15:29:01.0043 0x0208  \Device\Harddisk1\DR1\Partition1 - ok
15:29:01.0043 0x0208  ================ Scan generic autorun ======================
15:29:01.0065 0x0208  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:29:01.0084 0x0208  Sidebar - ok
15:29:01.0089 0x0208  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:29:01.0092 0x0208  mctadmin - ok
15:29:01.0114 0x0208  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:29:01.0131 0x0208  Sidebar - ok
15:29:01.0136 0x0208  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:29:01.0138 0x0208  mctadmin - ok
15:29:01.0139 0x0208  Waiting for KSN requests completion. In queue: 270
15:29:02.0139 0x0208  Waiting for KSN requests completion. In queue: 270
15:29:02.0383 0x1f90  Object send P2P result: true
15:29:03.0139 0x0208  Waiting for KSN requests completion. In queue: 267
15:29:03.0544 0x1d34  Object required for P2P: [ 62FA082C0B22A65D8ABFFE5A8FA4A0E5 ] McPvDrv
15:29:04.0139 0x0208  Waiting for KSN requests completion. In queue: 266
15:29:05.0139 0x0208  Waiting for KSN requests completion. In queue: 266
15:29:06.0000 0x1d34  Object send P2P result: true
15:29:06.0001 0x1d34  Object required for P2P: [ E62E237B7F6890CC05EC9111EC00D461 ] mfemms
15:29:06.0139 0x0208  Waiting for KSN requests completion. In queue: 257
15:29:07.0139 0x0208  Waiting for KSN requests completion. In queue: 257
15:29:08.0139 0x0208  Waiting for KSN requests completion. In queue: 257
15:29:08.0480 0x1d34  Object send P2P result: true
15:29:09.0167 0x0208  AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 14.0.0.0 ), 0x51000 ( enabled : updated )
15:29:09.0171 0x0208  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 14.0.0.0 ), 0x51010 ( enabled )
15:29:11.0963 0x0208  ============================================================
15:29:11.0963 0x0208  Scan finished
15:29:11.0963 0x0208  ============================================================
15:29:11.0974 0x04f0  Detected object count: 0
15:29:11.0974 0x04f0  Actual detected object count: 0
 
 
aswMBR log
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-01-03 15:30:18
-----------------------------
15:30:18.902    OS Version: Windows x64 6.1.7601 Service Pack 1
15:30:18.902    Number of processors: 8 586 0x200
15:30:18.903    ComputerName: LUKE-PC  UserName: Luke
15:30:19.358    Initialize success
15:30:19.403    VM: initialized successfully
15:30:19.404    VM: Amd CPU supported 
15:33:51.932    AVAST engine defs: 16010300
15:34:05.166    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000079
15:34:05.170    Disk 0 Vendor: Corsair_ 5.20 Size: 122104MB BusType: 11
15:34:05.174    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000007a
15:34:05.179    Disk 1 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 11
15:34:05.192    Disk 0 MBR read successfully
15:34:05.197    Disk 0 MBR scan
15:34:05.230    Disk 0 unknown MBR code
15:34:05.233    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
15:34:05.263    Disk 0 scanning C:\Windows\system32\drivers
15:34:12.172    Service scanning
15:34:24.398    Modules scanning
15:34:24.413    Disk 0 trace - called modules:
15:34:24.425    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys 
15:34:24.428    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d6dc060]
15:34:24.431    3 CLASSPNP.SYS[fffff88000e1943f] -> nt!IofCallDriver -> [0xfffffa800d446ac0]
15:34:24.434    5 amd_xata.sys[fffff88001121d00] -> nt!IofCallDriver -> \Device\00000079[0xfffffa800d0641f0]
15:34:24.681    AVAST engine scan C:\Windows
15:34:25.788    AVAST engine scan C:\Windows\system32
15:37:08.026    AVAST engine scan C:\Windows\system32\drivers
15:37:15.828    AVAST engine scan C:\Users\Luke
15:39:47.440    AVAST engine scan C:\ProgramData
15:41:57.951    Disk 0 statistics 4069851/0/0 @ 15.94 MB/s
15:41:57.956    Scan finished successfully
15:42:20.589    Disk 0 MBR has been saved successfully to "C:\Users\Luke\Desktop\MBR.dat"
15:42:20.598    The log file has been saved successfully to "C:\Users\Luke\Desktop\aswMBR_log.txt"
 
Attached File  MBR.zip   143bytes   0 downloads

 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 03 January 2016 - 03:35 PM

Both logs are clean.

Lets check further.--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • When instructed Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report"
  • Click on Export TXT button save the file as RogueReport.txt
  • The file RogueReport.txt will be saved in the desktop.
  • Close the program.
  • Open the file with Notepad and Copy/paste the content into your next reply.
<<<>>>

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • When instructed Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report"
  • Click on Export TXT button save the file as RogueReport.txt
  • The file RogueReport.txt will be saved in the desktop.
  • Close the program.
  • Open the file with Notepad and Copy/paste the content into your next reply.
<<<>>>

#13 korlat

korlat
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 03 January 2016 - 04:41 PM

I ran RogueKiller followed by rkill.

 

I did not run RogueKiller a second time, I wasn't sure if that was what you intended with your post as the instructions for it are copied twice. If you need me to run this again (after i have run rkill please let me know)

 

RogueKiller V11.0.5.0 [Dec 28 2015] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Luke [Administrator]
Started from : C:\Users\Luke\Desktop\RogueKiller.exe
Mode : Scan -- Date : 01/03/2016 21:35:13
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[Suspicious.Path|Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR (\??\C:\Users\Luke\AppData\Local\Temp\aswMBR.sys) -> Found
[Suspicious.Path|Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\Luke\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR (\??\C:\Users\Luke\AppData\Local\Temp\aswMBR.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\Luke\AppData\Local\Temp\aswVmm.sys) -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2699837047-3072591508-63386365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2699837047-3072591508-63386365-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Corsair Force GS SATA Disk Device +++++
--- User ---
[MBR] 79eb2513ed806e4c8332763d1f364250
[BSP] 90e48158a479bea0d96d381f92790a9b : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 468992 | Size: 121875 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WDC WD10 EZEX-08M2NA0 SATA Disk Device +++++
--- User ---
[MBR] 2b94adfdcbe72b38a2fc4fd0107ddc74
[BSP] 9fbc93b99174d4ae6dfc9105e8a8947c : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Generic STORAGE DEVICE USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
 
 
Rkill 2.8.3 by Lawrence Abrams (Grinler)
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/03/2016 09:38:11 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\DAODx.exe (PID: 3984) [WD-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 01/03/2016 09:38:31 PM
Execution time: 0 hours(s), 0 minute(s), and 19 seconds(s)
 


#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:14 PM

Posted 04 January 2016 - 08:52 AM



Your logs are clean.
There is nothing suspicious in your RogueKiller tool aswMBR was created by the tool we used previously.

===


Lets check further.

You will need to temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Click the Options in bold the following options are available to you.
Select only the check boxes for the options in bold.

Running Processes
Installed Programs
Startup Information
FireFox look
Chrome Look
Auto Clean


Do a Quick Scan
HijackThis log
Uninstall list
Shortcut Fix
Do a Deep Scan
Installer List
IE Default
Silent Runner
System Restore Info
Symlink Check
Reset Chrome
System Specs
Recently created
Empty Temp
Auto Clean



Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.
Do
Please attach the zoek-results.log in your reply. It's probably too long to post.

How to:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

Make sure you Enable your AV Program.

#15 korlat

korlat
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 04 January 2016 - 02:49 PM

zoek logs 

 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Luke on 04/01/2016 at 19:26:21.90.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luke\Desktop\zoek.exe [Scan all users]  [Checkboxes used]
 
==== Running Processes ======================
 
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUSTek Computer Inc\Disk Unlocker\ASPFSVS64.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.02.00\AsusFanControlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
F:\Games\Smite\HiPatchService.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
C:\Users\Luke\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe
C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
C:\Windows\servicing\TrustedInstaller.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Users\Luke\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
 
==== System Restore Info ======================
 
04/01/2016 19:28:43 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~3\DAEMON Tools Pro deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Luke\AppData\Roaming\Awesomium deleted successfully
C:\Users\Luke\AppData\Local\calibre-cache deleted successfully
C:\Users\Luke\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Luke\AppData\Local\EmieSiteList deleted successfully
C:\Users\Luke\AppData\Local\EmieUserList deleted successfully
C:\Users\Luke\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2699837047-3072591508-63386365-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A4668ECA-BCB6-4390-8825-AFD6645AE6ED} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Installed Programs ======================
 
Adobe Acrobat Reader DC  
Adobe Flash Player 10 ActiveX  
Adobe Refresh Manager  
AI Suite II  
AMD Accelerated Video Transcoding  
AMD APP SDK Runtime  
AMD Catalyst Control Center  
AMD Catalyst Install Manager  
AMD Drag and Drop Transcoding  
AMD Fuel  
AMD Media Foundation Decoders  
AMD Steady Video Plug-In   
AMD Wireless Display v3.0  
Apple Application Support (32-bit)  
Apple Application Support (64-bit)  
Apple Mobile Device Support  
Apple Software Update  
ARK: Survival Evolved  
Arma 2  
Arma 2: Operation Arrowhead  
Arma 2: Operation Arrowhead Beta (Obsolete)  
Arma 3  
Asmedia ASM104x USB 3.0 Host Controller Driver  
ASUS Boot Setting  
ASUS Product Register Program  
Battle.net  
BattlEye for OA Uninstall  
BattlEye Uninstall  
Bonjour  
Borderlands 2  
calibre 64bit  
Catalyst Control Center - Branding  
Catalyst Control Center Graphics Previews Common  
Catalyst Control Center InstallProxy  
Catalyst Control Center Localization All  
ccc-utility64  
CCC Help Chinese Standard  
CCC Help Chinese Traditional  
CCC Help Czech  
CCC Help Danish  
CCC Help Dutch  
CCC Help English  
CCC Help Finnish  
CCC Help French  
CCC Help German  
CCC Help Greek  
CCC Help Hungarian  
CCC Help Italian  
CCC Help Japanese  
CCC Help Korean  
CCC Help Norwegian  
CCC Help Polish  
CCC Help Portuguese  
CCC Help Russian  
CCC Help Spanish  
CCC Help Swedish  
CCC Help Thai  
CCC Help Turkish  
CCGLauncher version 0.0.0.9  
Chivalry: Medieval Warfare  
Chivalry: Medieval Warfare Beta  
Citrix online plug-in - web  
Citrix online plug-in (DV)  
Citrix online plug-in (HDX)  
Citrix online plug-in (USB)  
Citrix online plug-in (Web)  
CPUID ASUS CPU-Z 1.65  
Curse Client  
DayZ Commander  
Dead Island  
Diablo III  
Disk Unlocker  
Don't Starve Together Beta  
Dropbox  
Evolve  
Garry's Mod  
GauntletT   
Google Chrome  
Google Update Helper  
Hearthstone  
Hi-Rez Studios Authenticate and Update Service  
iCloud  
Insurgency  
iTunes  
Java 7 Update 60 (64-bit)  
League of Legends  
Left 4 Dead 2  
Logitech Gaming Software  
Logitech Gaming Software 8.53  
Magicka  
Malwarebytes Anti-Malware version 2.2.0.1024  
McAfee WebAdvisor  
McAfee© Total Protection  
Microsoft .NET Framework 4.5.2  
Microsoft Silverlight  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727  
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030  
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727  
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727  
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030  
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501  
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501  
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005  
Microsoft XNA Framework Redistributable 3.1  
Microsoft XNA Framework Redistributable 4.0  
Middle-earth: Shadow of Mordor  
OpenOffice 4.1.0  
Origin  
Raptr  
Razer Core  
Razer Synapse  
Realtek Ethernet Controller Driver  
Realtek High Definition Audio Driver  
RollerCoaster Tycoon 2: Triple Thrill Pack  
Security Update for Microsoft .NET Framework 4.5.2 (KB2978128)  
Security Update for Microsoft .NET Framework 4.5.2 (KB3023224)  
Security Update for Microsoft .NET Framework 4.5.2 (KB3035490)  
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)  
Security Update for Microsoft .NET Framework 4.5.2 (KB3074230)  
Security Update for Microsoft .NET Framework 4.5.2 (KB3074550)  
Security Update for Microsoft .NET Framework 4.5.2 (KB3097996)  
Security Update for Microsoft .NET Framework 4.5.2 (KB3098781)  
Serious Sam 3: BFE  
Sid Meier's Civilization V  
SkypeT 6.16  
Smite  
Space Engineers  
STAR WARST BattlefrontT Beta  
Steam  
TeamSpeak 3 Client  
Terraria  
The Room  
The SimsT 4  
Theme Hospital  
World of Warcraft  
Worms Clan Wars  
Worms Revolution  
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Users\Luke\AppData\Roaming\calibre deleted
C:\PROGRA~3\Package Cache deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
 
==== Orphaned Tasks deleted from Registry ======================
 
ASUS\ASUS WiFi GO Server Execute deleted
Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse deleted
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
==== Startup Registry Disabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApplePhotoStreams]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ApplePhotoStreams"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS AiChargerPlus Execute]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ASUS AiChargerPlus Execute"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\InstallShield Installation Information\\{E6931688-DA2B-4E16-8539-3D323D69C677}\\AiChargerPlus.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASUS WiFi GO! FileTransfer Execute]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ASUS WiFi GO! FileTransfer Execute"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\ASUS\\AI Suite II\\Remote GO!\\AssistTools\\WiFile\\WiFileTransfer.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConnectionCenter]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ConnectionCenter"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Citrix\\ICA Client\\concentr.exe\" /startup"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dropbox Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dropbox Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\Luke\\AppData\\Local\\Dropbox\\Update\\DropboxUpdate.exe\" /c"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iCloudDrive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iCloudDrive"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\iCloudDrive.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iCloudServices]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iCloudServices"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Common Files\\Apple\\Internet Services\\iCloudServices.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"F:\\itunes\\iTunesHelper.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Launch LCore]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Launch LCore"
"hkey"="HKLM"
"command"="C:\\Program Files\\Logitech Gaming Software\\LCore.exe /minimized"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Raptr]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Raptr"
"hkey"="HKLM"
"command"="C:\\PROGRA~2\\Raptr\\raptrstub.exe --startup"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Razer Synapse]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Razer Synapse"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Razer\\Synapse\\RzSynapse.exe\""
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDVCPL"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Realtek\\Audio\\HDA\\RtkNGUI64.exe\" -s"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\AMD\\ATI.ACE\\Core-Static\\amd64\\CLIStart.exe\" MSRun"
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Luke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
"path"="C:\\Users\\Luke\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"
"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Luke\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup"
"item"="Dropbox"
 
 
==== Startup Folders ======================
 
2015-12-28 19:38:05 1131 ----a-w- C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2699837047-3072591508-63386365-1000Core.job --a------ C:\Users\Luke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [21/06/2015 11:38]
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2699837047-3072591508-63386365-1000UA1d0c2fa7f304b92.job --a------ C:\Users\Luke\AppData\Local\Dropbox\Update\DropboxUpdate.exe [21/06/2015 11:38]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/08/2015 19:10]
C:\Windows\tasks\GoogleUpdateTaskMachineCore1d0004592af4f21.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/08/2015 19:10]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/08/2015 19:10]
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d093f997ba4d9c.job --a------ [Undetermined Task]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-2699837047-3072591508-63386365-1000Core" [C:\Users\Luke\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-2699837047-3072591508-63386365-1000UA1d0c2fa7f304b92" [C:\Users\Luke\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1d0004592af4f21" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1d093f997ba4d9c" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse" [C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\21.0\mcdatrep.exe]
"C:\Windows\SysNative\tasks\McAfee Remediation (Prepare)" [C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe]
"C:\Windows\SysNative\tasks\McAfeeLogon" [C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS AI Suite II Execute" [C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS Network iControl Help Execute" [C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe]
"C:\Windows\SysNative\tasks\ASUS\ASUS Product Register Service" [C:\Program Files (x86)\ASUS\APRP\aprp.exe]
"C:\Windows\SysNative\tasks\ASUS\RunDAOD" [C:\Windows\DAODx.exe]
"C:\Windows\SysNative\tasks\ASUS\USB 3.0 Boost Service" [C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [23/11/2015 11:53]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [23/11/2015 11:53]
 
==== Chromium Look ======================
 
Google Chrome Version: 46.0.2490.86
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[02/12/2015 10:37]
 
Reverse Youtube Playlist - Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhonbaagcobjdmbocblbebcmbmmbfmi
YouTube - Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
SiteAdvisor - Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Chrome Web Store Payments - Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
selector is not a valid CSS selector - Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
SiteAdvisor - Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Docs Offline - Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chromium Fix ======================
 
C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{A4668ECA-BCB6-4390-8825-AFD6645AE6ED}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A4668ECA-BCB6-4390-8825-AFD6645AE6ED}] not found
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=43 folders=45 35877789 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Luke\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Luke\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 04/01/2016 at 19:43:59.13 ======================
 

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users